(LiveHacking.Com) – Chevron, the US headquartered international oil and gas company, has admitted that Stuxnet infected its IT network. Speaking to the Wall Street Journal, Mark Koelmel, general manager of the company’s earth sciences department said that the notorious malware was found on its networks in 2010.
Stuxnet is known for destroying centrifuges used in Iran’s uranium enrichment program. It is thought it was designed by a nation state with the intention of targeting Siemens supervisory control and data acquisition systems (SCADA) which controlled the industrial processes inside the enrichment facilities.
Chevron was not damaged by its encounter with Stuxnet and it appears that it got onto its network by accident. But this is the first time that a U.S. company has admitted that the malware got onto its systems. There are probably many more Stuxnet infections in the U.S. and mainland Europe that went unreported for reasons of security or to avoid embarrassment.
Stuxnet specifically targets industrial equipment that is controlled by devices known as programmable logic controllers, or PLCs. These devices have been sold and used in their millions all over the world and potentially the Stuxnet malware would have destroy other equipment across the global. Just like a real world virus, once it is out there, it can’t be controlled.
“I don’t think the U.S. government even realized how far it had spread,” Koelmel said. “I think the downside of what they did is going to be far worse than what they actually accomplished.”
The U.S. has almost admitted that it wrote Stuxnet, which makes the U.S. a probable target for any retaliatory cyber attacks. It now seems that the lid is off “Pandora’s box” and worse still the very weapons used to attack others have come back to haunt their creators.
Ultimately private enterprise will have to clean up in the aftermath of Stuxnet without any help from the government. “We’re finding it in our systems and so are other companies,” said Koelmel. “So now we have to deal with this.”