Skip to: Content
Skip to: Site Navigation
Skip to: Search


Stuxnet cyberweapon set to stop operating

Stuxnet infected some 130,000 computers worldwide, most of them related to Iran's nuclear fuel enrichment program. It's programmed to shut down just after midnight Sunday, but there likely are other cyber espionage systems out there.

(Page 3 of 3)



Journalistic accounts appear to have tied that group of malware together and laid them at the feet of the White House. Flame, which came to light last month after Iran spotted infiltration of its oil networks, was part of a larger cyber assault, according to anonymous "western officials," cited by the Washington Post June 19.

Skip to next paragraph

“This is about preparing the battlefield for another type of covert action,” one former high-ranking US intelligence official told the Post, adding that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

That dovetails with the findings of cyber researchers that have dissected the code of the trio of miscreant malware: Stuxnet, Flame, and Duqu.

"We have no doubt they were all developed by the same people," says Liam Ó Murchú, manager of operations for Symantec Security Response, in a phone interview. "It's clear to us that there are enough similarities, and in some cases completely copied code, to relate them all together."

There's something else that links everything together, too: major efforts to cover their tracks. After Flame was discovered, a special module was activated on computers in Iran and elsewhere – in Syria, Sudan and Libya – to delete them. Duqu's operators also systematically deleted it off computers after its discovery.

Symantec's Ó Murchú, however, notes that update features in Flame, Duqu, and Stuxnet all allow their handlers to extend their lives. It also suggests that new versions of Flame and Duqu, and perhaps even Stuxnet – that the anti-virus companies and Iran have not yet detected – are still operational, he and others say.

Internet domains that controlled Flame shut down about an hour after news of the operation broke worldwide, but at least three infected machines in Iran, Iraq, and Lebanon received malware upgrades – essentially new versions of Flame, Kaspersky researchers told Wired.com.

Indeed, the self-destruct mechanisms themselves suggest some larger geopolitical themes. With Flame and Duqu, deletions occurred after discovery.     But there would never be that option for Stuxnet, which was designed to penetrate the inner networks of Iran's Natanz nuclear centrifuge plant – far from any internet connection.

Stuxnet's mission was to destroy centrifuges, then itself. It is programmed to terminate June 24, 2012 – seven years to the day after Iranian President Mahmoud Ahmadinejad was elected president – a matter likely viewed by the Bush Administration and others around the world with trepidation given his strident views on nuclear matters.

If Stuxnet had succeeded, Iran might be out of the nuclear fuel refining game. It's not. So, is Iran rightly concerned about further cyber intrusions?

"It's just my opinion, but I think Stuxnet and other cyber espionage programs were all about trying to prevent another Mideast war," Mr. Bumgarner says. "We've seen these programs deleted, or like Stuxnet, shutting itself down. But I'm guessing that the story isn't over yet."

RECOMMENDED: From the man who discovered Stuxnet, dire warnings one year later

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!