Digital TrendsTechnology news and Product Reviews

Bits before bombs: How Stuxnet crippled Iran’s nuclear dreams

Ryan Fleming By

When the Stuxnet computer worm first surfaced back in June, it seemed like a sophisticated piece of malware that was ineffective, but dangerous. A few months later, it appears that the worm may have crippled Iran’s nuclear plans, leading to some analysts to describe it’s coming “like the arrival of an F35 into WWI battlefield.”

The future of warfare may have just begun, but rather than being heralded by an explosion, it began without a sound or a single casualty.

It is the first of its kind, and could be a signal of the ways all wars are fought from now on. It is a cyber weapon so precise that it can destroy a target more effectively than a conventional explosive, and then simply delete itself, leaving the victims left to blame themselves. It is a weapon that is so terrible that it could conceivably do more than just damage physical objects, it could kill ideas. It is the Stuxnet worm, dubbed by many as the world first real weapon of cyberwarfare, and its first target was Iran.

The dawn of cyberwarfare

Stuxnet is almost like something out of a Tom Clancy novel. Rather than sending in missiles to destroy a nuclear plant that threatens the entire region and the world, and is overseen by a president who has claimed that he would like to see an entire race of people “wiped off the map,” a simple computer virus can be introduced that will do the job far more effectively. To attack a structure with missiles can lead to war, and besides, buildings can be rebuilt. But to infect a system so completely that the people using it begin to doubt their faith in their own abilities will have far more devastating long-term effects.

In a rare moment of openness from Iran, the nation has confirmed that the Stuxnet malware (the name stems from keywords buried in the code) that was originally discovered in July, has damaged the country’s nuclear ambitions. Although Iran is downplaying the incident, some reports suggest that the worm was so effective, it may have set back the Iranian nuclear program by several years.

Rather than simply infect a system and destroy everything it touches, Stuxnet is far more sophisticated than that, and far more effective as well.

The worm is smart and adaptable. When it enters a new system, it remains dormant and learns the security system of the computer. Once it can operate without raising alarm, it then seeks out very specific targets and begins to attack certain systems. Rather than simply destroy its targets, it does something far more effective—it misleads them.

In a nuclear enrichment program, a centrifuge is a fundamental tool needed to refine the uranium. Each centrifuge built follows the same basic mechanics, but the German manufacturer Siemens offers what many consider to be the best in the industry. Stuxnet sought out the Siemens controllers and took command of the way the centrifuge spins. But rather than simply forcing the machines to spin until they destroyed themselves—which the worm was more than capable of doing—Stuxnet made subtle, and far more devious changes to the machines.

When a uranium sample was inserted into a Stuxnet-infected centrifuge for refinement, the virus would command the machine to spin faster than it was designed for, then suddenly stop. The results were thousands of machines that wore out years ahead of schedule, and more importantly, ruined samples. But the real trick of the virus was that while it was sabotaging the machinery, it would falsify the readings and make it appear as if everything was operating within the expected parameters.

After months of this, the centrifuges began to wear down and break, but as the readings still appeared to be within the norms, the scientists associated with the project began to second guess themselves. Iranian security agents began to investigate the failures, and the staff at the nuclear facilities lived under a cloud of fear and suspicion. This went on for over a year. If the virus had managed to completely avoid detection, it eventually would have deleted itself entirely and left the Iranians wondering what they were doing wrong.

For 17 months, the virus managed to quietly work its way into the Iranian systems, slowly destroying vital samples and damaging necessary equipment. Perhaps more than the damage to the machinery and the samples was the chaos the program was thrown into.

The Iranians grudgingly admit some of the damage

Iranian President Mahmoud Ahmadinejad has claimed that Stuxnet “managed to create problems for a limited number of our centrifuges,” which is a change from Iran’s earlier assertion that the worm had infected 30,000 computers, but had not affected the nuclear facilities. Some reports suggest at the Natanz facility, which houses the Iranian enrichment programs, 5,084 out of 8,856 centrifuges in use at the Iranian nuclear facilities were taken offline, possibly due to damage, and the plant has been forced to shut down at least twice due to the effects of the virus.

