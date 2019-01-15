What is Stuxnet?

By the time it first became public in 2010, Stuxnet had enabled the destruction of nearly a thousand, or about a fifth, of the centrifuges at Iran’s Natanz nuclear enrichment facility, setting back that nation’s nuclear program by 18 months or more. Obviously, that became international news that lasted not just months but years.

After tiptoeing around the attribution issue for a while, most reports settled on saying it was “widely accepted” that Stuxnet was a cyber weapon created by Israeli and U.S. intelligence agencies. There have been books written about it, numerous seminars conducted about it, and, of course, accusations and threats among the nation-states involved.

Stuxnet was also significant because the attackers got the worm into the Natanz computers even though the systems were “air-gapped”—not connected to the internet. They gained access by using USB thumb drives to plant the malware on the systems of third-party companies that had a connection to the Iranian nuclear program.

Stuxnet was highly targeted, designed to scan only for Siemens STEP 7 software on computers controlling a PLC (programmable logic controller). If either was missing, Stuxnet would go dormant inside the computer. But if both were present, it would modify the codes and give malicious commands to the PLC while returning feedback that made it look like everything was normal.

Those commands caused the centrifuges to spin out of control and destroy themselves before anyone monitoring the system knew something was wrong.

Reportedly, Stuxnet was never intended to spread beyond Natanz. However, the malware did end up on internet-connected computers and began to spread in the wild, thanks to an extremely sophisticated and aggressive design.