Most people are aware of the horrors of nuclear war. However there is much less awareness of the civilisation-ending potential of cyber war.

Stuxnet is one of the most famous and sophisticated pieces of malware in cybersecurity history. Discovered in 2010, it is now believed to have been a joint effort by the United States and Israel, designed to target and sabotage Iran's nuclear enrichment facilities. It is widely regarded as the first known cyberweapon.

Before the 1900s, there were two branches of armed forces: Army and navy. In the 1900s a third type of war arose, that of the air force. Now we have a fourth, cyber war.

Unlike the other three branches which originate from the historically traditional military, war in cyberspace originates from the secret services. This means there is far more secrecy involved with cyber war—and this is true at every level, including the most familiar level of mainstream press and mainstream awareness. That is, most people have almost no idea of the extent to which cyber war has and will affect world events, the balance of world power, and the lives of us all.

Key Features of Stuxnet

1. Worm and Virus Hybrid: Stuxnet is a type of worm that spreads through USB drives and networks, but it also exhibits characteristics of a virus by modifying code on infected systems.

2. Targeted Attack: Unlike typical malware that seeks to cause broad disruption or steal information, Stuxnet was highly targeted. It was designed specifically to disrupt the operations of Siemens SCADA (Supervisory Control and Data Acquisition) systems, which were used in Iran's Natanz nuclear facility.

3. Zero-Day Vulnerabilities: Stuxnet exploited multiple zero-day vulnerabilities—flaws in software that were previously unknown and had no patches available. This allowed it to bypass security measures and remain undetected for an extended period.

4. PLC Manipulation: Stuxnet's primary function was to infect Programmable Logic Controllers (PLCs) that controlled centrifuges used for uranium enrichment. Once inside the system, it would subtly alter the speeds of the centrifuges, causing them to either spin too fast or too slow, ultimately damaging the equipment.

5. Purpose: Enrichment of uranium is generally the most difficult process needed in order to develop nuclear weapons. The purpose of Stuxnet was to curtail the development of nuclear weapons by Iran. Israel was keen for Iran's nuclear program to be stopped in its infancy. Stuxnet and the broader program it was part of, codenamed Operation Olympic Games, was viewed as justified by its creators on the grounds that it was needed to give Israel an alternative to attacking Iran's nuclear program with conventional weapons (e.g. missiles shot from jet fighters). It is widely believed that attacking Iran's nuclear facilities with conventional weapons could have escalated into a much broader war—assuming the US remains an ally of Israel, and assuming they would join Israel in a war against Iran—that would mean that the USA was at war with Iran. According to some, it was thought that launching a cyber attack could de-escalate the situation by keeping the fighting out of sight.

6. Complexity and Stealth: The malware was highly complex, with layers of obfuscation and encryption to avoid detection. It was able to hide its activities from operators by feeding them normal operating data while the malware was wreaking havoc in the background. The malware was extremely sophisticated—not only did it affect the systems directly (as was its main purpose), it was clever enough to affect the systems' instrumentation, so that plant operators and engineers monitoring the affected equipment would be told by the system that it was operating normally. For example, a centrifuge designed to operate at 1000 Hz (that is 1000 reveolutions per second, or 60,000 RPM) could be sped up to say 1500 Hz, yet the data shown to the plant personnel on their control panels would indicate a normal speed of 1000 Hz.

7. Propagation: The worm was initially introduced via infected USB flash drives, allowing it to cross air-gapped networks (networks not connected to the internet). Once inside a network, it spread by exploiting vulnerabilities and sought ut specific software and hardware configurations.

8. Significance: Stuxnet is often considered the first true cyber weapon. Its discovery marked a new era in cyber warfare, demonstrating how digital tools could be used to achieve geopolitical goals. It also highlighted the vulnerabilities in industrial control systems, leading to increased awareness and security measures in critical infrastructure sectors.

