Stuxnet is not as clever as we thought

While the rest of the world+dog has been praising the writers of the Stuxnet virus for being jolly clever, a bunch of hackers is not so certain.

Stuxnet was rumoured to have been penned by some of the finest hackers that the US and Israel could come up with. Certainly it was effective at bringing down the Iranian nuclear programme.

But in a talk at the Black Hat DC conference, Tom Parker, a security consultant, claimed that there were too many errors in the code for it to have been written by any real genuis.

According to Wired he thinks that Stuxnet was worked out by two disparate groups. One was jolly clever and that wrote most of the codes and exploits. Then there was a less sophisticated group that may have adapted the tool and appeared to have used a hammer on the screws.

If it had not been for the dumber hackers Stuxnet could well have been far more effective and difficult to detect had the attackers not made a few elementary mistakes.

Parker wrote a tool that analysed similarities between the Stuxnet code and the code of some other well-known worms and applications. He said in comparison to what was out there the code was fairly low quality. But it was clearly the work of more than one person.

Whoever did this needed to know WinCC programming, Step 7, they needed platform process knowledge, the ability to reverse engineer a number of file formats, kernel rootkit development and exploit development.

It was for this reason that many analysts to thought that Stuxnet could only be the work of a well-funded, highly skilled group such as an intelligence agency or other government group.

But Parker noted that an elite group would not have made some of the mistakes to the command-and-control mechanism. This was poorly done and sent its traffic so that the worm ended up propagating on the Internet. It did not need to do this to take out the nuclear programme and in doing so it revealed who did it.

He thinks that Stuxnet was developed originally on contract and then once it was handed off to the end user, that group adapted it by adding the C&C infrastructure and perhaps one of the exploits too.