Stuxnet also targeted the Russian-made steam turbine that powers the Bushehr facility, but it appears that the virus was discovered before any real damage could be done. If the virus had not been uncovered, it would eventually have run the RPMs of the turbines too high and caused irreparable damage to the entire power plant. Temperature and cooling systems have also been identified as targets, but the results of the worm on these systems isn’t clear.

The discovery of the worm

In June of this year, the Belarus-based antivirus specialists, VirusBlokAda found a previously unknown malware program on the computer of an Iranian customer. After researching it, the antivirus company discovered that it was specifically designed to target Siemens SCADA (supervisory control and data acquisition) management systems, which are devices used in large-scale manufacturing. The first clue that something was different about this worm was that once the alert had been raised, every company that tried to pass on the alert was subsequently attacked and forced to shut down for at least 24 hours. The methods and reasons for the attacks are still a mystery.

Once the virus had been discovered, companies like Symantec and Kaspersky, two of the largest antivirus companies in the world, as well as several intelligence agencies, began to research Stuxnet, and found results that quickly made it obvious that this was no ordinary malware.

By the end of September, Symantec had discovered that nearly 60-percent of all the machines infected in the world were located in Iran. Once that had been discovered, it became more and more apparent that the virus was not designed simply to cause problems, as many pieces of malware are, but it had a very specific purpose and a target. The level of sophistication was also well above anything seen before, prompting Ralph Langner, the computer security expert who first discovered the virus, to declare that it was “like the arrival of an F-35 into a World War I battlefield”.

In Case You Missed It:

