The attack exploits up to five previously unknown vulnerabilities within computer software and systems. Equally alarming, Stuxnet carried digitally signed certificates. It is the first known program to deliberately target the control systems for industrial facilities. “To find five [exploits] in one piece of software is a significant piece of engineering,” Mr Scroggie said. The report, to be published internationally today, comes amid warnings by Microsoft’s chief executive, Steve Ballmer, that the Stuxnet worm had the capacity to harm world economic development and the Iranian Foreign Ministry reigniting claims that the West had unleashed the worm to undermine Iran’s nuclear program. In all of last year, it is believed only 12 such vulnerabilities were unearthed. The report, commissioned by the computer security giant Symantec, surveyed 1580 companies globally connected with critical infrastructure such as banks, emergency services, telecommunications and utilities. The findings show nowhere is immune. Attacks on critical infrastructure in Australia are not unknown. could erode a pillar of trust for all software. In 2000, a disgruntled employee, Vitek Boden, rerouted sewage in Maroochy Shire, Queensland, and sent 800,000 litres of raw effluent into local parks and rivers. The people behind Stuxnet are believed to have stolen the necessary certificates, a move that? Typically, hackers exploit a single security hole before it can be patched. As elsewhere, the 150 Australian businesses surveyed cited attacks that tried to steal information, degrade computer networks, manipulate physical equipment through software and destroy electronic data. “Attacks on critical infrastructure are real, and more and more companies believed they are politically motivated, that they’re increasing in frequency,” said Symantec’s vice-president for the Pacific, Craig Scroggie. The government or cyber criminal gang responsible for the worm remains a mystery. Under normal conditions, these are considered a guarantee of a computer program’s authenticity. In January this year the defence minister, John Faulkner, said the Defence Department had detected up to 2400 attempted cyber attacks on government systems last year. Symantec has previously estimated the Stuxnet attack required up to 10 experts working for six months to produce a worm of such sophistication. Even for a cyber attack, the Stuxnet worm is unusually toxic.
Those figures, though, are only a start. THE Stuxnet computer worm that appears aimed at undermining Iran’s nuclear program is part of a worsening phenomenon. A global survey of such attacks – rarely acknowledged in public because of their potential to cause alarm – found companies estimated they had suffered an average of 10 instances of cyber war or cyber terrorism in the past five years at a cost of $US850,000 ($880,000) a company. Half of all companies running “critical infrastructure” systems worldwide say they have sustained politically motivated attacks. Nearly half of the companies surveyed were convinced the volume and virulence of the attacks will escalate.
Advertisement: Story continues below