09:01 GMT21 April 2021
Listen Live

    Stuxnet: The Worm of the Apocalypse

    In Depth
    Get short URL
    by
    Ghosts in the Machine: The History of Computer Malware (5)
    1108
    Subscribe

    The Internet of Things can help you automate your home. But on the industrial level, total interconnectedness sometimes means trouble. In 2010, Iran faced a PC epidemic that threatened the country’s nuclear program – all because someone brought a USB flash drive infected with a virus into a secret government lab.

    Imagine an underground compound with concrete walls that are 2.5-meters thick, 25 thousand square meters of hallways, several buildings able to withstand heavy bombing – this is how the Iranian Natanz top secret nuclear lab looks.

    Inside there are thousands of centrifuges producing low-enriched uranium. The process is managed with the use of programmable logic controllers, or PLCs – all connected to powerful computers.

    For decades Natanz was heavily guarded – seemingly impenetrable to outsiders… except one – a beast called Stuxnet.

    In 2010, engineers noticed alarming behavior regarding the lab’s machinery – the nuclear centrifuges were literally falling apart and breaking one by one, while the software gave no warnings whatsoever. Computers that were running under the Windows operating system all had security certificates in place, and the Iranian personnel were baffled, not knowing what was going on. One local cybersecurity expert contacted his colleague Sergey Ulasen, a programmer from Belarus, who was at a rural wedding ceremony in his home country, hundreds of kilometers away from civilization.

    Here’s what Sergey said later in an interview to Eugene Kaspersky of the Kaspersky Labs:

    “All the other guests were of course happily celebrating, dancing and drinking far too much, while I was there  on the telephone (my mobile) the whole time delivering urgent technical – and psychological! – assistance to a dude near Tehran.”

    At the time Sergey was unaware that together with his colleague he just discovered Stuxnet – a notorious cyber weapon, a network worm, that was reportedly developed to slow down and disrupt Iran’s nuclear program.

    It took a lot of effort for Ulasen to perform a sort of autopsy on the Natanz’ “alien invader.” The malware used the so-called “zero-day” vulnerabilities and was able to penetrate the protection of well-patched, up-to date Windows systems. It delivered its deadly payload across the local network in seconds and stayed hidden in the computers’ memory, using sophisticated cloaking algorithm.

    Cyber security experts found out that Stuxnet was able to disrupt the automation in a wide variety of machines, including factory assembly lines and amusement parks. But the Natanz incident, which later caused the Stuxnet epidemic at several other Iranian nuclear facilities, was clearly a different type of rollercoaster ride – a deadly one.

    While the authors of Stuxnet remained anonymous, many cyber security experts believe that the malware was created by a joint team of Israeli and US hackers. Initially the hackers were trying plant the worm only into certain Iranian nuclear lab networks. But the beast got out of hand, spreading all over the world – to countries like India, Russia, Syria and Kazakhstan.

    By 2011, when several US and international mainstream media outlets ran stories on Stuxnet, its stateside origin was brought to light. And although the US government never publically admitted their involvement, anonymous sources confirmed such suspicions.

    The Stuxnet outbreak has become the first, the largest and costliest malware development effort in history, bringing humanity one step closer to a dangerous line – a line where hacking tools are not only an annoying and disruptive piece of code, but also – a dangerous cyber weapon that could very well get out of hand, triggering a nuclear Apocalypse.

    Topic:
    Ghosts in the Machine: The History of Computer Malware (5)
    Tags:
    computer virus, Iran's nuclear program, Stuxnet, Internet, Iran
    Community standardsDiscussion