How much do you know about Stuxnet?
The Stuxnet Worm was discovered in June of 2010 by Sergey Ulasen, an employee of VirusBlokAda, a small antivirus company. At first it was mistaken as an arbitrary Windows bug, just a conflict between the installed application. Which was why the report had been handed to such a small, local group. As it turns out, the worm was groundbreaking for a variety of reasons. Not only was this the first instance of malware that could take control of programmable industrial control systems, but it became so widely known for its political origin story.
The Politics
The Stuxnet worm is alleged to have been created by U.S. and Israeli intelligence with the goal of crippling Iranian nuclear facilities. It was made to target the programmable logic controllers that were used to automate machine processes. This led to the destruction of multiple centrifuges in Iran’s Natanz uranium enrichment facility. The centrifuge is basically in charge of spinning uranium at a high speed which then produces fuel for the machines. The program worked by making the centrifuges burn themselves out, essentially making the equipment self-destruct. As destructive as the program was, its creators had actually set quite a few limitations. Firstly, the worm could only move through Siemens Step 7 software. In order to find which programs used this software, a USB containing the worm had to be placed into a Microsoft Windows computer. Stuxnet would find the PLC computer and begin updating its code over the internet. All the while, it would send false feedback to the main controller allowing it to go undetected until the job was finished. One of the more interesting limitations was that the program was set to expire in June of 2012, only two years after it was discovered by the public.
Graphic: L-Dopa, IEEE Spectrum May 2024
Stuxnet spawned a mass of media attention because it was a blatant attempt at degrading Iran’s nuclear weapons. An attempt that was meant to be kept secret. Starting with the Bush administration, the project named Olympic Games, stretched to the beginning of the Obama administration when it was finally ready for release. One official is quoted in saying, “The idea was to string it out as long as possible. If you had wholesale destruction right away, then they generally can figure out what happened, and it doesn’t look like incompetence.” (Washington Post) The attacks were meant to confuse Iranian engineers into believing the destruction was a result of their own faults. When it was discovered in 2010 officials made the decision to continue with the operation.
The Sons of Stuxnet
Stuxnet’s publicity led to a string of variants, some with authorization and some without. The six main variants are referred to as “the sons of Stuxnet.” Each of these held a different purpose. One, by the name of Flame, was programmed to record Skype conversations, log keystrokes, and obtain screenshots. Flame wasn’t directly assigned to one country or facility; it was meant to target many Middle Eastern countries along with their government organizations. Other variants were made to target power facilities, network infrastructure, and safety systems. It is unclear whether such variants were made by the same creator as the original Stuxnet but either way they were all incredibly destructive.
The original Stuxnet is still known for making the largest impact out of any of the variants. It is said to have infected around 100,000 computers by the end of 2010.Often referred to as the most sophisticated piece of malware ever written, Stuxnet is noted as a significant escalation of conflict as it spurred even more fear of an inevitable cyber war.
Check out cyberTAP's podcast to learn more about the Stuxnet Worm!
