Stuxnet (2010)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date First reported on 17 June 2010
Suspected actor Unknown. There are speculations around the involvement of both the US and Israel.[1] However, there is no concrete evidence about the original developers of the worm. Due to its extremely elaborated architecture, it is likely that the worm has been designed by a highly organized and well-funded group of hackers.[2]
Target Natanz Fuel Enrichment Plant and Bushehr nuclear power plant in Iran.[3] The worm infected both plants damaging a number of centrifuges installed in the Natanz nuclear facilities.[4]
Method According to a possible attacking scenario published by Symantec,[5] the worm, specifically designed to target industrial control systems, has been introduced by a willing or unwilling third party within the Natanz’ windows machine network through a USB flash drive.[6] In order to affect the system and gain privileges, the malicious code exploited 4 zero-days (unpatched) vulnerabilities of the Microsoft operating system.[7] Consequently, the malicious software was designed to search for specific program logic controls (PLCs) made by Siemens, used to give instructions to industrial machines. When it found that the computer was connected to the Siemens Step7 factory system software (SCADA), the worm reprogramed the PLCs which control centrifuges used to enrich the uranium in order to force them spinning too fast or too slow, eventually breaking them apart. If not, the worm remained still within the PLC and hid itself in the system. Even after having altered the instructions of the centrifuges, the worm was able to send back positive feedbacks to the controlling machine, thus covering its malicious intent.[8]
Purpose Despite the lack of an official statement from States, media highlighted that the aim of Stuxnet was sabotaging nuclear infrastructures in Iran, probably to hinder the Iranian`s uranium enrichment programme.[9]
Result By altering the regulation of the rotors speed, Stuxnet has been able to cause the failure of a number of centrifuges. A report shows that between the end of 2009 and early 2010, about 1,000 centrifuges at a Fuel Enrichment Plant facility in Natanz, Iran, had to be replaced, implying that those centrifuges were broken.[10]
Aftermath Stuxnet has been seen as the first ever cyber-attack which caused destructive effects. It opened a precedent demonstrating that cyber-weapons can be efficiently targeted against critical infrastructures not only to disable them but also causing destruction.[11]
Analysed in Scenario 03: Power grid
Scenario 10: Cyber weapons

Collected by: Samuele De Tomas Colatin

  1. N Anderson, “Confirmed: US and Israel created Stuxnet, lost control of it”, (1 June 2012), ArsTechnica.
  2. N Hopkins, “Stuxnet attack forced Britain to rethink the cyber war”, (30 May 2011), The Guardian.
  3. G Kessler, “New research confirms Iran's nuclear program was target of Stuxnet worm”, (15 November 2010), The Washington Post.
  4. P Hafezi, “Iran admits cyber attack on nuclear plants”, (29 November 2010), Reuters.
  5. N Falliere, L O. Murchu, E Chien, “W32.Stuxnet Dossier Version 1.4”, (February 2011), Symantec.
  6. A Shubert, “Cyber warfare: A different way to attack Iran's reactors”, (8 November 2011), CNN.
  7. L O. Murchu, “Stuxnet Using Three Additional Zero-Day Vulnerabilities”, (14 September 2010), Symantec Official Blog.
  8. M B. Kelley, “The Stuxnet Attack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought”, (20 November 2013), Business Insider.
  9. P Hafezi, “Iran admits cyber attack on nuclear plants”, (29 November 2010), Reuters.
  10. D Albright, P Brannan, C Walrond, “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?”, (22 December 2010), report from the Institute for Science and International Security..
  11. C Walsh, “US Prepares for Cyber Threats in the Wake of Suspected “Stuxnet” Attack in Iran”, (7 October 2010), Harvard Law School National Security Journal.