A different kind of a worm is making headlines around the world after it hit sensitive installations in a country that doesn’t quite share cordial relationships with the United States (US) and Israel. The worm, known as Stuxnet worm, was reportedly developed by the US and Israel in the mid-2000s to attack Iran’s Natanz nuclear facility by infecting computers with the help of USB drives. The worm made it into the headlines after reports of the virus getting out of hand recently surfaced. The reports suggested that Stuxnet had escaped into the wild and earned a free pass to travel around the internet. Attacks of this nature are common occurrences in the virtual world but the story behind the above mentioned worm is quite different from what we are generally used to hearing.
Iran’s nuclear program has been a thorn at the side of important countries, including the US and Israel, who think that the autocratic nation is a threat to world peace because their weapons could be used in a wrong way. The extreme Western paranoia regarding Iran’s nuclear program is mostly based on imaginary fear rather than having a solid base. Most Western powers used their nuclear arms in illegal ways, therefore they have developed the idea that every country that is developing such weapons is up to no good. The cyber attack launched on Iran’s centrifuges in 2009 is part of new cyber wars that are taking place between world governments on a different kind of battlefield. Researchers have followed the attack and are aware of the intention behind launching the Stuxnet worm against Iran.
According to researchers working for a security firm, called Kaspersky labs, the sabotage-oriented code attacked five component vendors that are closely associated with Iran’s nuclear program, including a vendor that makes the centrifuges for Iran’s nuclear reactor. The companies were targeted because they had access to the secret uranium enrichment process taking place in the nuclear facility. Therefore, infecting the computers of workers in these vending companies would ensure that the worm was unwittingly transferred to the Natanz plant in USBs to mess around with the system according to its programming.
The worm was developed by keeping in mind that there is no internet connection in Iran’s nuclear plant and only external hard drives could transport Stuxnet to the intended target. Now, here’s the catch in this entire episode; the first attacks didn’t take place via USB drives. The Stuxnet developers were found to have compiled the first version of the worm a few hours before it actually hit the targeted companies. Researchers said that there was no evidence of anyone smuggling the infected drives into the offices of the above mentioned vendors with the intention to infect computer systems there. In fact, all evidence suggests that the malicious code had spread over the internet well before it hit the Natanz facility.
Worm with US Origins
According to researchers at Kaspersky labs, the Stuxnet worm seemed more American than anything else due to one solid reason. The National Security Agency’s (NSA) attack-a-trusted-user approach has come into the limelight after the agency was found to be using malware on a frequent basis against network administrations. The NSA used similar malware tactics and the latest attack seems more like a replication of the same spying methods that are used in the US by security agencies.
A book, titled Countdown to Zero Day, claims that the Duqu worm was found to be closely knitted with the main worm and acted as a “forward scout” that was designed to swipe security certificates so that the Stuxnet worm would appear as a legitimate code to users. That said the security experts are still oblivious to the origins of this attack, even when they know the exact route that the worm had travelled over the internet. This is the reason why the real origins of Stuxnet are still not clear.
Uncertain Past, Certain Future
The details available in connection with the Stuxnet worm would lead security experts to believe that the attack was sponsored by some world government to mess with Iran’s centrifuges so that the country won’t be able to continue with the uranium enrichment process. Instead of using traditional weapons to subdue Iran’s nuclear ambitions, a cyber attack was orchestrated to do the job by using fewer resources.
The future of such attacks seems to be bright at the moment after researchers at Symantec discovered that a Stuxnet 0.5 version have been active on the internet since November 2005. The same worm was caught on trackers as early as November 2007, which researchers believe would have badly hit the working of the Natanz nuclear facility had it hit the establishment at that time. The worm was designed to close vital pressure valves in the facility to shut down the uranium enrichment process.