The Name is Net, StuxNet

This is the 007 of the Malware world.

I read today (in a surprisingly good piece of jornalism for FoxNews) that researches have become more and more intrigued with Stuxnet, Mystery Surrounds Cyber Missile That Crippled Iran's Nuclear Weapons Ambitions. I have briefly discussed Stuxnet in the past and as researchers discover more intriguing things about it I find it more and more interesting.

The most interesting part to me is how it was designed to stay hidden and jump the 'air gap' into the network of computers that control the reactors. None of the computers or devices within the plant have any internet connectivity, for obvious reasons, so Stuxnet was designed to infect plant workers private computers, get onto their USB drives and then onto the plants network.

The second most interesting part is that it was designed to do just enough damage, in an undetectable way, to take parts of the nuclear production line offline in such a way that it seemed like a normal maintenance or other problem.

Finally the specificity of the attack is quite amazing, it was designed to affect frequency converters on Uranium enrichment centrifuges operating in certain plants, made by certain manufacturers with particular control systems. In other words it was targeted directly at Iran's two nuclear plants.

Little doubt remains in my mind that it was constructed by a government agency or group of governments working in collaboration. In the end we'll probably never know who actually created it, but the power of this kind of attack has now been demonstrated and to be quite honest, its disturbingly powerful.

The article is definitely worth the read and goes into a lot more depth on the virus and how it operated.