Stuxnet cyberweapon set to stop operating

"It can be argued that the time was ripe for history's first cyber weapon, and having it come from China or Russia would have created another unpleasant Sputnik experience," wrote Ralph Langner, the Hamburg, Germany-based cyber security expert in a recent opinion article in the New York Times. "On the other hand it is evident that the United States is not prepared to defend against such sophisticated cyber-physical attacks that they chose to experiment with in the open, with the actual weapon eventually being downloadable from the Internet."

Mr. Langner's discovery that Stuxnet was not just another piece of criminal malware, but was actually the world's first nation state-built cyber super-weapon and apparently targeting Iran's nuclear program, was verified and first published by the Monitor on Sept. 21, 2010.

Ever since, the hunt has been on for who built and unleashed Stuxnet – and the fragments of other digital weapons that keep popping up. That hunt has yielded a drumbeat of surprises. First, has come the discovery of at least two other highly sophisticated cyber espionage systems that also appear to target Iran's nuclear program – and also show clear signs that they are directly related siblings of Stuxnet – and developed by the same source, according to forensic analysis and recent news media reports.

"Whoever was running this operation needed these programs to conduct a large number of highly targeted and clandestine operations against Iran and its allies," says John Bumgarner, a former Army intelligence officer now research director for the US Cyber Consequences Unit, a nonprofit security think tank.

As it turns out, Stuxnet was probably the last piece of the puzzle, the digital muscle deployed to take out Iran's nuclear centrifuge systems. In fact, it had two other siblings – espionage programs that gathered intelligence and prepared the cyber battlefield.

"Flame," a highly sophisticated espionage program was in essence a giant vacuum cleaner – sucking up information from wireless sources, turning on computer microphones, stealing files, Mr. Bumgarner says. Discovered just last month, Flame is believed to have been on the loose since at least late 2007 and was likely created earlier that year, according Kaspersky, the Moscow-based anti-virus company.

Meanwhile, "Duqu," another espionage program was deployed to infiltrate specific computers within key companies that had programs related to Iran's nuclear program. It was far more highly targeted than Flame and came later, according to Symantec, the big anti-virus company that did a comprehensive analyses of Stuxnet. Duqu and Stuxnet shared a common programming platform apparent in their code, linking them to the same team of programmers, Symantec found.

By the time Stuxnet was created sometime between January-June 2009, Flame was already in existence – created probably no later than summer 2008, Kaspersky reported this month. Meanwhile, Stuxnet's 2009 version used a fragment of code based on Flame, Kaspersky says. Thus, Stuxnet, Duqu, and Flame all share key components.

The trio was created, Kaspersky argues, by two independent developer teams – one for Flame, and the other for Stuxnet and Duqu, each "developing its own platform since 2007-2008 at the latest." In 2009, part of the code from the Flame platform was used in Stuxnet. That cross-linking means all three programs now are tied together.

Previous

1 | 2 | 3

Next