Showing 22 comments

  1. ProudAmerican at 8:14pm 31st December 2010 Well, as we have show the world...if we need to we can bomb them next.
  2. rob at 5:48pm 27th December 2010 back to the 20th century for iran they will get the god o'mighty stike they pray for mosses split the red sea and benny will nuke iran they had it comming for a long time
  3. ruby at 10:16am 26th December 2010 Clearly, Stuxnet was written by people with more degrees than they've had dates!
  4. jery at 10:07pm 19th December 2010 Keep in mind that if Iran does get a nuke it will be Hiroshima sized- any loged at Isreal will be returned with thermonuclear (hydrogen bombs) or neutron bombs- i.e.- no more Iran, and plenty of room for the Palestineans....
  5. Josh at 2:40pm 13th December 2010 A interesting and well-written article. Kudos to you, Mr. Fleming.
  6. Muik at 10:57am 7th December 2010 Thanks Mannie for reminding what this article is about. As said, a well researched article on how subtle a substantial attack can nowadays look like. To those critisizing Siemens, has it occurred to you that if Siemens would not sell the centrifuges to Iran, someone else would? Or that Siemens might actually have been helpful about the design of the virus? It is for sure much easier to design one against well known systems largely available in the West. No doubt that Irans ambitions are frightening an that they should be dealt with, as they were in this case and I must add in a remarkably sophisticated way. Seriously damaging the Iranian nuclear program quietly and without starting World War 3 was in my opinion the most valid way to deal with the issue. I think blaming Siemens is the wrong conclusion to this article and misses the point. Siemens or not Siemens does not fundamentally change the equation. Smart action ,however, can. By the way, Siemens surely pays Congressmen far more than you ever will, sounds like a tough battle.
  7. Barry at 1:55pm 5th December 2010 I think we need to go viral on this. If you are a US citizen do as I did. Write your congressmen this. "Dear congressmen, I just read an article which stated that "Siemens" is responsible for helping the IRANians build their centrifuges. See "http://www.digitaltrends.com/computing/bits-before-bombs-how-stuxnet-crippled-irans-nuclear-dreams/2/" We have business with Siemens in this state as well as with other states. Why can't we use our leverage with Siemen's to get them to stop their collusion with the enemy. IRAN support all the terror groups in the middle east. How come we can't tell Siemens either they want to do business with us or the IRANians, not both. I want you to bring this up in the senate. I think your strong support of the defense establishment would be helpful in stopping Siemens. Also, I'm sure each computer OS the IRANians use is licensed from Microsoft. How can we let the IRANians continue to license Microsoft software. Should Microsoft revoke our enemies licenses. And if they are using the software illegally, shouldn't we go after them in an international court of law. They are using our technology to fight us. We have mechanisms in place to fight them. All we do is have to use them. Go after them economically. Don't let them have Window's 7. Send them back to the stone age where they belong!" I'm sure if the people speak they will be heard. While in IRAN and elsewhere they can keep being quashed by their GOVT while complaining about everyone else! Let freedom ring!
    1. BizarreSubpar at 2:33pm 5th December 2010 Good point, Barry. I did some digging and you aren't alone. The protests got so bad that Siemens did cut ties with Iran. Eventually. http://www.jpost.com/IranianThreat/News/Article.a...
  8. barry at 1:36pm 5th December 2010 Why is Siemen's allowed to deal with IRAN to build the cents? Siemens should not be allowed to trade with the USA. Such a threat would stop the IRANIANS in a day. I don't understand how the Germans let this relationship continue! As for the IRANIANS I think they are very clever. So too were the Germans of bygone days. The fate is sealed in their 12th century attitudes towards females. Their repression of their own people will be their down fall, just you wait and see.
  9. Adam at 1:52pm 3rd December 2010 I sure hope the Iranians hack the Israelis back for this stunt
    1. Carer at 8:40am 5th December 2010 And I hope that Iran is incapacitated BEFORE they get the capability to launch ANY nukes. Iran is an adolescent regime run by a paranoid psychopath (president). They will get what they deserve eventually. I mean, really, the ONLY reason the U.S. hasn't invaded or declared war on Iran is because the Iranian region holds SO many of the worlds historic artifacts in cave drawings and original locations from thousands of years ago. I say wipe THEM (Iranians) off of the face of the Earth, starting with Ahmadinejad.
      1. dic.mccrae at 10:54am 5th December 2010 Come-on theirs a lot more to it then paranoid psychopaths. Its a religious government lead by the Muslims version of the pope. Your country is drowning in propaganda just like Iran; take your head out of the bucket an have a look around.
      2. larry at 5:23am 27th December 2010 This guy is typical of the racist zionists who run Israel. He is filled with self righteous hatred toward an entire race of people, Arabs. He believes that it is righteous to advocate the mass murder of all of these people because he believes them to be inferior. He believes that God has chosen his people as superior to the Arabs and all other people. He believes that his god has given him the title to all the real estate in Jerusalem. He thinks we should give him weapons and support his genocidal racist ideas. Our government agrees. Our government is giving them over 3 BILLION dollars a year to carry out a broad campaign of assassination, sabotage and espionage against all of their neighbors. It will not last.
