Cyber Computer Code that Destroys Physical Objects: Stuxnet

Stuxnet is the beyond any malware or virus computer code. Unlike most of them, this program is transferred via USB flash drives.This is not an all purpose bug that circulates across the Internet, although it can, infecting unsuspecting users who are fooled by a simple click. Stuxnet is the first successful cyberwar code that was never to have gone public. It was to remain silent, doing its damage at its target host. While the code is complicated, there are many that could duplicate it and tweak it for their own nefarious purposes.

What comes around, goes around.

It is no secret now that the US and Israel were the entities who created it. It was then tested in Israel on the same equipment that Iran has to enrich its nuclear material to weapons grade. Once it was successful, two computers were used in Europe to launch it from anonymous sources into the Internet. The code migrated across searching for an exact type of equipment configuration used to enrich uranium, the code would validate the configurations it was programmed to look for before launching its destructive code. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had a detailed understanding of exactly how the Iranians had designed their enrichment operations. The worm hit inside Iran but also in time appeared in India, Indonesia and other countries causing no harm at all, the code was simply noticed by virus and malware programs.

The code looked for the Siemen PCS-7 controller, which are used in industry to control and operate large industrial manufacturing sites. While other companies may have them, only Iran had them connected and used in a very specific way to enrich the uranium centrifuges. Stuxnet code only looked for Iranian configurations and equipment. Iran’s P-1 machines at Natanz suffered a series of failures in 2009 that culminated in taking 984 machines out of action.

Once the code found its target it did two things: it fooled the technicians watching the speed of the centrifuges spinning, making them think everything was fine with false speed readings as the centrifuges spun past their danger point and destroying the machine. The Iranians for the longest time thought it was a software and equipment malfunction.

While Stuxnet was a success, its code has been exposed to anyone who wants to find it. Talented programmers now can tweak it and fire back at the US or others, no doubt this is occurring. Cyber warfare is new and attacks can be expected on US nuclear sites, electrical infrastructure, oil refineries and just about anything.

Stuxnet opened Pandora's Box.