Share

Top 5 Stories

News

DIY manual: Researchers tell hackers how to carry out Stuxnet attack

06 April 2012

Digital Bond, the group of researchers dedicated to exposing security flaws in industrial control systems, is advising would-be hackers how to carry out a Stuxnet-type attack against a programmable logic controller (PLC) used to control critical infrastructure systems.

The exploit of the Modicon Quantum PLC, which is made by Schneider Electric, can be carried out in a two-step process. First, anyone with logical access can download the existing ladder logic/program on the PLC, explained Dale Peterson in a blog. Ladder logic is programming language that represents circuits of relay logic hardware on a graphical diagram that appears similar to a ladder; it is used to develop PLC software.

This is a process similar to the one used by the Stuxnet attackers to disrupt the Iranian nuclear fuel enrichment facility at Natanz, explained Peterson.

“The Stuxnet creators had full knowledge of the process at Natanz. They may have had an inside source who gave it to them, but an attacker can also download the existing program from the PLC. It then depends on how much time and process engineering and domain talent they have to modify the ladder logic. Obviously the Stuxnet team had a lot of talent and time…but an attacker could choose a much more blunt instrument approach”, he observed.

“A sophisticated attacker would probably take the downloaded ladder logic from a Quantum PLC, load it in their own copy of Unity and modify it. An attacker who just wanted to make things stop working would just create nonsense or blank ladder logic to make things stop working”, he added.

For the second step, anyone with logical access can upload their own rogue ladder logic/program to the PLC to replace the legitimate program. This step is “identical to the Stuxnet end game in that it loads rogue ladder logic to the PLC”, Peterson said.
 

This article is featured in:
Application Security  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×