According to a report from Yonhap News Agency, South Korea has announced its intention to create a sophisticated cyberwarfare virus designed to undermine North Korea's advancing nuclear program. The Ministry of Defense in putting forward its proposal to the South Korean Parliamentary Defense Committee, stated that it would attempt to design the cyber weapon on the Stuxnet model.

The Stuxnet virus is a complex and erratic threat with far-reaching implications. Professor Alan Woodward, a computer security expert at the University of Surrey, stated in an article he posted on The Conversation that “Stuxnet’s collateral impact continues to be felt today, years after the original attack." Stuxnet represents the first cyberweapon designed to attack and manipulate real-world infrastructure.

The virus is designed to re-write industrial control systems such as those used in power plants and the type used to control uranium enrichment centrifuges, needed to create the raw materials necessary to fabricate a nuclear bomb.

The origins of the Stuxnet virus were never confirmed, however due to the large quantity of resources poured into its development and its subsequent target (Iran), it has been speculated that Stuxnet was created by a nation state.

Stuxnet at work

The virus operates by finding and rewriting the code of programmable logic controllers (PLCs). These PLCs operate the industrial control systems that are the focus of the attack. Before the system can be infected with the virus, the creators must carry out reconnaissance in order to acquire certain architecture files needed to tailor the Stuxnet worm to the intended PLC, each of which are configured in a unique manner.

Once Stuxnet has been introduced to the target system, the virus then gets to work in attempting to locate a specific class of computer known as a Field PG, which is a specialized Windows computer used to program the PLCs.

The virus can only locate these specialized consoles either through a LAN or through the use of removable drives, as the various units are unlikely to be directly networked. Once the virus has found its target, it will rewrite the device according to the purpose of its creator, while also hiding alterations from the computers operator via a specialized rootkit.

The dangers of releasing the weapon

The dangers of using such a system are myriad, both to the targeted state and to its creator. It is also a difficult weapon to utilize. If a system is important enough to expend the considerable resources required to infect with a Stuxnet-like virus, such as a military or nuclear facility, it is also most likely well-protected. As was mentioned earlier, the code requires reconnaissance for the acquisition of certain architecture files required to tailor the virus to the job at hand.

Such a facility will most likely have no active internet connection, requiring either direct infiltration with a flash drive, or for another virus to be unwittingly uploaded by a third party, allowing the code to locate the required files and return them to its creators. For the South Koreans to achieve this against a highly-controlled authoritarian state would be next to impossible.

Similarly there are difficulties in introducing the completed virus to its target environment. Due to the security restrictions mentioned above, the virus would have to be delivered in the same manner as the reconnaissance code, via infiltration or a third party.

Professor Woodward highlighted another possible repercussion of using the weapon, stating that “When you use a weapon against an adversary and it is not destroyed, you have effectively given it the weapon to re-use elsewhere." Unlike a bomb or any other form of conventional weapon, once the Stuxnet virus is found it is completely intact, allowing the enemy to study the code and re-purpose it to attack its creators. Whilst South Korea may succeed in setting back the North's nuclear program, it may also give its rival a weapon which could cripple its own more advanced infrastructure.

Another issue with the use of a Stuxnet-like cyberweapon is its proliferation outside of the intended target system. The virus is designed to self-replicate in order to find the Field PG required to complete its task. However, the type of Field PG it seeks is also put to use in power plants and water treatment facilities.This means that if the virus were to escape its target environment (as it inevitably would) it would rewrite and subvert the control systems of these vital facilities. This was found to be the case in Iran, the nation targeted by the original Stuxnet virus.

Whilst the covert nature of such a weapon is likely to limit the availability of further information on its development, Gizmag will provide any updates on the status of the virus.

Source: Yonhap News Agency