What is Stuxnet?

Stuxnet, the worm virus launched by Israel in the 2010 attack on Iran’s uranium enrichment facility.  What is a worm?  What exactly is Stuxnet?

In simplest terms Stuxnet is a worm virus capable of secretly infecting a computer network and working it’s way in to the target.  During this process it does not cause any harm to the computers it uses to locate it’s target, nor does it make itself known in any way.  When it reaches the target computer it reprograms the target code in the software.  These code changes cause actual physical changes in the industrial environment which these worms were created to infiltrate, without notifying the operators of any abnormalities.

Stuxnet was first discovered in July 2010 by VirusBlokAda, a security firm based in Belarus.  Stuxnet is the first worm discovered that spies on and reprograms industrial systems, and the first to include a programmable logic controller (PLC) rootkit.  It was written to specifically to attack Supervisory Control and Data Acquisition (SCADA) systems used to control and monitor industrial processes.  Stuxnet includes the capability to reprogram the PLCs and hide its changes.  The virus contains a component with a build time stamp from February 3rd 2010.  In the UK on November 25th 2010, Sky News reported that it had received information that the Stuxnet worm or a variation of the virus had been traded on the black market.  The name is derived from some keywords discovered in the software.

In 2010 Israel utilized the Stuxnet worm to infiltrate Iran’s computer network and disable the Bushehr Nuclear Power Plant.  Although Siemens initially had stated that the worm had not caused any damage, on November 29th 2010, Iran confirmed that its nuclear program had been damaged by Stuxnet.

Kaspersky Labs released a statement that described Stuxnet as “a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world.”  Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60% of the infected computers worldwide were in Iran, suggesting its industrial plants were the target.  Kaspersky Labs concluded that the attacks could only have been conducted “with nation-state support”, making Iran the first target of real cyberwarfare.  [Via Wikipedia]

Stuxnet does little or no harm to computers and networks that do not meet specific configuration requirements.  The worm was designed to specifically attack nuclear plant targets in Iran and is one of the first computer viruses built as a deadly assassin.  The worm contains code for a man-in-the-middle attack that fakes industrial process control sensor signals so an infected system does not shut down due to abnormal behavior.  It is suspected that this code took Israel and the US months if not years to code and test.

The code is very abnormal for malware and contains a layered attack against three different system:

1.  The Windows operating system
2. Step 7 industrial software application that runs on Windows and
3. a Siemens PLC

In 2010 numbers were released with the countries known to be infected with the Stuxnet virus and the number of computers affected.  As you can see, Iran led the pack with over 62k infected which points pretty heavily at which country the virus was designed to target.

Iran 62,867
Indonesia 13,336
India 6,552
United States 2,913
Australia 2,436
United Kingdom 1,038
Malaysia 1,013
Pakistan 993
Finland 23
Germany 24
Who will be the next target of cyberwarfare?  Chances are the US has already been targeted, but has yet to know the implications as some silent virus sits on a computer at the FBI or Pentagon waiting to go live.

Facebook Comments


About Jonathan G. Nelson

Jonathan G. Nelson is the editor-in-chief and owner of NERD TREK. He is also owner/publisher at AAW Games / AdventureAWeek.com, a tabletop gaming company based in Snoqualmie, WA. Connect with Jonathan via Facebook.