Stuxnet and other things that go bump in the night
What is Stuxnet?
Stuxnet is at its root a computer virus. But it is a very sophisticated one. Most viruses are passed by email, file attachments, or USB sticks, and cause mayhem by exploiting weaknesses and flaws in modern PC operating systems. They can spread quickly, but many commonsense approaches to handling email, Internet downloads, and antivirus software can help mitigate their threat.
Normal computer viruses are indiscriminate: they attack every PC they touch. Stuxnet is different—while it spread in a similar manner as other viruses, in most systems it had no effect. Stuxnet was designed to:
1. Infiltrate a PC through the typical virus pathways. USB sticks were highly effective.
2. Confirm whether the host PC’s location was Iran.
3. Establish whether there was a certain type of programmable logic controller (PLC) connected to the PC.
4. Check if there were a specific number of those PLCs attached.
5. Confirm whether those PLCs were connected in a very specific arrangement and controlling a particular piece of equipment.
6. Reprogram the PLCs to alter their behavior, but report diagnostics that everything was fine.
This sounds pretty complex. But it is only part of the story; the number of PLCs and the configuration that Stuxnet targeted prove that the virus was clearly defined to attack a specific nuclear facility in Iran, and to slowly and permanently damage the centrifuges there to set back the Iranian uranium enrichment program. The damage was intended to be done over time to confuse operators—they would not think of a virus or even any kind of IT problem until they were deep into diagnosing the issue.
Evidence suggests that Stuxnet was successful at permanently damaging 1,000 centrifuges in the Iranian nuclear facility. There is speculation that the virus was designed by the United States, Israel, or both. Note that Stuxnet did not actually damage most systems it infected—it was a highly targeted attack. This allowed it to spread to its target before it was detected and antivirus companies were alerted to its presence.