Sep 29

Stuxnet computer code designed to infect industrial plants created by well-funded hackers, says Symantec Corp expert

Graph shows concentration of Stuxnet-infected computers in Iran as of August. Photograph: Symantec

A powerful computer code attacking industrial facilities around the world, but mainly in Iran, was probably created by experts working for a country or a well-funded private group, according to an analysis by a leading computer security company.

The malicious code, called Stuxnet, was designed to go after several “high-value targets”, said Liam O Murchu, manager of security response operations at Symantec Corp. But both O Murchu and US government experts say there is no proof it was developed to target nuclear plants in Iran, despite recent speculation from some researchers.

Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers. Government experts and outside analysts say they haven’t been able to determine who developed it or why.

The malware has infected as many as 45,000 computer systems around the world. Siemens AG, the company that designed the system targeted by the worm, said it has infected 15 of the industrial control plants it was apparently intended to infiltrate. It is not clear what sites were infected, but they could include water filtration, oil delivery, electrical and nuclear plants.

None of those infections has adversely affected the industrial systems, according to Siemens.

Continue reading »

Tags: , , , , ,

Nov 19

A little help on security from the NSA. (Robyn Beck/AFP/Getty Images)

The National Security Agency has been working with Microsoft Corp. to help improve security measures for its new Windows 7 operating system, a senior NSA official said on Tuesday.

The confirmation of the NSA’s role, which began during the development of the software, is a sign of the agency’s deepening involvement with the private sector when it comes to building defenses against cyberattacks.

“Working in partnership with Microsoft and (the Department of Defense), NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide without constraining the user’s ability to perform their everyday tasks,” Richard Schaeffer, the NSA’s Information Assurance Director, told the Senate Judiciary Committee in a statement prepared for a hearing held this morning in Washington. “All this was done in coordination with the product release, not months or years later in the product cycle.”

The partnership between the NSA and Microsoft is not new.

In 2007, NSA officials acknowledged working with Microsoft during the development of Windows Vista to help boost its defenses against computer viruses, worms and other attacks. In fact, the cooperation dates back to at least 2005, when the NSA and other government agencies worked with Microsoft on its Windows XP system and other programs.

The NSA, which is best known for its electronic eavesdropping operations, is charged with protecting the nation’s national security computing infrastructure from online assaults.

Continue reading »

Tags: , , , , , , , , , , , , ,