ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Stuxnet. A major military strike using a virus through cyberspace.

Updated on December 2, 2012

Stuxnet

I've been following news surrounding the very interesting Stuxnet virus for months. In short, this is a virus that targeted a specific piece of equipment and had a singular goal. I'll explain in more detail later. Stuxnet is quite exceptional.

In the late 1980's and early 1990's 'hacking' a computer was practiced by intelligent, obsessed, possibly sociopathic individuals (although not dangerous). The best and most entertaining accounts I've read surrounding this era are:

This kind of 'hacking' was not motivated by greed or politics. It was simply to gain bragging rights and a sense of personal achievement. 

Today, we suffer at the hands of organised crime who trade not directly in drugs, but in ill-gotten information -- like your credit card details, and other personally identifiable information that can lead to an identity theft.

We have seen politically motivated organised attempts to damage specific companies. For example The SCO group were knocked off internet for days in December 2003 by activists.

But Stuxnet is different. 

What is a zero day attack?

A zero day attack is a method of breaking into a computer that has not yet been analysed by the security community. A piece of malware can be identified by a pattern and when this pattern is found the anti-malware companies put the signature into their databases for fast and positive identification. Since a zero day attack has not been analysed, it will not have a signature and therefore is more likely to get past security defenses. 

Why is Stuxnet different?

Stuxnet is very different because it targeted not only a single organisation, but also a single type of equipment inside that organisation. It did so to be specifically destructive and yet remain hidden and be very difficult to detect and remove.

Reportedly, it used four zero-day attacks. These are exploits that target previously unknown and unpatched vulnerabilities. From analysis of the malware, it's clear that the organisation behind it would have required huge funding and taken years to develop. This was not the work of an individual activist.


PLC infection

What is a PLC?

A PLC is a Programmable Logic Controller. This is a computer that runs in "real time". Typical computers do not run in real time because the CPU is shared amongst multiple tasks in a non-deterministic manner. A real time operating system allows the programmer to predict and control how long a task will take. This is important for industrial control where timing is crucial. A typical time sharing computer might do the job most of the time but occasionally take too long to do an important task. A real time PLC is purpose built to control multiple outputs from multiple inputs with perfect deterministic control.

The Stuxnet worm specifically targets Microsoft Windows. It's different to past attacks because it spied on a specific industrial system, reported back to base, and modified the behavior of the target.

It was discovered in July 2010 but was in operation long before that and is so sophisticated it's clear there was a significant development cycle. By the end of November, Iran admitted that its nuclear program for uranium enrichment was compromised.

In the year 2001, I wrote about a developing theory surrounding fear-based decisions and reaction as related to the security industry. One of the topics addressed at that time was the possibility of cyberwarfare. My conclusions ten years ago were that these types of attacks were possible but would be unlikely to be used by an aggressor unless a very specific outcome was guaranteed. Terrorists, for example like to control their damage rather than take pot-luck as would be typical for a non-specific virus attack on utilities.

It seems stuxnet was the first specifically targeted example of cyberwarfare.

Centrifuges and uranium enrichment

Uranium ore when mined and extracted is about 99 percent U-235 and the rest U-238.

U-235 is used for weapons and power generation but must be pure. The process called 'enrichment' takes advantage of the different masses of U-238 and U-235.

First, a powerful acid is used to make uranium hexafluoride (a gas) and that is then spun at very high speed in a centrifuge. The different masses of U-235 and U238 cause these elements to physically separate. The U-235 is a higher concentration at the center of the centrifuge and is extracted into another centrifuge. This cascade is repeated thousands of times to obtain the desired purity.

Stuxnet targeted specific PLCs used to control Iran's nuclear enrichment centrifuges. Once control of the PLC was obtained, the worm activated code to drastically change the centrifuge speed which not only ruined the enrichment process, it ruined the bearings by cracking the rotor. If this sounds improbable, then consider the need for magnetic bearings to sustain a spin of 100,000 rpm. Even a slight imbalance would have serious effects. The high speed demands the use of light rotors, and these would be relatively delicate. If the speed was changed often and drastically, a slight weakness would crack and worsen to the point of unbalance and that would ruin the bearings.

Obviously there is a tactical advantage to remain undetected which is why stuxnet could also hide evidence of the changes it made. As a result, the cyber weapon that is stuxnet was able to 'discover' previously unknown enrichment facilities.


Who detected stuxnet?

Stuxnet was discovered in July 2010 by VirusBlokAda, a security firm based in Belarus.

Since then several security firms have been commenting and working on the code. Symantec and Kaspersky Labs in particular are actively analyzing the worm.

Wide speculation is that the 15,000 lines of code took years to develop and was outside the scope of an individual. It's presently thought that Israel and America were two nations involved with its development. As time goes on, If more information comes to light, then I'll update this article.

[ On 1 June 2012, SC Magazine reported that America and Israel were behind the Stuxnet virus. ]

Arms race

What does this mean for the future? As with any game-changing technology, this means a different security mindset is needed. Stuxnet shines a powerful spotlight onto a whole new array of international cyber attacks. 

Iran has a big task ahead to eradicate the worm. There are new versions coming out, and new attack vectors. The cost of the cleanup will be massive, and time to recovery is likely to be more than two years. If seen as a 'military strike', this was a very successful campaign.

This is day one of a new arms race.

Expect to see a lot of related activity in the technology space. Iran has not had good security but this will change. The world in general has not been subject to cyberwarfare, but this too has changed forever. "Hacking" is now officially a government career.

Comments

    0 of 8192 characters used
    Post Comment

    • Manna in the wild profile imageAUTHOR

      Manna in the wild 

      6 years ago from Australia

      You are welcome everymon. I appreciate that you note how it's not dumbed-down. That's one of my writing goals.

    • everymom profile image

      Anahi Pari-di-Monriva 

      6 years ago from Massachusetts

      Thanks for this concise and simple (but not "dumbed-down") explanation of Stuxnet, how it and its ilk work, and the implications.

    • Manna in the wild profile imageAUTHOR

      Manna in the wild 

      7 years ago from Australia

      It's one of the more difficult infections to remove Austinstar. It will take Iran a long time to eradicate it from their systems, and be difficult to stop reinfection.

    • Austinstar profile image

      Lela 

      7 years ago from Somewhere near the center of Texas

      Is there a way of preventing or removing this worm? Sounds very complicated to me.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)