Everything you need to know about Stuxnet

Security

by Duncan MacRae| 28 March 2014

The computer virus that could cause a nuclear explosion.

Stuxnet is a major computer virus, first discovered in June 2010, which was designed to attack Siemens Step7 software running on a Windows operating system.

The worm was at first identified by security firm VirusBlokAda in mid-June 2010, and was originally called 'Rootkit.Tmphider'.

However, Symantec called it "W32.Temphid", then later altered the name to 'W32.Stuxnet'. Its current name comes from a splicing of keywords in the software (.stub and mrxnet.sys).

The virus was found when it accidentally spread beyond its intended target (the Natanz nuclear powerplant in Iran) due to a programming error introduced in an update. This led to the worm spreading to an engineer's computer that had been connected to the centrifuges, then spreading further when the engineer returned home and connected his computer to the Internet.

Kaspersky Lab experts at first estimated that Stuxnet started spreading around March or April 2010, but the first variant of the worm appeared in June 2009. On 15 July, 2010, the day the worm's existence became widely known, a distributed denial-of-service attack was made on the servers for two leading mailing lists on industrial-systems security. This attack from an unknown source, but likely related to Stuxnet, disabled one of the lists and interrupted an important source of information for power plants and factories.

Recently, though, researchers at Symantec uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear programme in November 2007 - developed as early as 2005 when Iran was still setting up its uranium enrichment facility.

The second variant, with substantial improvements, appeared in March 2010, apparently because its authors felt Stuxnet was not spreading fast enough. A third version, with minor improvements, appeared in April 2010. The worm contains a component with a build time-stamp from February 3, 2010. In the UK on November 25, 2010, Sky News reported that it had received information from an anonymous source at an unidentified IT security organisation that Stuxnet, or a variation of the worm, had been traded on the black market.

It is speculated to have been created by US and Israeli agencies to attack Iran's nuclear facilities.

In May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said, "we're glad they [the Iranians] are having trouble with their centrifuge machine and that we - the US and its allies - are doing everything we can to make sure that we complicate matters for them", offering "winking acknowledgement" of US involvement in Stuxnet.

According to The Daily Telegraph, a showreel that was played at a retirement party for the head of the Israel Defense Forces (IDF), Gabi Ashkenazi, included references to Stuxnet as one of his operational successes as the IDF chief of staff.

On 1 June 2012, an article in The New York Times said that Stuxnet is part of a US and Israeli intelligence operation called 'Operation Olympic Games', started under President George W. Bush and expanded under President Barack Obama.

On 24 July 2012, an article by Chris Matyszczyk from CNET reported how the Atomic Energy Organization of Iran e-mailed F-Secure's chief research officer Mikko Hyppönen to report a new instance of malware.

On 25 December 2012, an Iranian semi-official news agency announced there was a cyberattack by Stuxnet, this time on the industries in the southern area of the country. The virus targeted a power plant and some other industries in Hormozgan province in recent months.

According to expert Eugene Kaspersky, the worm also infected a nuclear powerplant in Russia. Kaspersky noted, however, that since the powerplant is not connected to the public Internet, the system should remain safe.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

745 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.