It’s been over three years since the discovery of the Stuxnet worm, but new revelations continue to trickle out from the cybersecurity community. Actually, this latest one is more of a torrent than a trickle: Turns out Stuxnet had an evil secret twin.
An in-depth report just published in Foreign Policy details the origins of the original Stuxnet variant, a more sophisticated and potentially more powerful worm that infected Iran’s nuclear facilities as early as 2007.
Like the worm that first entered public consciousness later, in 2010, the older Stuxnet twin targeted the centrifuges at the Natanz uranium-enrichment plant, but it did so in a much more clandestine fashion. This OG Stuxnet blocked the outflow of gas from the cascades of centrifuges, causing pressure to build up and the equipment to become damaged. It even masked the attack by looping 21 seconds of the system’s sensor values so that the engineers at the facility wouldn’t realise anything was wrong.
Until now, it was believed that the Stuxnet virus simply targeted the centrifuges by causing them to spin too fast and ultimately break. However, this new knowledge reveals a m0re sophisticated approach. Even though the earlier variant of the worm could easily cause the centrifuges to fail, it took a more clandestine approach and set them up to fail at a later date, thereby further evading detection. It’s unclear why, years later, the attackers decided to opt for the more brute force tactic. As FP‘s Ralph Langner suggests, though, “The dramatic differences between both versions point to changing priorities that most likely were accompanied by a change in stakeholders.” In other words, the attackers’ posse got bigger.
Many questions remain about Stuxnet, namely who built the dang thing. All signs — and The New York Times — point to Israel and the United States as the worm’s masterminds. Stuxnet did manage to find its way around the world, infecting even nuclear power plants in Russia, but Langner argues that the worm’s most lasting effects say more about the future of warfare than anything:
Along the road, one result became clear: Digital weapons work. And different from their analogue counterparts, they don’t put military forces in harm’s way, they produce less collateral damage, they can be deployed stealthily, and they are dirt cheap. The contents of this Pandora’s box have implications much beyond Iran; they have made analogue warfare look low-tech, brutal, and so 20th century.
Indeed, Stuxnet helped the world realise that full-fledged cyberwar is not some far off, futuristic fantasy. Authorities now stage simulated cyberattacks on a somewhat regular basis so that we can figure out exactly how to respond in the event of a destructive worm (like Stuxnet) that might target our infrastructure.
The discovery of Stuxnet’s evil twin makes one thing frighteningly true, though. These weapons are already out there, lurking in the darkness. When they do attack — when they wake up, turn on, or make themselves known — we can only hope we’re not on the business end of things. [FP]
Correction: An earlier version of this post said that the earlier Stuxnet variant was “previously unknown”. In fact, Symantec published an analysis of it last year.