Stuxnet: A Deep Dive
With the beginning of the 21st century the U.S. started creating and launching cyber weapons with the goal of destroying physical equipment in other countries. As other countries did the same, it has completely changed the ways wars are fought. One of the first cyber weapons of note was Stuxnet, which was made known to the public in 2009.
In the late 90s the Pakistan government built and tested a nuclear atomic bomb. This gained a lot of interest worldwide, and the U.S. began infiltrating Pakistan to learn more of what’s going on there. They were eventually able to infiltrate the supply network for the physicists working on their bombs. When they flipped the supply chain, they learned that the chief physicist had made trade deals for his equipment and supplies with North Korea, Libya, and Iran to help them conduct nuclear enrichment. The U.S. and UK were then able to intercept a shipment of this equipment going to Libya, publicly exposing their program, and eventually closing it.
The U.S. ended up with the Libyan equipment (centrifuges), which they had a team of nuclear physicists’ study. This would allow them to estimate how far along their main concern, Iran, was in the process. The main goal of the team was to determine how efficient the centrifuges were at enriching uranium, the key to building the bombs. In late 2002 the Iranian nuclear program went public, and the International Atonic Energy Agency was allowed access to the main facility.
Once there they were able to discover that the program was much more far along than previously thought. Then President bush, who had already invaded Iraq and Afghanistan would not have had the support needed for another war, so he had to take an undercover approach.
Their plan was to delay and prevent progress until diplomatic negotiations could be reached, hopefully making it look like equipment malfunction. Iran announced in late 2005 that they would start the enrichment of the uranium gas. With the goal of damaging the centrifuges in a catastrophic way, the U.S. launched its first attack to buy themselves more time. They were able to sabotage a shipment of UPSs (power supplies) from Turkey. This cause significant damage to the centrifuges and stopped Iran from moving forward until 2007.
That’s when the U.S. and Israel teamed up to develop Stuxnet, a virus designed to close exit valves on the centrifuges causing the pressure inside to build and do major damage the equipment. In one test, it was able to make the centrifuge break apart and fall to the floor. The hard part was getting the work on the facilities computers. These computers were not reachable from the internet, so they decided to put the virus on USB sticks and scatter them all over Iran. Once they released, they had no way of knowing if it made its way into the facility, they had to wait for the news and inspection reports. These reports did show that the virus made its way into the facility, but that progress was only slowed about 30%.
In 2009, they discovered a new way to damage the centrifuges that not only wasted the gas, but completely broke the equipment buy increasing the spinning speed. This new code also found more ways to infect systems, containing 4 zero days (bugs that software vendors are unaware of), more than any other malware in history. Once the computer was infected, the virus would look for the SCATA software that controls the centrifuges, altering its files and exploiting a bug in the software. This would disable the monitoring and alerting software, making it look like everything was running correctly. Lastly, the centrifuge would be infected and the spinning speed altered.
They had a lot of issues spreading the new virus, so they used a worm. This made it so it would infect any windows computer it encountered, remaining dormant when they didn’t have the SCATA software. The virus was introduced to the network of some contractors that worked at the Iran facility. It was able to spread to all of there devices, either over a shared drive or USB.
The next time the contractors were at the facility, the worm spread over the network to the facility’s computers.
This attack was able to damage 1,000 centrifuges and all the gas they contained. This was a huge set back because Iran had a very limited supply of them both and simply couldn’t make more. However, there was a bug in the Stuxnet software. The worm was infecting machines at a very aggressive rate, and eventually spread around the world. This led to its discovery, which alerted the Iranian government.
Stuxnet is still considered one of the most complex malwares to date. Although it’s purpose to destroy Iran’s production of nuclear weapons was not completely accomplished, it still managed to derail it enough so it never fully recovered.