These days, USB drive security risks are clear — and cloud storage now serves as an alternative to portable storage. But 16 years ago, the humble USB drive was the carrier for what many still consider the most sophisticated malware ever written: Stuxnet. Let’s dive into this edition of Tech Time Warp.
Long acknowledged to be the work of the U.S. and Israeli governments, Stuxnet took aim squarely at the Iranian nuclear program. Its design was ingenious, down to its use of the pedestrian storage device for transport.
The malware that rewrote cyberwarfare
The systems inside the Natanz uranium enrichment plant were air-gapped, or not connected to the internet. But the plant’s centrifuges — devices that spin uranium at high enough speed to separate it into different isotopes, a necessary step in creating nuclear power or weapons — were connected to programmable logic controllers, or PLCs, manufactured by Siemens. These PLCs ran on software with zero-day vulnerabilities that could be exploited. Stuxnet-infected USB drives were given to contractors who unknowingly took them into Natanz and infected air-gapped computers. In January 2010, international inspectors began noticing that the centrifuges at Natanz were failing at an abnormally high rate. Notably, while modified code in the PLCs was causing the malfunctions, the PLCs weren’t detecting anything amiss.
The Stuxnet cyberattack might have continued were it not for another breach of protocol: The virus got out. Maybe the Israelis changed the code, or perhaps someone took an infected machine from the air-gapped environment home and connected it to the internet. Either way, one night, workers in an unrelated Iranian office began experiencing repeated reboots and blue screens of death. The on-site IT worker called a friend from Belarus, who happened to be an antivirus expert. Looking at the code, the expert soon figured out this was no normal virus. By the end of 2010, an estimated 100,000 machines had been infected, 60 percent of them in Iran.
In July 2025, the House Committee on Homeland Security held a hearing on Stuxnet, examining the threat of cyberattacks on critical infrastructure. While the world’s first digital weapon didn’t advance beyond Iran in direct impact, its legacy and lessons live on today.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: Toey Andante / Shutterstock
