Professor Ingram D. Rogers
August 3rd 2011
The Stuxnet Virus
The Stuxnet Virus
What diplomacy could not achieve, sanctions could not silent, and for which a military option was not viable, a cyber attack quietly accomplished. Kim Zetter an investigative reporter with Wired Magazine online calls Stuxnet, “a piece of software that would ultimately make history as the world’s first real cyberweapon.” (Zetter, 2011, sec. 1) In his article, Is “Stuxnet” the best malware ever? Gregg Keizer of Computer World says: “The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals.” (Keizer, 2010)
Israel and the United States are widely considered to be behind the creation of the malicious Stuxnet worm which eventually sabotaged Iran's nuclear program. Systems that could have helped quickly build an Iranian nuclear bomb were effectively crippled by the malicious software. Stuxnet first came to light in July 2010 when nearly 60% of infections were being reported from Iran. While the United States and Israel did lead an aggressive international political campaign to get Iran to halt its nuclear program, neither country has openly admitted any involvement in this cyber attack. There is no hard evidence that links either country to Stuxnet. Regardless, most experts believe that this cyber attack was carried out by the two countries on Iranian computers that control centrifuges in key nuclear plants, and that it has set the country back at least a few years in its quest to build nuclear weapons.
In June 2010, Belarus-based security firm VirusBlokAda reported the first detection of a malicious malware named Stuxnet that attacks supervisory control and data acquisition (SCADA) systems running on Windows operating systems, specifically Siemens' WinCC/PCS7 systems. But by then, the malicious worm had already attained notoriety due to its complexity and due to what it targets. In September that year, Iran announced that its first nuclear power plant had been hit with Stuxnet. It quickly became quite clear that Iran was eventually the site of many of the infections of Stuxnet as it spread throughout the world. Kim Zetter writes: Out of the initial 38,000 infections, about 22,000 were in Iran…. South Korea and the United States were always at the top of charts in massive outbreaks, which wasn’t a surprise since they had the highest numbers of internet users. But even in outbreaks centered in the Middle East or Central Asia, Iran never figured high in the numbers. It was clear the Islamic Republic was at the center of the Stuxnet infection. (Zetter, 2011, sec. 5) Some have openly suggested that the worm was the work of Israel or the United States, though no solid evidence has been revealed to support those claims, and neither of the two countries have come forward and accepted responsibility. However, in the light of zero-days, stolen digital certificates and other features, cyber security experts are ranking Stuxnet attack as one of the most sophisticated malware attacks they have seen. Stuxnet targeted the control systems at industrial plants, specifically Siemens' WinCC and Step 7 software. Historic data shows that Iran accounted for almost sixty percent of the early infections. According to Siemens, 15 of its customers were identified as having detected the worm on their systems as of Sept. 14. Stuxnet used stolen digital certificates from Realtek Semiconductor and JMicron Technology to legitimately slip through and hide. The certificates also helped keep Stuxnet under the radar. 1.1 Why are all the fingers pointing to the United States and Israel? Most cyber security experts who have researched this complex attack call it a joint U.S. Israeli operation, which may have...