Stuxnet - United States tried to use it against North Korea too, report claims

MissileInteresting report by Joseph Menn of Reuters:

The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea's nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.

The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran's nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

According to one U.S. intelligence source, Stuxnet's developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.

But U.S. agents could not access the core machines that ran Pyongyang's nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program.

By the sound of things this wasn't actually the Stuxnet worm, but a different piece of malware (perhaps sharing similar code) that was specifically targeting North Korean systems.

The Reuters report claims that a key reason the attack on North Korea's nuclear programme failed was because - unlike Iran - the country was too disconnected from the rest of the net.

Of course, it is - as usual - unnamed sources who contribute to this report. Which isn't perhaps surprising when you consider how upset the White House was over their involvement in the Iranian Stuxnet attack leaking out.

The NSA has declined to comment on the claims of an attack on North Korea. But then it dodged answering questions about the United States' malware campaign against the Natanz nuclear facility in Iran too.

Isn't an odd world where America can get seriously uppity over allegations North Korea hacked a movie company, but may have been secretly attempting something much more serious against North Korea's own nuclear programme?

What should a country take more seriously - attacks against systems involved in nuclear weapons programs, or hacks that break into an entertainment company and reveal what executives think of Angelina Jolie?

Of course, let's not be fooled. I would be surprised if any advanced country wasn't using malware to spy across the internet on their enemies (and sometimes even their friends).

Further reading: U.S. tried Stuxnet-style campaign against North Korea but failed - sources

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , ,

One Response

  1. Coyote

    May 30, 2015 at 8:00 pm #

    "Isn't an odd world where America can get seriously uppity over allegations North Korea hacked a movie company, but may have been secretly attempting something much more serious against North Korea's own nuclear programme?"

    Depends on your definition of odd. I think it is all but expected and for the purpose of normal/abnormal, the bell curve is used: I don't see this fitting any place unusual. Hypocritical world? That's another issue entirely and unfortunately it is also rather common of governments.

    "What should a country take more seriously – attacks against systems involved in nuclear weapons programs, or hacks that break into an entertainment company and reveal what executives think of Angelina Jolie?"

    The sad reality is they are willing to try to attack such infrastructure (with malware, malware that could be – once caught and reverse engineered – used against the creators, and other things too) which has serious implications (and see part about it being used against the creators) but whine about Sony being attacked. Well you can't have it all. Perhaps if they spent more time doing what they claim is one of their top priorities – improve security – instead of what they do – worsen security in numerous ways – they wouldn't have the problem with Sony. But of course they can't see it that way (because they're naive and foolish enough to not pay attention to important bits of information they become blind) and they never will, either. This is just the nature of humans and especially those who has one downfall – their desire for absolute power will corrupt them. Doesn't matter what country, what kind of person, party or anything in between. At least those who realise this are less likely to be corrupted because others will willing destroy themselves for their glory and power. Would be nice if there was another way, though.

Leave a Reply