Impact and Legacy

Stuxnet set a precedent for how nation-states could use cyber tools for espionage and sabotage. It also sparked debates about the ethics and legality of cyber warfare. The malware's code has since been studied extensively, influencing the development of both offensive and defensive cybersecurity techniques.

Stuxnet has inspired similar cyber weapons and attacks. These subsequent attacks share certain characteristics with Stuxnet, such as targeting critical infrastructure and using sophisticated methods to achieve their goals. Some of the notable examples include:

1. Duqu (2011)

• Purpose: Duqu is often considered a "cousin" of Stuxnet. It shares parts of its codebase with Stuxnet but had a different mission. While Stuxnet was designed for sabotage, Duqu was focused on espionage.
• Functionality: Duqu was used to gather intelligence, particularly on industrial control systems, possibly to facilitate future attacks. It targeted similar systems to those attacked by Stuxnet but was more focused on stealing information rather than causing damage.

2. Flame (2012)

• Purpose: Flame was another highly sophisticated piece of malware believed to have been developed by a nation-state, possibly the same actors behind Stuxnet.
• Functionality: Flame was an espionage tool designed to collect data from infected systems, including keystrokes, screenshots, and even audio recordings. It had advanced capabilities to evade detection and spread across networks.
• Target: Like Stuxnet and Duqu, Flame targeted systems in the Middle East, particularly in Iran, but was focused more on data theft than physical sabotage.

3. Gauss (2012)

• Purpose: Gauss was another piece of malware with similarities to Stuxnet and Duqu, likely created by the same group. It was designed to collect financial information, login credentials, and other data from infected systems.
• Functionality: Gauss was more focused on espionage, particularly targeting banking systems in the Middle East. It had a modular design, allowing it to be customized for different purposes.
• Target: Its primary targets were financial institutions, but it also had the potential to be used against other types of critical infrastructure.

4. Ukraine’s Power Grid Attack (2015)

• The Ukraine’s power grid attack in 2015 was the first cyberattack on a power grid.
• As a result of the attack, around half of the homes in the Ivano-Frankivsk region of the Ukraine were without power for a few hours.

4. Industroyer/CrashOverride (2016)

• Purpose: Industroyer, also known as CrashOverride, is a piece of malware designed to disrupt industrial control systems, specifically targeting electrical grids.
• Functionality: It is capable of directly interacting with industrial protocols used in electrical substations, potentially allowing it to cause large-scale blackouts.
• Impact: Industroyer was used in an attack on Ukraine’s power grid in 2016, causing a temporary blackout. This was the first publicly acknowledged instance of malware being used to specifically target and disrupt an electrical grid.

5. Triton/Trisis (2017)

• Purpose: Triton, also known as Trisis, was designed to target safety instrumented systems (SIS) in industrial plants. These systems are critical for ensuring the safety of operations by shutting down processes when dangerous conditions are detected.
• Functionality: Triton could disable these safety systems, potentially leading to catastrophic failures in the affected industrial plants.
• Impact: Triton was discovered after it was used in an attack on a petrochemical plant in Saudi Arabia. While the attack was detected before any damage occurred, it highlighted the potential for malware to cause physical harm through cyber means.

Legacy and Implications

The emergence of these "Stuxnet-inspired" cyber weapons has led to heightened concerns about the security of critical infrastructure worldwide. They demonstrate how cyber warfare has evolved to include not just data theft and espionage, but also the potential to cause physical destruction on a large scale. As a result, governments and industries have invested heavily in cybersecurity measures to protect against these kinds of threats.

These examples show that while there isn't a direct "new version" of Stuxnet, the principles and methods it introduced have been adopted and refined in other cyber weapons over the past decade.

Cover image by Maddas at Shutterstock

Share This Page

If you liked this page, please share it with others! You can use the links to share on Facebook, Twitter, LinkedIn, Pinterest, and Email. Ther is also an RSS feed to get updates for the website.