Stuxnet takes malware to the next level


Today’s action movies and thrillers routinely feature some hacker-type who—armed with a laptop in a chunky military-grade case—can infiltrate the most impenetrable of digital fortresses in a few furious keystrokes. But in the real-life case of Stuxnet, first detected in 2010, the use of malware in intelligence operations took years to develop.

In 2010, centrifuges used to enrich uranium at Iranian nuclear plants began failing at an unusual rate. The incidents attracted the notice of Iranian officials and nuclear inspectors, but it wasn’t until some computers in Iran began to crash and reboot over and over that anyone’s antennae went up.

The computers contained Stuxnet, a type of malware that asked a series of verification questions: Did the present network run a specific type of software control system? Did it run Siemens controls? Specifically, did it run Siemens 7? And did the software contact one of two specific types of electric motors?

If the answer to all four questions was yes, the malware knew it was in one of the Iranian centrifuges, and the centrifuge would begin to spin too quickly. If the answer to any of the questions was no, then the malware would remain on the machine in an irritating but not particularly harmful fashion. The virus was not transmitted via the internet but rather made its way into the nuclear facility on USB drives placed through good old-fashioned espionage.

Speculation on the origins of Stuxnet

Suspicion turned to the Israeli government, but in 2012, it was reported the U.S. government was the driving force behind Stuxnet. “Operation Olympic Games” sought to slow down Iran’s nuclear program with a slow rollout of damaged centrifuges. Initially developed during the George W. Bush administration, Olympic Games continued during the Obama administration.

The 2016 documentary Zero Days tells the story of Stuxnet. When a Smithsonian magazine writer contacted the White House for comment, the writer received this response: “You are probably aware that we don’t comment on classified intelligence matters.”

Photo: BeeBright / Shutterstock