Michael G. Wilson knew he had a tough task ahead of him when he signed on to produce the latest James Bond film, "Skyfall." He had to honor the five-decade history of a famed movie franchise while promoting a plot capable of captivating today's tech-savvy audiences. And although auteurs are often reluctant to pull back the curtain on their creative processes, Wilson had no qualms about revealing his primary source of inspiration. In a recent interview with Fox News, the movie producer suggested that the latest Bond storyline was largely based on the Stuxnet virus which disrupted operations at an Iranian nuclear facility in 2010.
Framed by many as the atom bomb for this generation of warfare, Stuxnet has been a consistent topic of conversation across the cybersecurity community following its original discovery and associated investigation. But to the layperson, the gravity of geopolitical Internet security threats is largely unknown.
"I think people probably think, 'Oh it's Bond, it's fantasy,'" Wilson told Fox News. "If anything, we were very constrained with the possibilities. When you look at what [rogue cybercriminals] have managed to do, it's amazing."
Without giving too much away, "Skyfall" traces the path of a former British spy who hacks into government computers and threatens to expose covert intelligence related to missions around the world. From rigging elections to manipulating stock prices, this new-age Bond villain suggest he can trigger international mayhem with a simple point and click.
Last month at the Wired 2012 conference, F-secure chief research officer Mikko Hypponen delivered a prescient address highlighting the difference between state-sponsored cybercriminals and the common hacker. As he saw it, Stuxnet and similar threats could only be the work of Bond-like operatives.
"James Bond has unlimited resources and training, if James Bond wants to kill you he will kill you," Hypponen explained. "It doesn't matter if you want to run and hide, he will kill you. It doesn't matter if you have a helmet, he will kill you. That's why it's so hard to defend against these viruses, given the resources building these attacks — we're not giving up, but it's very hard."
A perceptive plotline
Although Bond villains have the power of movie magic on their side, the tools and methods used to wage cyberwarfare are not fantasy-genre figments. As researchers from Positive Technologies recently found out, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems are being targeted at an alarming rate.
Between 2005 and early 2010, when Stuxnet was first discovered, analysts observed just nine confirmed ICS or SCADA vulnerabilities. That figure suddenly spiked to 64 vulnerabilities in 2011, while an additional 98 were highlighted in the first eight months of 2012. What's more, 50 of the exploits discovered between 2011 and September 2012 were freely published across cybercriminal forums. Just six such cases were observed in the preceding five years.
As report authors noted, these security loopholes could compromise everything from public transit systems and water supplies to gas pipelines and nuclear power plants. And with more than 40 percent of the observed ICS/SCADA systems containing components that face the open Internet, film fiction could quickly become regrettable reality.
Just this month, Chevron became the first U.S. company to admit that its systems had been infected by a mutation of the Stuxnet virus.
"I don't think the U.S. government even realized how far it had spread," Chevron spokesman Mark Koelmel told the Wall Street Journal, alluding to the suspected American involvement in Stuxnet's creation. "I think the downside of what they did is going to be far worse than what they actually accomplished."
Security News from SimplySecurity.com by Trend Micro