Stuxnet

A 500-kilobyte computer worm and perhaps the most complicated piece of malicious software ever built (roughly 50 times the size of the typical computer virus), developed by the US and Israel to disrupt Iran’s nuclear program, which first emerged during the summer of 2010. It infiltrated over fifteen Iranian nuclear facilities including the Natanz nuclear facility where hired computer security specialists from Belarus examined the affected Iranian computer systems and discovered the malicious cyber worm. NSA whistleblower, Edward Snowden, confirmed that it was a US-Israeli cyberwarfare effort in 2013.

Development

Stuxnet development began in 2008 when Siemens cooperated with the Idaho National Laboratory to identify vulnerabilities in the company’s controllers that operate nuclear centrifuges and other industrial processes. A briefing about the findings was conducted by the Department of Homeland Security for US officials. The implication from the story is that this briefing was used by the Israelis, with US help, to develop the Stuxnet worm at Dimona.

Siemens controllers headed for Iran were detained by the United Arab Emirates in April 2009 at the request of the US State Department, according to WikiLeaks documents cited by the paper. A few months after that, the Stuxnet worm began appearing around the globe. The implication, from the report, is that the Stuxnet worm was loaded onto the controllers while they were detained in the UAE.

The Stuxnet worm has two components. One component attacks the centrifuges and the other records what normal operations look like and plays those readings back to plant operators so that they are unaware of any problems.

Although Iranian official said the Natanz facility sustained only minor damage, US and Israel officials cited by the newspaper estimate the worm had set back the Iranian nuclear program five years or more. An independent assessment by the Institute for Science and International Security estimated that the worm took out around 1000 centrifuges at Natanz.

This virus operated in three steps. First, it analyzed and targeted Windows networks and computer systems. The worm, having infiltrated these machines, began to continually replicate itself. Next, the machine infiltrated the Windows-based Siemens Step7 software. This Siemens software system was and continues to be prevalent in industrial computing networks, such as nuclear enrichment facilities. Lastly, by compromising the Step7 software, the worm gained access to the industrial program logic controllers. This final step gave the worm’s creators access to crucial industrial information as well as giving them the ability to operate various machinery at the individual industrial sites. The replication process previously discussed is what made the worm so prevalent. It was so invasive that if a USB was plugged into an effected system, the worm would infiltrate the USB device and spread to any subsequent computing systems that the USB was plugged in to.

Over fifteen Iranian facilities were attacked and infiltrated by the Stuxnet worm. It was believed that this attack was initiated by a random worker’s USB drive. One of the affected industrial facilities was the Natanz nuclear facility. [1] The fist signs that an issue existed in the nuclear facility’s computer system in 2010. Inspectors from the International Atomic Energy Agency visited the Natanz facility and observed that a strange number of uranium enriching centrifuges were breaking. The cause of these failures was unknown at the time. Later in 2010, Iran technicians contracted computer security specialists in Belarus to examine their computer systems. This security firm eventually discovered multiple malicious files on the Iranian computer systems. It has subsequently revealed that these malicious files were the Stuxnet worm. Although Iran has not released specific details regarding the effects of the attack, it is currently estimated that the Stuxnet worm destroyed 984 uranium enriching centrifuges. By current estimations this constituted a 30% decrease in enrichment efficiency.

Whistleblower testimonies from multiple agents within both the CIA and NSA say it was a massive multinational interagency operation which included; NSA, CIA, USMil CyberCommand, GCHQ, Mossad and Unit 8200. The real name of Stuxnet was Olympic Games and entire operation was called Nitro Zeus. The last video in the below playlist is the supposed whistleblower testimonies (could be disinfo).

Sources:

  • https://www.infosecurity-magazine.com/news/ny-times-stuxnet-was-a-us-israeli-effort-to/
  • http://large.stanford.edu/courses/2015/ph241/holloway1/