The Stuxnet Worm and the Future of Warfare

New details about the Stuxnet worm that spread through tens of thousands of computer systems in mid-2010 provide an in-depth look behind the most successful cyber weapon we’ve seen to date.

Widely believed to be designed by the US and Isreali governments, the main targets of the Stuxnet worm were industrial controllers made by Siemens. While used in thousands of factories for legitimate manufacturing processes, the Siemens controllers targeted by Stuxnet were also used to enrich uranium at Iran’s Natanz nuclear facility. To ensure Stuxnet did not cause any collateral damage, the worm’s programmers were careful to ensure only the specific configuration of machines known to be present at the Natanz plant would be targeted by the worm.

The Stuxnet worm spread rapidly by infecting Windows computers, primarily via USB sticks, thereby allowing itself to propagate to to networks that otherwise wouldn’t be vulnerable to Internet-based worms. Amazingly, as detailed by the New York Times, the worm even went as far as to play back normal plant readings to operators while the worm went to work spinning the Siemens-controlled centrifuges into self-destruction:

The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The sophistication of Stuxnet, and the engineering effort it must have required, is truly astounding. The worm demonstrates once again that, given enough time and resources, any system can be compromised – even systems isolated from the Internet. The New York Times also reports the worm was used as an alternative to destroying the Natanz facility with bunker-busting bombs via an air strike. Stuxnet provides a fascinating glimpse into a technically sophisticated worm and the future of warfare.

Comments are closed.