Monday, July 18, 2011

The Risk of Random Stuxing

Last week I did a blog post where I discussed in some detail how a Stuxnet-like attack could be used to disrupt operations at a chemical facility. While I noted that this type of stuxing would not require as much process knowledge as the classic Stuxnet attack, it is still a fairly sophisticated attack mode (at least until stuxing tools become readily available). So, since the result of a simple stuxing attack is not usually spectacular or maybe even not readily recognizable as an attack, why would any one bother to execute such an attack? As with most types of cyber attacks there could be a number of different motivations in play.

Hacker Status

Let’s never forget the most basic motivation for a cyber attack, hacker status. It’s been years (okay, decades) since I personally knew a hacker, but it is apparent that one of the basic motivations for many (if not most) of them is simply the desire to be recognized by their peers to be the first, the fastest or what ever –st. As always, the more complex the challenge the more status is to be gained from achieving the goal.

With everyone in the cyber world talking about the size and complexity of the team that developed Stuxnet, there is obviously a substantial challenge to be the first individual to turn this complex attack into a hacker toolbox item. The identity of the first target really doesn’t make a difference, so it will probably a readily accessible target to be hit first. After that it will be a matter of ringing up successful attacks on increasingly difficult targets.

Even after the next level of complexity has been reached the stux attack will remain a measure of advancement in the hacker world particularly as advanced defenses against the attack mode are developed. We will continue to hear about successful attacks for years to come.

Financial Gain

As if the pure hacker threat wasn’t bad enough the problem of extortionists using this type of attack cannot be discounted. Since the affects that I outlined in my earlier blog are more financial than anything else, the random-stux attack mode certainly lends itself to criminal elements using this as a source of money. The criminal organization infects the system causes some batch upsets and then offers to turn-off the attack for a fee.

The economics of this type attack are very complex. The earlier in the attack development cycle described above that criminal elements can adapt the stux attack the more likely they are to make good money from it. Early in the attack cycle large organizations may be more likely to buy time, but as defenses become more available larger organizations are more likely to have the sophisticated cyber support necessary to employ those defenses and responses.

As the attack cycle progresses smaller facilities will be come the more likely targets because of the generally lower technical sophistication of in-house support personnel. The per attack financial return will be lower, but there will still be substantial profits possible because the lowering cost of conducting the attacks will make it easier to attack a larger number of facilities.


The lack of a spectacular result from a random-stux attack would seem to make it a poor attack mode for the typical terrorist organization. There are, however, two major exceptions to that truism; anarchist and hacktivist organizations may find this to be a very desirable attack mode.

Anarchists may find this to be an almost ideal tool in their fight against multi-national corporations. It would allow them to disrupt production and exact a financial impact on these organizations with minimal threat to the safety of employees and the surrounding community. It would allow them to conduct their attacks from the relative anonymity of the internet while still clearly marking their targets.

Recent years has seen the rise of the hacktivist organization. While many of these are clearly cyber anarchists we are seeing more of them taking up more conventional social and political causes. A recent article at noted that the hacktivist organization Anonymous has declared their intention to take on ‘Big Oil’ over the exploitation of the Alberta Oil Sands and to attack Monsanto over their ‘business practices’.

The combination of any of a number of different causes (animal rights, anti-abortion, global warming, racial/social purity, pollution prevention, environmental equality, and even labor disputes are all potential examples) with people that have the clear technical expertise necessary to develop this stux-attack mode may make a wide variety of hacktivist organization the most likely source of these attacks in the near future.

No comments:

/* Use this with templates/template-twocol.html */