  10. Manny at 10:08am 3rd December 2010 I agree Ahmadinejad is a nutbag, but seriously people, are you reading the same article I am? It was a well written article regarding the advancement of viruses, specifically outlining the Stuxnet virus, how it incapacitated Iran's centrifuges, and how the virus works. There is no between the lines propaganda or support of Iran's hateful regime, which I agree, is hateful. I believe Mr. Fleming has written a really thorough, insightful article.
  11. Anne at 5:51am 3rd December 2010 The only thing that is irresponsible, hateful and inexcusable is Ahmadinejab's clear and open hostility towards Israel and its sympathizers. Even if you clarify the "map" statement, it becomes "this regime occupying Jerusalem must vanish from the page of time" - THAT is a fact. Is that a statement from someone YOU would trust with nuclear weapons?? If you, Mr. No-WMDs, wish for anyone to be blessed with kindness and wisdom, I recommend that you forward that message onto Ahmadinejab himself.
    1. larry at 5:13am 27th December 2010 This is the same tired racist propaganda over and over. Ahmadinejab did not say that Israel "must" be wiped off the map. He said it will be wiped off the map like South Africa, the British Empire, or Yugoslavia. It will be wiped out because it is a violent racist political entity. This is a state made by racist Zionist extremists who used wealth and violence to ethnically cleanse their land from others. This country has no constitution, no bill of rights. There is no democratic process in an ethnically cleansed country. It will not last. Lies repeated often are still lies.
  12. No-WMD's at 11:00pm 2nd December 2010 But for Mr. Flemin to use quotation marks in improper contexts to change what Ahmadinejad said into something so vile as to a desire "to see an entire race of people 'wiped off the map, '" is totally irresponsible, hateful, and inexcusable which plays into the hand of the warmongering Neocons in Washington and Tel Aviv. It makes one wonder whether Mr. Fleming is on AIPAC's payroll, or just an uninformed, dim-witted individual who does not allow facts to get in his way. In this holy season of giving -and caring- I pray for Mr. Fleming to be blessed with a dash of kindness and a wealth of wisdom. May peace rein over the Middle East, and the entire human race!
    1. Adam_Zed at 11:28pm 2nd December 2010 What a load of horses**t, splitting hairs while pretending that Iran's ruling regime is a noble institution nand anyone that says different must have an agenda. One search on the web brought this quote from the official Iranian website <a href="http://:http://www.president.ir/en/?ArtID=10114" target="_blank">:http://www.president.ir/en/?ArtID=10114 "You [Khomeni] said the Zionist Regime that is a usurper and illegitimate regime and a cancerous tumor should be wiped off the map." Oh wait, Ahmadinejad is just praising a guy that calls Israel a cancer. Your right, that is totally different. Do you not see why Israel and most Jews see Iran as a mortal threat? Really? It is way more than just political.
    2. NOLA at 5:38am 15th December 2010 How about praying for Mr Ahmadinejad and a change of heart? He has stated repeatedly that his idea of peace in the Mid-East is the elimination of all Jews from the planet....actually he said "wiped offf the face of the map". If I told you I wanted you and your family dead and would stop at nothing to see this thru, would you not prepare yourself or take a defensive posture? And when someone would point out that you were taking a defensive posture toward me, would they would be correct in calling you hatefull, totally irresponsable, and that any statement you made to complain about what I have threatend to do as inexcusable and that you are simply playing into the hands of the warmongering neocons in Washington and Tel Aviv? TARD! Go back to your bong while the real grown ups take care of business and keep you protected from the real boogie men of the world!
  13. Fighting-WMDs at 10:57pm 2nd December 2010 This article is a two-bit pretentious hi-tech talk combined with a healthy dose of either hateful ignorance, or contemptuous, self-serving sensationalism. The Iranian president has admittedly predicted that the occupying "Zionist regime" shall vanish from the face of the Earth. He has on numerous occasions been asked about the statement and he has compared it to the vanishing of the regime in the former Soviet Union and that in the Apartheid South Africa. Whether you agree with him or not, it is easy to see that his statements are obviously political.
    1. Pfft at 2:44pm 13th December 2010 "two-bit pretentious hi-tech talk" I actually thought it was pretty good for the layperson to read. But if you found it too tech-y, you should double check what website you are on...it's kinda what they do.
  14. rayan at 5:32pm 2nd December 2010 a lot of blabla about nothing, then keep dreaming iran build its centrifuges locally even if they are all destroyed the Iranian will rebuild them as often as necessary, well then stop your stories stuxnet is not managed, nor to destroy Busher nor Natanz has paralyzed more than a day! and iran has more centrifuges running now before stuxnet, and Iran has even continue its uranium stockpiles if all your hopes rest on stuxnet well I please you must be really desperate. try to reassure you, but Iranwill get the bomb just a matter of time.
Close Suggestion NASA discovers “alien” life in California
View Article