Home Stuxnet, GitHub and a Worm with Cloak and Dagger Written All Over It

Stuxnet, GitHub and a Worm with Cloak and Dagger Written All Over It

Some variety of Stuxnet is on GitHub. Crowdleaks posted the code but it’s uncertain if its the actual source or that of code posted by an organization possibly working on behalf of a government organization.

Stuxnet, as you may recall, is a virus that targets industrial control systems. It’s already been given credit for disrupting Iran’s nuclear program. We wrote recently how you can protect your organization from a Stuxnet attack.

Crowdleaks posted the Stuxnet file, which was discovered in a cache of internal emails that a group known as Anonymous posted from HBGary Federal, a software security company. According to reports, HBGary planned to reveal the names of several people tied to Anonymous, a group known for its Web-based attacks. In response, Anonymous hacked into HBGary and posted 27,000 emails from the company.

What the emails reveal is perhaps the most compelling aspect to this story. Reading through it, there are references that show how HBGary referenced Stuxnet in context to the US. Government:

from: David D. Merritt
to: Aaron Barr
date: Sun, Oct 3, 2010 at 9:35 PM
subject: Re: Hunter Killer Insanity 285mailed-bygmail.com
hide details 10/3/10
contacts over at TSA say that everybody has a copy…combine that with US CERTs vulnerability status and their own systems not meeting the spec….
i’m seeing TSA becoming a malware testbed…
Aaron Barr responds:
On Oct 3, 2010, at 10:13 PM, Aaron Barr wrote:
> Dave,
> We haven’t but I would be interested to talk to you some about the tie. I do have a decent amount of information on Stuxnet and would be interested to hear about the tie. Some of what I know about Stuxnet might be of interest. I think it would be best to discuss in a more closed space though.
> In doing a little research:
> http://diocyde.wordpress.com/2010/03/12/ringy-ringy-beacon-callbacks-why-dont-you-just-tell-them-their-pwned/
> While this guy can be a bit of a crackpot at times his post has more validity than fiction. Greg and I have brainstormed a bit in the past on how to conduct such an attack that would be very difficult to detect. Autonomous, single purpose malware with no C&C. As we have said the battle is on the edges either source of destination, everything else is or will become somewhat irrelevant or diminished in value.
> Aaron Barr
> HBGary Federal, LLC
> 719.510.8478

For now, the code on GitHub appears to be unremarkable.


Crowdleaks.org had a software engineer (whose name has been withheld) look at the Stuxnet binaries inside of a debugger and offer some insight on the worm. She informed us that most of the worms’ sources were using code similar to what is already publically available. She noted that the only remarkable thing about it was the 4 windows 0 days and the stolen certificates.

She says:

“A hacker did not write this, it appears to be something that would be produced by a team using a process, all of the components were created using code similar to what is already publically available. That is to say it’s ‘unremarkable’. This was created by a software development team and while the coders were professional level I am really not impressed with the end product, it looks like a picture a child painted with finger paints.”

When asked what type of organization likely wrote it, she stated:

“Probably a corporation by request of a government, it was clearly tested and put together by pro’s. It really looks like outsourced work.”

Stuxnet has reached into the increasingly cloak and dagger world of cyber espionage. Its potential to disrupt is considerable. This story is only beginning to unfold.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.