The group of anonymous "hacktivists" that made headlines for online cyberattacks in December just released a bombshell online: a decrypted version of the same cyberworm that crippled Iran's nuclear power program.
The Hacker News
The ones and zeroes that make up the code called the Stuxnet worm -- described as the most sophisticated cyberweapon ever created -- were reportedly found when the faceless group hacked into the computers of HBGary, a U.S. security company that the anonymous collective viewed as an enemy. And the security experts spoke with said the leaked code was serious cause for concern.
"There is the real potential that others will build on what is being released," Michael Gregg, chief operating officer of cybersecurity firm Superior Solutions. Gregg was quick to clarify that the group hasn't released the Stuxnet worm itself, but rather a decrypted version of it HBGary had been studying -- which could act almost like a building block for cybercrooks.
"As an attacker you need to understand how something works. The better you understand how it works the easier it is to build something similar that servers the same purpose," Gregg explained. The "decompiled" code the group made available is in that sense akin to a recipe book for disaster, he said.
"With the right tools -- and these guys have shown themselves more than once to be a fairly technical bunch of individuals -- then it gives others a cookbook to start modifying,".

Careful examination of the Stuxnet worm by armies of security analysts have shown it to be a cybermissile designed to penetrate advanced security systems. It was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran's uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bashehr.
Stuxnet was designed specifically to take over those control systems and evade detection, and it apparently was very successful. But Dave Aitel, CEO of Immunity Inc., painted a firm line between the version of the worm that destroyed Iran's nuclear plant and the code released by Anonymous.
"What they've released is essentially incomprehensible,", saying that what the group found was far removed from the raw worm that has been "travelling around Iran destroying nuclear things."
"This is essentially just a translation. HBGary took the worm in the wild and translated it into a slightly easier to read format," Aitel said. He notes that Stuxnet is still a threat, however, and the more dangerous raw version of the worm -- or the "binary" version -- is still easily accessible for those wishing to use it maliciously.
"The stuxnet binary is widely available," Aitel told . "The people who would use the binary would know how to find it."
Orla Cox, a security operations manager at Symantec, told The Guardian that it was "very difficult to tell" how dangerous Anonymous' copy of Stuxnet is.
"It would be possible [for Anonymous to use Stuxnet in an attack]," Cox said. "But it would require a lot of work; it's certainly not trivial." A hacker would need to repurpose the single-minded code and retarget it, a likely challenge, experts said.
The Anonymous group released the Stuxnet code on February 13, after finding it in a database of e-mails it stole from HBGary. "First public Stuxnet decompile is to be found here," one representative of the group wrote over Twitter.
Anonymous claims the hacking was a response to HBGary's purported efforts to penetrate the group and identify its members. But the reasons for releasing the Stuxnet code are unclear, be they malicious or merely anarchist.
The ramifications, experts say, are far less obscure.
"Now that pieces of that code become available, it's not a far step to others developing their own attack kits, Gregg told "Just because they don't have malicious intent with it doesn't mean others wouldn't."
This won't lead to an immediate threat. But it could lead to something soon, Gregg said.
"Weeks wouldn't surprise me."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.