"We have not seen anything like this before aimed directly at the industrial control system environment," says Walt Boyes, a control systems security expert and editor in chief of Control magazine. "It's a clear-cut case of industrial espionage. We don't know its ultimate aim yet." But, he says, the attack is aimed specifically at the company that sells the lion’s share of industrial automation software to the electric power sector in North America and Western Europe. "That's really scary," Mr. Boyes adds.
USB memory stick the tool of choice
The spyware, dubbed the Stuxnet worm by Microsoft, uses the lowly, ubiquitous USB memory stick as its delivery vehicle. But others say it also has the attributes both of a “trojan” program that gains command of a system and of a virus that replicates. When an infected stick is plugged into a computer, the spyware instantly and almost invisibly loads itself onto that computer's system. In a never-before-seen twist, it does this without the user taking any action or clicking on any button. The spyware then creates a secret "back door" for the attacker to access and control the computer remotely, say computer security experts.
But what makes security experts' hair stand on end is what the cyber-spy program does next. It searches the victim computer for the database of a supervisory control and data acquisition (SCADA) software program created by Siemens, the electronic control systems giant. That specialized software is used to run chemical plants and factories – as well as electric power plants and transmission systems worldwide.