Um...why isn't a bigger fuss being made about "sophisticated [and probably state-sponsored] malicious software program that has infiltrated factory computers"?

The New York Times Bits blog says:

The technology industry is being rattled by a quiet and sophisticated malicious software program that has infiltrated factory computers.

The malware, known as Stuxnet, was discovered in mid July, at least several months after its creation, by VirusBlokAda, a Belarussian computer security company that was alerted by a customer.

Security experts say Stuxnet attacked the software in specialized industrial control equipment made by Siemens by exploiting a previously unknown hole in the Windows operating system. The malware marks the first attack on critical industrial infrastructure that sits at the foundation of modern economies.

It also displays an array of novel tactics like an ability to steal design documents or even sabotage equipment in a factory that suggest its creators are much more sophisticated than hackers whose work has been seen before. The malware casts a spotlight on several security weaknesses.

Eric Chien, the technical director of Symantec Security Response, a security software maker that has studied Stuxnet, said it appears that the malware was created to attack an Iranian industrial facility. Security experts say that it was likely staged by a government or government-backed group, in light of the significant expertise and resources required to create it.

Does this seem like a minor inconvenience to you? Ominous portent? So we’ve got “the first attack on critical industrial infrastructure that sits at the foundation of modern economies.” And: “The specific facility that was in Stuxnet’s crosshairs is not known, though speculation has centered on gas and nuclear installations.” Not a front-page story?

About these ads