スタックスネット
Stuxnetは核施設にどう侵入したか
Stuxnetの主な目的は、施設内でウラン濃縮に利用される遠心分離機のコントロールを奪取し、イランの核実験・核開発を無効化することでした。StuxnetはWindows OSの脆弱性を悪用し、ドイツのSiemens社のシステム制御ソフトの脆弱性を標的とした攻撃をするなど、動作する条件は限定的でしたが、その自律性の高さに特徴がありました。自律性はAIの性質の一つですが、Stuxnetはマルウェアの中でも自律性が飛び抜けており、実質的に高度なAIと呼んでいいといえます。
例えば以下のようなものです。
- USB経由でコンピュータに装着された時点で、コンピュータにゼロデイ脆弱(ぜいじゃく)性(まだ対策が取られていないセキュリティ上の欠陥)がないか自動的にチェックする
- 感染後、ネットワーク上のコンピュータに、遠心分離機を制御するPLC(プログラマブルロジックコントローラ、産業用の自動制御装置)がないか自動的に探査する
- 遠心分離機の設定を不正に操作し、回転機器を故障させ、濃縮ウランの産出量を激減させる
- 管理者と遠心分離機の間で、圧力、回転、振動などのセンサーデータを改ざんして、施設の技術者に異常を知らせないようにする
- 標的となった装置のセンサーが出す警告信号をとめる指令を出し、管理者が誤作動に気付かないようにする
このように高度な処理手順(アルゴリズム)が実装されているマルウェアも、エアギャップがあれば問題ないように思えますが、実際はUSBメモリを施設内のコンピュータに差すという人的ミスによって簡単にセキュリティを突破されてしまったのです。実際のところ、誰がUSBを差し込んだかは現在もよく分かっていませんが、施設の特徴やセキュリティ上の視点から、内部の人間である可能性が高いといえるでしょう。
With the advancement of technology, cyber attacks are becoming more sophisticated. One of the typical malware in the 2010s is “Stuxnet”. Stuxnet is a malware allegedly created by the United States and Israel to attack a system that controls a centrifuge at a nuclear facility in Iran, and became a hot topic around 2010. It is said that the computer virus plan using this extremely advanced malware was called “Olympic Games”.
The industrial control system for the uranium enrichment facility in Natanz, Iran, was not connected to the internet. One of the ways to improve security is called “air gap”. By using the network in a state of being physically isolated from the network such as the Internet, it can be expected to have the effect of protecting important information from cyber attacks from external networks. In order to break into a system or terminal that is not connected to an external network, a physical connection to an external medium such as a USB memory is required. The air gap was also thorough at the uranium enrichment facility in Natanz, but the industrial control system was infected via a USB memory.
How Stuxnet Invaded Nuclear Facilities
The main purpose of Stuxnet was to take control of the centrifuge used to enrich uranium in the facility and to nullify Iran’s nuclear tests and developments. Stuxnet exploited the vulnerability of Windows OS and attacked by targeting the vulnerability of the system control software of Siemens of Germany, and the operating conditions were limited, but it is characterized by its high autonomy. there was. Autonomy is one of the properties of AI, but Stuxnet has outstanding autonomy among malware, and it can be said that it is practically advanced AI.
For example:
Automatically checks your computer for zero-day vulnerabilities (security flaws that have not yet been addressed) when attached to your computer via USB
After infection, computers on the network are automatically searched for PLCs (programmable logic controllers, industrial automatic controllers) that control centrifuges.
Improperly manipulate the centrifuge settings, disrupt rotating equipment and drastically reduce enriched uranium production
Falsify sensor data such as pressure, rotation, and vibration between the administrator and the centrifuge to keep facility technicians out of the picture.
Issue a command to stop the warning signal issued by the sensor of the targeted device so that the administrator does not notice the malfunction.
Malware with such advanced processing procedures (algorithms) seems to have no problem if there is an air gap, but in reality it is easy to secure security by human error of inserting a USB memory into a computer in the facility. It has been breached. In fact, it’s still not clear who plugged in the USB, but from a facility feature and security standpoint, it’s likely an internal person.
