Skip to: Content
Skip to: Site Navigation
Skip to: Search

Stuxnet spyware targets industrial facilities, via USB memory stick

Beware the USB memory stick. Infected sticks are the means by which a mystery spyware, dubbed Stuxnet, is penetrating control systems of industrial facilities and utilities around the globe, say cybersecurity experts.

By Staff writer / July 23, 2010

A USB memory stick is the preferred delivery vehicle for the Stuxnet spyware worm, which has launched a sophisticated attack on industrial computer systems worldwide.



Cyberspies have launched the first publicly known global attack aimed at infiltrating hard-to-penetrate computer control systems used to manage factory robots, refineries, and the electric power grid.

Skip to next paragraph

The ultrasophisticated attack was discovered last week, but information about it – including the full range of capabilities of the espionage software – continues to emerge. The spyware had spread for at least a month undetected and has already penetrated thousands of industrial computer systems in Iran, Indonesia, India, Ecuador, the United States, Pakistan, and Taiwan, according to a Microsoft analysis.

The attack is part of a sophisticated new wave of industrial cyberespionage that can infiltrate corporate systems undetected and capture the "crown jewels" of corporations – proprietary manufacturing techniques that are worth billions, experts say. It's significant, too, because of its potential to infiltrate and commandeer important infrastructure, such as the power grid.

No one knows who's behind it. Cybersecurity analysts aren't even sure yet what the spyware's creators intend it to do to those industrial systems. The intent could be to sell corporate proprietary secrets – or to seek an advantage over the US in some future assymetric conflict, such as a cyberwar.

"We have not seen anything like this before aimed directly at the industrial control system environment," says Walt Boyes, a control systems security expert and editor in chief of Control magazine. "It's a clear-cut case of industrial espionage. We don't know its ultimate aim yet." But, he says, the attack is aimed specifically at the company that sells the lion’s share of industrial automation software to the electric power sector in North America and Western Europe. "That's really scary," Mr. Boyes adds.

USB memory stick the tool of choice

The spyware, dubbed the Stuxnet worm by Microsoft, uses the lowly, ubiquitous USB memory stick as its delivery vehicle. But others say it also has the attributes both of a “trojan” program that gains command of a system and of a virus that replicates. When an infected stick is plugged into a computer, the spyware instantly and almost invisibly loads itself onto that computer's system. In a never-before-seen twist, it does this without the user taking any action or clicking on any button. The spyware then creates a secret "back door" for the attacker to access and control the computer remotely, say computer security experts.

But what makes security experts' hair stand on end is what the cyber-spy program does next. It searches the victim computer for the database of a supervisory control and data acquisition (SCADA) software program created by Siemens, the electronic control systems giant. That specialized software is used to run chemical plants and factories – as well as electric power plants and transmission systems worldwide.

The only thing known for sure about the attackers' goals is that the software attempts to harvest data from a history database within the Siemens software – and send it to servers on the Internet. How successful it has been in doing this isn’t known. In a statement on its website, Siemens said Friday that "we know of two cases worldwide where a WinCC computer has been infected. A production plant has so far not been affected." The company is trying to determine if the spyware, besides attempting to send process and production data, "is able to send or delete system data, or change system files."