Find us on
 |
 |
 |
 |
 |
Past Programs
 |
Keynote: Securing IT in Healthcare: Part III |
 |
Keynote: SITH3, Technology-Enabled Remote Monitoring and Support |
 |
Intersection of mHealth and Behavioral Health |
Newsletter
ISTS Information Pamphlet
 |
In June 2010 a small security firm in Belarus discovered a computer worm that had infected a computer in Iran and was rapidly spreading to other machines inside and outside the country. The worm used an ingenious zero-day exploit to infect the system, but other than this it appeared on its surface to be a typical piece of malware designed for corporate espionage.
But as digital detectives dug through the code and began to reverse-engineer its commands, they discovered it was much more sophisticated than previously believed and had a much more insidious goal – Stuxnet was a digital weapon aimed at sabotaging Iran's nuclear program. Specifically, the worm was designed to silently manipulate Iran's centrifuges in order to degrade uranium the country was enriching.
The sophistication of Stuxnet aside, the code was a landmark piece of malware for two reasons. It was the first cyberweapon ever discovered in the wild and it was the first time anyone had seen digital code being used to physically destroy something in the real world. Hollywood had imagined such a scenario years earlier in a Die Hard flick. Now fact had caught up with fiction.
Stuxnet is believed to have damaged more than 1,000 centrifuges at Iran's uranium enrichment plant, but its cost-benefit ratio is still being debated. The attack required an enormous amount of resources to produce, and while it may have helped set Iran's program back to a degree, it also altered the landscape of cyberattacks. Stuxnet's authors mapped a new frontier that other attackers are bound to follow; and the next target for sabotage could easily be a nuclear facility in the United States.
In this talk, I'll be discussing how Stuxnet was designed and unleashed on computers in Iran, what made it so unique and sophisticated and why critical infrastructure systems in the U.S. and elsewhere are now at risk of "blowback" and copycat attacks thanks to the authors of Stuxnet. What vulnerabilities did Stuxnet expose in our own infrastructure, and is there anything we can do to patch those before a copycat attack occurs in the U.S.?
Kim Zetter is a senior reporter and award-winning journalist who covers privacy, security, cybercrime and civil liberties. In 2010, she was voted one of the top ten security reporters in the nation by peers and security industry heavyweights.
She has broken numerous stories over the years and has been a frequent guest on TV and radio, including CNN, ABCNews, NPR, PBS's Frontline and NewsHour, and Public Radio International's Marketplace.
In 2007 she wrote a groundbreaking three-part story on the cybercriminal underground, which was the first to fully expose the world of online carding markets and the players behind them. The piece was told through the eyes of a carder and grifter named David Thomas who ran an online carding forum undercover for the FBI for 18 months after he was arrested.
In 2010, she and a colleague broke the story about the arrest of Bradley Manning, the former Army intelligence analyst accused of leaking millions of classified U.S. government documents to the secret-spilling site WikiLeaks. They've continued to break news with continuing developments.
Last year, she wrote an extensive feature about the landmark Stuxnet computer worm, a sophisticated piece of malware that was designed to sabotage Iran's uranium enrichment program. The worm was the first cyberweapon found in the wild and is the first piece of malware aimed at causing physical destruction. She is currently working on a book about Stuxnet and its implications.
She was a finalist for an Investigative Reporters and Editors award in 2005 for a series of investigative pieces she wrote about security problems with electronic voting machines and the controversial companies that make them.
She has been covering computer security and the hacking underground since 1999, first for PC World magazine, where she was an editor, and then for Wired, where she has been reporting since 2003 and is currently a senior staff reporter.
