Share This:

Today’s action movies and thrillers routinely feature some hacker-type who—armed with a laptop in a chunky military-grade case—can infiltrate the most impenetrable of digital fortresses in a few furious keystrokes. But in the real-life case of Stuxnet, first detected in 2010, the use of malware in intelligence operations took years to develop.

In 2010, centrifuges used to enrich uranium at Iranian nuclear plants began failing at an unusual rate. The incidents attracted the notice of Iranian officials and nuclear inspectors, but it wasn’t until some computers in Iran began to crash and reboot over and over that anyone’s antennae went up.

The computers contained Stuxnet, a type of malware that asked a series of verification questions: Did the present network run a specific type of software control system? Did it run Siemens controls? Specifically, did it run Siemens 7? And did the software contact one of two specific types of electric motors?

If the answer to all four questions was yes, the malware knew it was in one of the Iranian centrifuges, and the centrifuge would begin to spin too quickly. If the answer to any of the questions was no, then the malware would remain on the machine in an irritating but not particularly harmful fashion. The virus was not transmitted via the internet but rather made its way into the nuclear facility on USB drives placed through good old-fashioned espionage.

Speculation on the origins of Stuxnet

Suspicion turned to the Israeli government, but in 2012, it was reported the U.S. government was the driving force behind Stuxnet. “Operation Olympic Games” sought to slow down Iran’s nuclear program with a slow rollout of damaged centrifuges. Initially developed during the George W. Bush administration, Olympic Games continued during the Obama administration.

The 2016 documentary Zero Days tells the story of Stuxnet. When a Smithsonian magazine writer contacted the White House for comment, the writer received this response: “You are probably aware that we don’t comment on classified intelligence matters.”

Photo: BeeBright / Shutterstock


Share This:

Posted by Kate Johanns

Kate Johanns is a communications professional and freelance writer with more than 13 years of experience in publishing and marketing.

6 Comments

  1. this is a good reminder, just like the case at defcon where there were usb were left in the open and people plugged them into their own computers.

    Reply

  2. Interesting article. Users sometimes forget about things like their removable drives causing issues.

    Reply

  3. Good article. A reminder to us all that malware can still be transmitted the old fashioned way, too.

    Reply

  4. Jonathan Pauley July 8, 2021 at 9:41 am

    Good reminder that traditional vulnerabilities still exist.

    Reply

  5. Hacking or social engineering seem to be key items security companies are having to combat lately.

    Reply

  6. Great post, I’ll have to watch the mentioned documentary.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *