Welcome! You've Got Computer Worms!

Chechnya. Estonia. Georgia. In recent years, military powers have waged cyberwarfare with increasing frequency, on an ever-larger number of fronts. Even here in the U.S., we've been subject to attack, including the July 2009 "botnet" assaults on websites run by U.S. stock exchanges NYSE Euronext and Nasdaq OMX, and on the Pentagon, NSA, and State Department.

But turnabout is fair play, and in 2009, America apparently started fighting back -- and winning.

For years, the White House has wrung its hands about the difficulty of disrupting an Iranian nuclear weapons program that's widely dispersed, deeply buried, and heavily bomb-proofed. Then, American "cyberwarriors" allegedly hit upon a solution: Zap them with an e-bug. In collaboration with Israeli security agencies, a New York Times report asserts, we designed a computer "worm" designated "Stuxnet," reportedly the "most sophisticated" computer worm ever designed. Stuxnet was built for exactly one purpose: Locate Siemens (NYSE: SI  ) -manufactured centrifuges in Iran, and instruct them to spin so fast they self-destruct.

It worked. After worming its way into one of Iran's centrifuge labs last year, Stuxnet has already been credited with destroying as many as 20% of Iran's nuclear centrifuges, and setting back Iran's nuke program by as much as five years. According to one commentator, "It was a marksman's job." One shot, one kill, no collateral damage.

A marksman with a machine gun
But while we aimed at only one target, Stuxnet didn't stay stuck on it. Already, the worm has leaked out of Iran and into Symantec's (Nasdaq: SYMC  ) virus filters.

According to this month's issue of Popular Science, Stuxnet can now be found on "hundreds of thousands of computers in at least 155 countries." The good news: Since it's so highly targeted at Iranian centrifuges, Stuxnet doesn't seem capable of harming anyone else. The bad news: It might not stay that way.

According to independent computer security expert Ralph Langner, once you've captured Stuxnet and managed to decode the worm, "it's like a playbook… Anyone who looks at it carefully can build something like it."

Pandora's worm
In other words, we might have struck a blow for truth, justice, and the American (or Israeli) way with Stuxnet. But we may also have provided an instruction manual to help enemy hackers build their own hi-tech cyberworms.

Describing the danger that Stuxnet, or derivations thereof, will eventually be turned around and used to attack U.S. industrial machines, PopSci rates Stuxnet a "7" (out of 10) on this month's "Folly Meter" of neat-ideas-that-we-never-should-have-tried. And in an eminently quotable warning, the magazine opines, "Many cybersecurity wonks are thoroughly freaked out."

Offense leads to defense
Congrats to the cyberwarrior team on the "away win." But in a perverse boon to America's defense industry, it's now it's more urgent than ever that the folks who invented "Stuxnet 1.0" rush home and start playing defense against a potential Stuxnet 2.0.

Perhaps tipped off to the escalated threat meter, the Obama Administration launched operation "Perfect Citizen" last year, an effort to improve monitoring of Internet security threats that builds on cybersecurity promises made (but not fulfilled) back in the Bush II administration. Raytheon (NYSE: RTN  ) got the initial contract award there. But already, defense stalwarts ranging from Boeing to SAIC (NYSE: SAI  ) to L-3 Communications (NYSE: LLL  ) are scrambling to create or strengthen existing cyber security divisions.

That's great news for defense investors -- if the government comes through on its promises to make a serious investment in bolstering national cyber security defenses, and if the much-ballyhooed defense cuts don't give short shrift to "virtual" threats. But our response cannot end there. Remember that while Iran's government runs its nuclear program, a Stuxnet-like attack in the U.S. would more likely target private, industrial companies like energy utilities, electricity distributors, or chemical concerns.

Foolish final thought
While any serious effort to make America's Internet secure must begin with government computer networks, private companies will need the bulk of the upgrades, albeit perhaps with taxpayer assistance. If that's the case, I'd think that companies like Symantec (which first captured Stuxnet "in the wild"), McAfee (now owned by Intel (Nasdaq: INTC  ) ), and Cisco (Nasdaq: CSCO  ) would benefit most from such spending.

Profit-pinched companies won't want to spend to secure their networks, but the government may require them to do it. The threat is real, it's growing, and thanks to Stuxnet, we may just have made it worse.

Intel and SAIC are Motley Fool Inside Value recommendations. The Fool has created a bull call spread position on Cisco Systems. The Fool owns shares of and has bought calls on Intel. Motley Fool Options has recommended buying calls on Intel. The Fool owns shares of L-3 Communications Holdings, Raytheon, and SAIC.

Fool contributor Rich Smith does not own shares of any company named above. The Fool has a disclosure policy. Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors.


Read/Post Comments (3) | Recommend This Article (7)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On January 26, 2011, at 2:21 PM, theHedgehog wrote:

    Just one more reason to convert to Linux.

  • Report this Comment On January 26, 2011, at 2:32 PM, hassani1387 wrote:

    Rubbish. The Stuxnet hoax was hyped for political reasons by people who wanted to create a false victory for US policies with respect to Iran. First of all Iran's centrifuges are manufactured by Siemens. Secondly, the Federation of American Scientists recently issued a report stating that Iran's nuclear program had actually progressed and was not slowed-down. Third, there is no evidence whatsoever that Iran was the intended target, as many other nations were affected. Fourth, there is no evidence who made the virus, and more recent analysis shows it to be "full of errors" that made it easily identifiable.

  • Report this Comment On January 26, 2011, at 2:32 PM, hassani1387 wrote:

    First of all Iran's centrifuges are NOT manufactured by Siemens

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 1429559, ~/Articles/ArticleHandler.aspx, 11/27/2014 9:36:37 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement