Some Lessons to be Learned from Stuxnet

There’s a lot of talk going around about the Stuxnet worm, who may have created it, how it spread, and why. The reality is that it boils down to “human nature”. It’s human nature to be curious, which is probably what started the infection in the first place. The main theory is that someone dropped an infected USB thumb drive in a place where their “target” would find it. Curiosity about what was on the drive prompted the “target” to infect their computers. And so on and so on.

It’s time to retrain human nature again. This could have been prevented if three simple rules had been in place (and followed).

  1. Do not insert thumb drives in any company computer unless you either a) pulled it out of the shrink-wrap yourself or b) know the person who pulled it out of the shrink-wrap.
  2. Do not insert thumb drives into your company computer that have been inserted into any NON-company computer (this includes your home computer)
  3. Do not insert anything into a SCADA or other “non-Internet” or “special networked” computer that is not directly authorized by your company.

Now I realize that it’s hard (if not impossible) to change human nature. And I realize that no Company Policy in the world will change human nature. Let me ask you this though: When is the last time that your company warned you about picking up USB Thumb Drives (or anything else like that) and putting them in company computers? Along that line, did they just say “Don’t do it” or did they tell you about the risks?

It’s time to rethink and retrain our human nature. After all regardless of who created Stuxnet, they counted on human nature to get the infection rolling. They had to get it inside of the target network, and most likely a USB Thumb Drive was the way to go. They didn’t even have to get it near their target, because they knew the person who initially found the drive would infect their computers (and consequently any thumb drives that they inserted into those computers). And that’s all it would take.

At the very least, if you can’t stop Human Nature, then mitigate it. Either figure out a way to run the thumb drive in a sandbox, or run it on an operating system (like Mac OS or Linux) that isn’t easily infected.

Also it should be noted that if the virus is implanted on the drive at the manufacturer’s level, then it won’t matter who unwrapped it from the packaging. But, that’s a very rare situation (only a handful of cases have been made public).

Have a great day:)
Patrick.

Leave a Reply

Your email address will not be published. Required fields are marked *