Connect to share and comment
The Stuxnet worm, a form of malware, was likely created by a government.
Editor's note: GlobalPost featured this article in "Great Weekend Reads," a free compilation of the week's most colorful stories. To receive Great Weekend Reads by email, let us know at firstname.lastname@example.org.
The idea for this story was suggested by a GlobalPost member. What do you think we should cover? Become a member today to suggest and vote on story ideas.
LONDON, United Kingdom — In June 2009, someone somewhere quietly released a computer virus called Stuxnet. It was rather large for a virus, but no one noticed as it slipped into cyberspace and began infecting its way around the world.
One year later, the virus — or worm, as programmers call this strain of invasive software — did something in Iran. It's not clear what it did, but this time, a lot of people noticed. Because Stuxnet, they say, changes everything.
Iranian officials have decried Stuxnet as an act of “computer terrorism” perpetrated by the “domineering powers.” They could be right, say experts who believe the worm’s potency and sophistication point to a possible state-sponsored cyber attack and perhaps a new era of warfare.
“In terms of preparation, planning and organization, Stuxnet is completely unparalleled to anything we’ve seen before,” Roel Schouwenberg, a Boston-based researcher for Russian internet security company Kaspersky Lab, told GlobalPost.
Schouwenberg said Stuxnet exploits holes in computers running Microsoft Windows, infecting networks and spreading via USB data sticks as it hunts specific software created by German engineering company Siemens for use in power plants and factories.
Once it finds the software, it makes modifications, causing machinery to shut down, “potentially by explosion.” In the meantime, it tinkers with feedback software so engineers running the plant have no idea what is happening.
Along the way, it also infects thousands of other machines in the firing line. There’s no particular side effect for most users. Unlike most criminal worms, Stuxnet doesn’t trouble itself with trying to steal credit card or bank account details. Up-to-date software patches should halt it in its tracks.
As yet there have been no conclusive reports of major problems caused by Stuxnet — and Iran has pointedly denied claims its controversial nuclear plants have been hit. But experts say Stuxnet’s potential is alarming.
“What we do know is that Stuxnet is an extremely sophisticated piece of malware which has cost very significant resources to develop,” said Schouwenberg. “It’s also the first time, what we know of, that a cyber-sabotage attack happened. Given this background, nation-state involvement is the most likely scenario.”
If Stuxnet is targeting Iran, and is the work of state-sponsored cyber attackers, then Tehran has no doubt already drafted a list of usual suspects that includes Israel, the United States and the United Kingdom.
But, said Mikko Hypponen, chief researcher for Finnish Internet security company F-Secure, there's no hard evidence Iran is the target. In fact, now that Iran has detected and cut off the worm, India is predominately in the firing line.
He does, however, point to something called a registry key inside the worm that carries the number 19790509, which could be read as May 9, 1979. Maybe the author's birthday, he speculates, but also maybe the date Iran executed a Jewish-Iranian businessman, Habib Elghanian, it accused of spying for Israel.
Rex Hughes, a cyber security expert at London's Chatham House think tank, agreed that Stuxnet's likely target and its perpetrator may never be known, as has been the case in earlier cyber attacks on Estonia and Georgia — both blamed on Russia but vehemently denied by the Kremlin.
"It is interesting to date — with these watershed moments such as Estonia, Georgia and Stuxnet — no states have admitted sponsorship and there's not 100 percent viable evidence that there is state sponsorship for any of those events," he said.
According to Hughes, the only cyber attack ever claimed on behalf of a government dates back to 1982 when Reagan administration officials admitted deploying malware that caused a massive gas pipeline explosion in Soviet Siberia. The KGB, at the time, said the blast was accidental.