Modern field guide to security and privacy

Stuxnet ushered in era of government hacking, say experts

In the new documentary "Zero Days," director Alex Gibney chronicles the rise of Stuxnet and the widespread use of cyberweapons that followed. 

Ho New/Reuters
Then-Iranian President Mahmoud Ahmadinejad (2nd L) visits the Natanz nuclear enrichment facility, 217 miles south of Tehran, April 8, 2008. Stuxnet would be discovered two years later.

When cybersecurity researchers discovered the computer worm known as Stuxnet in 2010, they reacted with a mix of excitement and anxiety.

The excitement came from the apparent sophistication that went into crafting the malicious code designed to harm Iran's nuclear program by causing centrifuges to spin rapidly out of control. But there was trepidation, too: If one government had the technical prowess to launch such a devastating cyberattack, it wouldn’t be long before others followed suit.

Symantec researchers Liam O’Murchu and Eric Chien, two of the first cybersecurity experts to analyze Stuxnet, say that time has arrived. 

“When we first started looking at Stuxnet, we had, maybe, one or two attacks we believed were nation-state related. Now, we’re looking at over 100 campaigns from all over the world,” Mr. O’Murchu told Passcode.

O'Murchu and and Mr. Chien are among the cadre of cybersecurity professionals and intelligence officials interviewed for Alex Gibney's new film "Zero Days" that explores how Stuxnet sparked a global cyberweapons arms race.

"It's opened the door to potential destructive attacks,” said Adam Segal, a senior fellow at the Council on Foreign Relations and the author of “Hacked World Order,” a book about how cyberspace has become a geopolitical battlefield. “Everybody had kind of thought before Stuxnet that attacks on industrial control systems were possible, but Stuxnet brought that into the realm of reality.”

Mr. Gibney's film follows the history of Stuxnet from its likely development during the President George W. Bush administration, to when it infected Iranian computers. The US has not officially admitted to creating the computer worm but many experts say it was the product of American and Israeli intelligence agencies. 

“What’s interesting about Stuxnet was that it was spreading all over the world,”  said Chien, who also examined Stuxnet first hand in 2010.

The Symantec researchers discovered that the worm automatically scanned infected computers for Siemens automation software, which many industrial companies around the world use to control their facilities. It would then override and take over that software, while also hunting for other vulnerable computers on the same network.

“It wasn’t just attacking Iran or Natanz. It had the capability, and it did, infect any Windows computer anywhere in the world as long as it was connected to the internet,” Chien said. 

While security researchers have not turned up any cyberweapons as advanced as Stuxnet, many say the worm's discovery compelled governments around the world to start investing heavily in their technical abilities to craft digital weapons.

For instance, Iran has ramped up its own cyberwar capabilities since 2010, according to a number of security research reports. Two years after the Stuxnet discovery, US intelligence officials blamed Iran for a computer virus that hit 30,000 computers used by Saudi Aramco, the massive oil company owned by the Saudi Arabian government. Attackers erased documents, spreadsheets, emails, and other sensitive company files and replaced them with an image of a burning American flag.

Tehran-backed hackers have emerged as among the largest threats to US cyberspace, according to Joseph Loomis, chief executive officer of Cybersponse, a threat intelligence firm. As proof, Mr. Loomis cited the 2013 breach at a dam in upstate New York. The hack did not result in any damage, but attackers appeared to access a computer that controlled the supervisory control and data acquisition system at the dam, according to a US indictment.

“This is an attack that everyone should be concerned with," said Mr. Loomis. "Attacking industrial control systems will certainly impact thousands if not millions of people, including way of life.” 

What's more, the US Department of Justice indicted seven suspected Iranian hackers for allegedly launching distributed denial of service attacks against American financial institutions. The attacks, starting in 2012, involved waves of web traffic that attempted to knock the targets offline, disrupting business and ideally (from an attacker’s standpoint) creating havoc in the marketplace.

“I think it’s fair to say that all national state hacks and capabilities have increased since the exposure of complex malware code [in Stuxnet],” Loomis said, referencing similar attacks that have been carried out by suspected Chinese, North Korean, and Russian hackers. 

But it's not just Stuxnet that invigorated a global cyberarms race, say experts. The disclosures by former National Security Agency contractor Edward Snowden also hastened the competition, too, said Mr. Segal at the Council on Foreign Relations.

“You see a range of activity right after the Stuxnet exposure, such as Russia rewriting a lot of its code for industrial control systems or India started accelerating some areas for industrial control systems," said Segal. But, he said, "a lot of the action since then seems to have been motivated in large part to the Snowden exposures in regards to espionage and mass surveillance."


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to