Skip to: Content
Skip to: Site Navigation
Skip to: Search


Stuxnet worm mystery: What's the cyber weapon after?

Stuxnet worm attack has been centered on Iran, studies show. Experts offer dueling theories as to the cyber weapon's target: Iran's Bushehr nuclear power plant or the nuclear fuel centrifuge facility at Natanz?

By Staff writer / September 24, 2010

In this 2008 file photo released by the Iranian President's Office, Iranian President Mahmoud Ahmadinejad, center, visits the Natanz Uranium Enrichment Facility some 200 miles south of Tehran. Some cyber security experts say the Natanz plant could be the target of the Stuxnet worm.

Iranian President's Office/AP/File

Enlarge

Top industrial control systems experts have now gleaned enough about the Stuxnet worm to classify it as a cyber superweapon. But the mystery of what its target is – or was – remains unsolved, though guesswork about its mission is intensifying among those who have studied Stuxnet's complicated code.

Skip to next paragraph

Educated guesses about what Stuxnet, described as the world's first cyber guided missile, is programmed to destroy include the reactor for Iran's new Bushehr nuclear power plant, as well as Iran's nuclear fuel centrifuge plant in Natanz. Both facilities are part of Tehran's nuclear program, which Iranian officials say is for peaceful purposes but that many other countries, including the United States, suspect are part of an atom-bombmaking apparatus.

The Bushehr power plant was supposed to be humming by now, but is not – a possible sign that Stuxnet impaired one of its vital systems, says one computer security expert. But another analyst who has also been assisting on the Stuxnet case says the worm's internal order makes that scenario unlikely. The nuclear fuel centrifuge plant in the Iranian town of Natanz is a better fit and a larger nuclear threat, he says.

There is no independent confirmation that Bushehr or Natanz or anyplace else has been attacked by a directed cyberweapon. But competing theories are emerging about Stuxnet's target. Here are two from a cybersecurity duo from Germany who have worked, separately, on deconstructing Stuxnet – and why they think what they do.

Ralph Langner is no Middle East policy wonk or former diplomat privy to insider information. He is a German software security engineer with a particular expertise in industrial control system software created by industrial giant Siemens for use in factories, refineries, and power plants worldwide.

This week, Mr. Langner became the first person to detail Stuxnet's peculiar attack features. He explained, for example, how Stuxnet "fingerprints" each industrial network it infiltrates to determine if it has identified the right system to destroy. Stuxnet was developed to attack just one target in the world, Langner says and other experts confirm. His best guess as to the target?

During an interview with the Monitor about Stuxnet's technical capabilities, Langner pointed at the Bushehr nuclear power plant. He cites shards of information he has gleaned from open sources, including news accounts, as well as his technical understanding of the attack software. Here are his main arguments for his case.

Permissions