The-Accountant-Sep-Oct-2017-Final
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Information Technology<br />
CYBERSECURITY<br />
By FCPA Jim McFie, a Fellow of the Institute of Certified Public <strong>Accountant</strong>s of Kenya<br />
On June 17, 2010, an<br />
extremely sophisticated<br />
worm was found by a<br />
Belarus security expert<br />
on one of his client’s<br />
computers. A computer worm is a<br />
type of malicious software program (or<br />
malware) whose primary function is to<br />
infect other computers while remaining<br />
active on infected systems: it is selfreplicating<br />
– it duplicates itself to spread<br />
to uninfected computers. Worms often<br />
use parts of an operating system that<br />
are automatic and invisible to the user.<br />
It is common for worms to be noticed<br />
only when their uncontrolled replication<br />
consumes system resources, slowing<br />
or halting other tasks. A computer<br />
worm infection spreads without user<br />
interaction; all that is necessary is for the<br />
computer worm to become active on an<br />
infected system. Before the widespread<br />
use of networks, computer worms were<br />
spread through infected storage media,<br />
such as floppy diskettes, which, when<br />
mounted on a system, would infect other<br />
storage devices connected to the victim<br />
system. USB drives are still a common<br />
vector for computer worms and the<br />
persons who infected the computers<br />
in Iran did so by leaving USB drives<br />
around the entrance to the Iranian<br />
uranium enrichment facility. If you<br />
found a USB drive, you would probably<br />
put it into your computer to see what<br />
was on the drive. This happened at the<br />
Iranian facility. <strong>The</strong> worm then did<br />
the job it was designed to do: the end<br />
result was that the centrifuges that were<br />
critical to the uranium enrichment<br />
program in Iran rotated so fast that<br />
they broke apart. <strong>The</strong> scientists and<br />
engineers in the plant could not find<br />
the cause of this problem. <strong>The</strong> President<br />
of Iran demanded explanations but<br />
none were forthcoming. <strong>The</strong> personnel<br />
in the plant did not realize that they<br />
had been “infected” by one of the most<br />
sophisticated worms that has ever been<br />
written – the Stuxnet worm: there is<br />
even a film about it entitled “Zero Days”.<br />
Though it was immediately apparent<br />
that the virus was deadly, it would<br />
take considerably more analysis—<br />
including by Symantec security response<br />
professionals Eric Chien and Liam<br />
O’Murchu—before its true potential<br />
was revealed. Those revelations were<br />
at once awe-inspiring and unsettling,<br />
as Stuxnet turned out to be a complex<br />
program designed to infiltrate, target,<br />
and sabotage the centrifuges at Iran’s<br />
Natanz nuclear facility. It was equipped<br />
to do this even though Natanz’s systems<br />
were disconnected from the internet.<br />
And it was to perform its mission<br />
without “command and control” input—<br />
meaning that its groundbreaking code<br />
would initiate and carry out its tasks<br />
wholly on its own, or as Chien says,<br />
“<strong>The</strong>re was no turning back once Stuxnet<br />
was released”. It came as no surprise<br />
that, after comprehending the scope<br />
of Stuxnet’s potential, the Symantec<br />
experts called it “Hollywood-esque” and<br />
likened it to something out of a “James<br />
Bond” movie.<br />
To make matters worse, Stuxnet<br />
contained four “zero day” exploits,<br />
meaning that at four different stages<br />
of its operation, it was capable of<br />
28 september - october <strong>2017</strong>