Stuxnet

Stuxnet is a cyber weapon and computer worm. It was used to sabotage Iran’s nuclear program with what would seem like a long series of unfortunate accidents.^[1] It was first released in 2006.^[2] It became known only after the release of the second version.^[3] In 2010, an error in the code led the virus to spread outside the test labs and to infect computers around the world.^[4]

Image depicting the computer virus Stuxnet

S7-300, the industrial system the worm targets

Both the United States and Israel have been accused of developing and releasing Stuxnet.^[5] In 2012 the US confirmed that it developed Stuxnet with Israel.^[4]

Stuxnet targets PLCs. They control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Stuxnet works by targeting machines using the Microsoft Windows operating system and networks. It then looks for Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.^[6] Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.^[3]

Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then spreads across the network, scanning for Siemens Step7 software on computers controlling a PLC. If it doesn't find a target, Stuxnet becomes dormant inside the computer.

Stuxnet is special for different reasons:

1. It used flaws of the operating system Microsoft Windows which were not known to many people at the time.
2. It used stolen digital signatures to install the rootkit.
3. The authors had in-depth knowledge of the process visualization system WinCC, which is used to monitor and control technical processes, using the Simatic S7 industrial controller
4. It uses another rootkit to infect the computers which ruin the control and monitoring software for the industrial board

Even though it targeted PLCs, only very few were infected. The software is written to infect a specific set of PLCs, with well-defined modules. In the case of personal computers, it will infect any computer running the right software.

References

1. Ellen Nakashima (2 June 2012). "Stuxnet was work of U.S. and Israeli experts, officials say". Washington Post.
2. "Factbox: Cyber warfare expert's timeline for Iran attack". Reuters. 2 December 2011. Archived from the original on 26 November 2014. Retrieved 20 October 2015.
3. Michael B Kelley (20 November 2013). "The Stuxnet Attack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought". Business Insider Inc. Retrieved 20 October 2015.
4. Mathew J. Schwartz (1 June 2012). "Stuxnet Launched By United States And Israel". Information Week Network Computing. Retrieved 20 October 2015.^{[permanent dead link]}
5. Ellen Nakashima; Joby Warrick (2 June 2012). "Stuxnet was work of U.S. and Israeli experts, officials say". The Washington Post. Retrieved 20 October 2015.{{cite web}}: CS1 maint: multiple names: authors list (link)
6. Kushner, David. "The Real Story of Stuxnet". ieee.org. IEEE Spectrum. Retrieved 25 March 2014.