What is Stuxnet? The first cyberweapon known
Initially, the cyberweapon was created with the intent of an air-gapped facility. Unanticipatedly spread to external computer systems, it raised several concerns about its intent and design.
When trying to understand what is Stuxnet, some define it as a component of a sophisticated sabotage campaign carried out by nation-states against their enemies.
Keep reading to find out
Who was Stuxnet’s creator?
Both Israeli and American espionage services resulted in the creation of Stuxnet. Around 2010, the cyberweapon was first discovered. However, its birth is believed to have started in 2005. Stuxnet was planned by the Israeli and American governments.
Initially, the program to develop the worm was called “Operation Olympic Games”. This program was introduced by President George W. Bush and continued by President Obama.
Despite Stuxnet has never been formally acknowledged by any government, one film made in 2011 to honor commander of the Israeli Defense Forces, Gabi Ashkenazi, mentioned Stuxnet as one of his accomplishments.
At the time there’s no confirmation as to who were the engineers behind the creation of the worm, experts assure there had to be several talented and smart engineers behind it.
According to Roel Schouwenberg of Kaspersky Lab, the worm’s final development took a group of ten programmers two to three years to complete.
Although their objectives are very different from those of Stuxnet, several additional worms with similar approaches than Stuxnet, including those known as Duqu and Flame, have been discovered in the wild.
For experts they are a product of the same firm behind Stuxnet, which at the time, continues to be in operation.
What action took Stuxnet?
Iran’s nuclear program included the use of centrifuges to enrich uranium, and Stuxnet was created to shut down those centrifuges.
The isotope U-238 makes up the majority of uranium in nature. The thing is U-235, which is somewhat lighter, is required in the creation of fissile material (commonly used in nuclear power plants and weapons).
Through centrifugal force, the various isotopes within Uranium are separated by weight.
These centrifuges tend to suffer damage during its use, as they’re actually quite fragile and are exposed to very routinary sessions.
When a computer gets infected by Stuxnet, the worm immediately checks to determine if it is connected to particular Siemens PLC (programmable logic controller) models.
PLCs allow computers to communicate industrial equipment (while also having the ability to manage it), such as uranium centrifuges. If the virus is unable to find any PLCs, then the worm does nothing.
In the opposite case, Stuxnet modifies the PLCs’ programming, so that the centrifuges spin erratically (resulting in damage or total destruction). At the same time, the PLCs falsely inform the controller computer that everything is functioning normally, which makes it extremely hard to find the root of the problem before it’s too late.
How did Stuxnet function?
When wondering what is Stuxnet exactly, one must keep in mind it targets the Windows operating system, the Siemens PLC control software that runs on Windows, and the embedded software on the PLCs themselves.
The Natanz plant, where uranium enrichment took place, was commended for having an air-gapped configuration that kept its systems separate from the internet. In essence, this design made it possible for Stuxnet to spread quickly and randomly over an internal network via detachable media like USB sticks.
Rootkit capabilities were present in Stuxnet in both kernel and user modes. In order to install a kernel-mode rootkit, it made use of digitally signed device drivers that were acquired from two reliable Taiwanese device manufacturers.
Stuxnet took over the PLCs (programmable logic controllers), changed the rotational speeds of the centrifuges while they were running, causing immediate damage and leaving them useless.
What is Stuxnet: the language behind it
Security analysts have gained important insights about Stuxnet’s origins despite not having direct access to its source code. They discovered that a variety of programming languages, including C and C++ and possibly other object-oriented languages, were used to create this malware. Its uncommon multilingual approach in the context of malware emphasizes the high level of expertise put into its development.
Regarding Stuxnet’s effectiveness, it is safe to say that it succeeded in impeding Iran’s nuclear program, which was its main goal. One analyst claims that it was successful in putting off Iran’s nuclear development by at least two years.
The International Atomic Energy Agency (IAEA) inspectors who were granted entry to the Natanz site were among the first visitors to see the effects of this worm in action. Alarm bells began to ring as they noticed more and more damaged centrifuges being removed from the plant. The IAEA has a duty to watch out that these damaged centrifuges weren’t used for illicit uranium enrichment.
Because Stuxnet unintentionally propagated outside of the Natanz site, this led to its discovery. Given that Natanz is air-gapped, it is still unknown how Stuxnet managed to escape.
Given that Natanz is air-gapped, it is still unknown how Stuxnet managed to escape. Some speculate that it might have been caused by Israeli code changes, while others propose faulty Iranian security procedures. Nevertheless, because of its smart and aggressive character, it started spreading to other devices.
A call to tech support turned out to be the unanticipated channel through which Stuxnet’s existence was made public. An Iranian office that had nothing to do with the nuclear program was beset by strange system behavior including reboots and blue screens of death.
An on-site security expert who was unable to identify the problem got in touch with his buddy Sergey Ulasen, a Belarusian who works for the antivirus firm VirusBlokAda.
Ulasen and his colleagues put in a lot of effort to isolate the virus, and when they finally discovered how many zero-day vulnerabilities it was using, they immediately informed the larger security community.
In the field of cybersecurity, Stuxnet demonstrated an unmatched level of complexity. It’s crucial to remember that the original source code, which is thought to have been created by Israeli and American intelligence services, has never been made available to the public or leaked.
Therefore, it is best to take any claims that it is available for download with a grain of salt. However, significant understanding of its operation was achieved through the analysis of the operative binary and efforts at reverse engineering. For instance, it was discovered that Stuxnet targeted particular Siemens hardware.
This finding represented a significant advance because it was consistent with the recommendations made by the International Atomic Energy Agency on the inspection of uranium enrichment facilities. It was both fascinating and alarming to see how closely the code matched the configuration of these facilities.
The IAEA’s observation of damaged Iranian centrifuges prompted researchers to examine the significance of this information after Symantec made it public in September 2010.
Stuxnet is still in use, but its threat to cybersecurity has decreased. The Natanz plant was always its main target, and it gained notoriety solely because of its extraordinary skills and clandestine origins.
A Stuxnet infection might cause reboots and blue screens of death, similar to what the Iranian office experienced, for individuals unaffected by its intended use.
Beyond these annoyances, though, serious effects are unlikely.
However, Stuxnet’s legacy lives on in the form of its offspring. Some malware families appear to have incorporated Stuxnet’s features in some way. These children, whether they come from the same intelligence agencies or unaffiliated hackers that figured out Stuxnet’s capabilities, nonetheless use it as a starting point.
Beyond its technical significance, Stuxnet significantly changed the field of cyberwarfare by proving that computer code was now a legal weapon in international conflicts, a notion that had previously only been the domain of cyberpunk science fiction.
Subsequent cyberattacks, particularly during wars like the one between Russia and Ukraine, have heightened this shift in attitude.
Keep reading: Magna cum Laude vs. Summa cum Laude
