The Inside Story Of How Stuxnet Was Discovered

The Inside Story Of How Stuxnet Was Discovered

Countdown to Zero Day, a new book by Wired journalist Kim Zetter, is a whodunnit for the internet age. It tells the true tale of how a complicated virus, which later came to be known as Stuxnet, made its way into the world.

Stuxnet was a virus unlike any other — but discovering what it was, even just four years ago, took a huge amount of international detective work. Zetter has covered hackers and computer security since the pre-Y2K days, and she was one of the first reporters on the Stuxnet beat. Her book, out this Thursday, unravels that story, drawing on years of reporting experience in that field. I haven’t read the book yet, but from the reviews I’ve seen, it tells an otherwise dense and complicated story like a gripping detective tale.

Courtesy of Crown Publishing, Gizmodo has an exclusive excerpt of Countdown to Zero Day below.


It was January 2010 when officials with the International Atomic Energy Agency (IAEA), the United Nations body charged with monitoring Iran’s nuclear program, first began to notice something unusual happening at the uranium enrichment plant outside Natanz in central Iran.Inside the facility’s large centrifuge hall, buried like a bunker more than fifty feet beneath the desert surface, thousands of gleaming aluminium centrifuges were spinning at supersonic speed, enriching uranium hexafluoride gas as they had been for nearly two years. But over the last weeks, workers at the plant had been removing batches of centrifuges and replacing them with new ones. And they were doing so at a startling rate. At Natanz each centrifuge, known as an IR-1, has a life expectancy of about ten years. But the devices are fragile and prone to break easily. Even under normal conditions, Iran has to replace up to 10 per cent of the centrifuges each year due to material defects, maintenance issues, and worker accidents.

In November 2009, Iran had about 8,700 centrifuges installed at Natanz, so it would have been perfectly normal to see technicians decommission about 800 of them over the course of the year as the devices failed for one reason or another. But as IAEA officials added up the centrifuges removed over several weeks in December 2009 and early January, they realised that Iran was plowing through them at an unusual rate.

Inspectors with the IAEA’s Department of Safeguards visited Natanz an average of twice a month — sometimes by appointment, sometimes unannounced — to track Iran’s enrichment activity and progress. Anytime workers at the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up in a control area just inside the door of the centrifuge rooms until IAEA inspectors arrived at their next visit to examine them. The inspectors would run a handheld gamma spectrometer around each centrifuge to ensure that no nuclear material was being smuggled out in them, then approve the centrifuges for removal, making note in reports sent back to IAEA headquarters in Vienna of the number that were decommissioned each time.

IAEA digital surveillance cameras, installed outside the door of each centrifuge room to monitor Iran’s enrichment activity, captured the technicians scurrying about in their white lab coats, blue plastic booties on their feet, as they trotted out the shiny cylinders one by one, each about six feet long and about half a foot in diameter. The workers, by agreement with the IAEA, had to cradle the delicate devices in their arms, wrapped in plastic sleeves or in open boxes, so the cameras could register each item as it was removed from the room.

The surveillance cameras, which weren’t allowed inside the centrifuge rooms, stored the images for later perusal. Each time inspectors visited Natanz, they examined the recorded images to ensure that Iran hadn’t removed additional centrifuges or done anything else prohibited during their absence. But as weeks passed and the inspectors sent their reports back to Vienna, officials there realised that the number of centrifuges being removed far exceeded what was normal.

Officially, the IAEA won’t say how many centrifuges Iran replaced during this period. But news reports quoting European “diplomats” put the number at 900 to 1,000. A former top IAEA official, however, thinks the actual number was much higher. “My educated guess is that 2,000 were damaged,” says Olli Heinonen, who was deputy director of the Safeguards Division until he resigned in October 2010.

Whatever the number, it was clear that something was wrong with the devices. Unfortunately, Iran wasn’t required to tell inspectors why they had replaced them, and, officially, the IAEA inspectors had no right to ask. The agency’s mandate was to monitor what happened to uranium at the enrichment plant, not keep track of failed equipment.

What the inspectors didn’t know was that the answer to their question was right beneath their noses, buried in the bits and memory of the computers in Natanz’s industrial control room. Months earlier, in June 2009, someone had quietly unleashed a destructive digital warhead on computers in Iran, where it had silently slithered its way into critical systems at Natanz, all with a single goal in mind — to sabotage Iran’s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear bomb.

The answer was there at Natanz, but it would be nearly a year before the inspectors would obtain it, and even then it would come only after more than a dozen computer security experts around the world spent months deconstructing what would ultimately become known as one of the most sophisticated viruses ever discovered — a piece of software so unique it would make history as the world’s first digital weapon and the first shot across the bow announcing the age of digital warfare.


Countdown to Zero Day will be published this Thursday, November 11. You can pre-order it from Amazon now.

Reprinted with permission from Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House.


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.