Stuxnet

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Image depicting the computer virus Stuxnet
S7-300, the industrial system the worm targets

Stuxnet is cyber weapon and computer worm. It was used to sabotage Iran’s nuclear program with what would seem like a long series of unfortunate accidents.[1] It was first released in 2006.[2] It became known only after the release of the second version.[3] In 2010, an error in the code led the virus to spread outside the test labs and infect computers around the world.[4]

Both the United States and Israel have been accused of developing and releasing Stuxnet.[5] In 2012 the US confirmed that it developed Stuxnet with Israel.[4]

Stuxnet targets PLCs. They control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Stuxnet works by targeting machines using the Microsoft Windows operating system and networks. It then looks for Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[6] Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.[3]

Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then spreads across the network, scanning for Siemens Step7 software on computers controlling a PLC. If it doesn't find a target, Stuxnet becomes dormant inside the computer.

Stuxnet is special for different reasons:

  1. It used flaws of the operating system Microsoft Windows which were not known to many people at the time.
  2. It used stolen digital signatures to install the rootkit.
  3. The authors had in-depth knowledge of the process visualization system WinCC, which is used to monitor and control technical processes, using the Simatic S7 industrial controller
  4. It uses another rootkit to infect the computers which ruin the control and monitoring software for the industrial board

Even though it targeted PLCs only very few were infected. The software is written to infect a specific set of PLC, with well-defined modules. In the case of a personal computer, it will infect any computer running the right software.

References[change | change source]

  1. Ellen Nakashima (2 June 2012). "Stuxnet was work of U.S. and Israeli experts, officials say". Washington Post.
  2. "Factbox: Cyber warfare expert's timeline for Iran attack". Reuters. 2 December 2011. Retrieved 20 October 2015.
  3. 3.0 3.1 Michael B Kelley (20 November 2013). "The Stuxnet Attack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought". Business Insider Inc. Retrieved 20 October 2015.
  4. 4.0 4.1 Mathew J. Schwartz (1 June 2012). "Stuxnet Launched By United States And Israel". Information Week Network Computing. Retrieved 20 October 2015.
  5. Ellen Nakashima; Joby Warrick (2 June 2012). "Stuxnet was work of U.S. and Israeli experts, officials say". The Washington Post. Retrieved 20 October 2015.
  6. Kushner, David. "The Real Story of Stuxnet". ieee.org. IEEE Spectrum. Retrieved 25 March 2014.