The Threat: Homemade Cyberweapon Worries US Federal Officials

The Threat: Homemade Cyberweapon Worries US Federal Officials
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Security researchers Dillon Beresford and Brian Meixell recently developed a cyberweapon similar to the Stuxnet computer worm that disrupted Iran’s nuclear program computer systems last year. The researchers’ ability to develop the program working at home on laptops has raised concerns at the U.S. Department of Homeland Security (DHS), which has asked the researchers to cancel their planned presentation of the technology at a computer security conference next week.

DHS officials are worried that if the researchers’ method is made public, other hackers will replicate the malicious software and cripple federal computer controls. The software was tested on equipment made by Siemens, and while Beresford worked with DHS officials on ways to protect industrial computer programs, he says Siemens’ officials have been slow to respond to the hole in their security systems.

“They requested that I not share the data, but it was absolutely my decision to cancel,” Beresford says. The researchers’ work is alarming because experts initially believed that it would take significant resources and access to detailed information on the intended target to duplicate the Stuxnet worm.”

Considering the description of the presentation to be given by Beresford, it’s not surprising that it was canceled:

“The description of the presentation, entitled “Chain Reactions–Hacking SCADA,” reads: “Combining traditional exploits with industrial control systems allows attackers to weaponize malicious code, as demonstrated with Stuxnet. The attacks against Iran’s nuclear facilities were started by a sequence of events that delayed the proliferation of nuclear weapons.

“We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state,” the description continues. “We will also present how to write industrial grade malware without having direct access to the target hardware. After all, if physical access was required, what would be the point of hacking into an industrial control system?”

Sources: Washington Post via ACM TechNews / Dark Reading

Photo Credit: Hackers By José Goulão /FlickR