What is the Stuxnet virus, All you need to know about the Stuxnet virus?
Stuxnet is a highly advanced computer worm that exploits many previously unknown Windows operating system vulnerabilities to infect computers and spread. It was not only intended to infect PCs but to cause physical effects in the real world. It specifically targets centrifuges used to produce enriched uranium, which is used in nuclear weapons and reactors.
Stuxnet was first recognized by the infosec community in 2010, but its development likely began in 2005. Despite its unparalleled reach and widespread infection rate, Stuxnet does little or no harm. Cause no harm whatsoever. to computers not involved in uranium enrichment. At the point when it contaminates a PC, it verifies whether that PC is associated with explicit models of Programmable Logic Controllers (PLCs) produced by Siemens, which are how computers interact with and control industrial machines such as uranium centrifuges. The worm then changes the programming of the PLCs, causing the centrifuge to spin too fast and for too long, damaging or destroying sensitive equipment in the process. While this is happening, the PLCs tell the console computer that everything is working fine, making it difficult to detect or diagnose the error until it is too late.
Who Created Stuxnet?
Who Created Stuxnet?
It is now widely accepted that Stuxnet was created by intelligence agencies in the United States and Israel. The classified program for the development of the worm was given the code name " Operation Olympic Games "; It began under President George W. Bush and continued under President Obama. While neither government has officially recognized the development of Stuxnet, a 2011 video created to celebrate the retirement of IDF chief Gabi Ashkenazi listed Stuxnet as one of the successes under his watch.
While the individual engineers behind Stuxnet have not been identified, we do know that they were very skilled, and there were a lot of them. Roel Schoenberg of Kaspersky Lab estimated that it took a team of ten programmers two to three years to create the worm in its final form.
Several other worms with infective abilities similar to Stuxnet, including those called Duqu and Flame, have been identified in the wild, although their purposes are quite different from Stuxnet. Their similarity to Stuxnet has led experts to believe that they are products from the same development store, which is apparently still active.
What is the purpose of Stuxnet?
What is the purpose of Stuxnet?
The US and Israeli governments intended to use Stuxnet as a tool to impede, or at least delay, the Iranian program to develop nuclear weapons. The Bush and Obama administrations believed that if Iran was on the verge of developing atomic weapons, Israel would launch airstrikes against Iran's nuclear facilities in a move that could have triggered a regional war. The Olympics process was seen as a nonviolent alternative. Although it was not clear that such a cyberattack on physical infrastructure as possible, there was a dramatic meeting in the White House Situation Room late in the Bush presidency in which parts of a destroyed test centrifuge were deployed to a conference table. At that point, the United States allowed unleashing the malware.
Stuxnet was never intended to spread outside the Iranian nuclear facility at Natanz. The facility was air clogged and offline. This meant that it had to be infected via USB devices carried indoors by unwilling intelligence agents or boobies, but it also meant that the infection was easy to contain. However, the malware ended up on computers connected to the Internet and started to spread in the wild due to its highly complex and aggressive nature, even though it did little damage to the external computers it infected. Many in the United States believed the deployment was the result of code modifications made by the Israelis, And then-Vice President Biden was said to be particularly upset about this.
Stuxnet source code
Stuxnet source code
Liam O'Murchu, director of the Security Technology and Response group at Symantec and was a member of the team there that first discovered Stuxnet, says Stuxnet was "by far the most complex piece of code we've looked at — in a completely different league than anything we've seen." before ". And while you can find plenty of websites that claim to have Stuxnet code available for download, O'Murchu says you shouldn't believe it: Confirm to CSOThat the original source code of the worm, as written by programmers working in American and Israeli intelligence, has not been released or leaked and cannot be extracted from unassembled binaries in the wild. (The code for a single driver, which is a very small part of the overall package, has been rebuilt by reverse engineering, but this is not the same as having the original code.)
However, make it clear that a lot about the code can be understood by examining and reverse-engineering the binary in action. For example, he says, "It was very clear from the first time we analyzed this app that it was looking for some Siemens gear ." In the end, after three to six months of reverse engineering, "we were able to identify 99% of everything that was going on in the code," O'Murchu said.
looking for eight or ten matrices of 168 frequency converters each," says O'Murchu. “You can peruse the IAEA records online on the best way to investigate the uranium enhancement office, and in those reports, it says precisely what you will find in the uranium facility - how many frequency converters are there, how many centrifuges are there. They will be arranged in eight matrices and there will be 168 A centrifuges in each group. That is by and large the thing we were finding in the code."
" It was very exciting that we made this breakthrough," he added. "But then we realized what we had put ourselves into - possibly an international spying operation - and that was very scary." Symantec released this information in September 2010; Analysts in the West have known since the end of 2009 that the Iranians have been having problems with their centrifuges, but only know why.
Stuxnet Documentary
Stuxnet Documentary
Directed by Alex Gibney, the Academy Award-nominated documentary filmmaker behind films like Enron: The Smartest Guys In The Room and Going Clear, Zero Days explains the history of the Stuxnet disclosure and its effect on relations among Iran and the West. Zero Days includes interviews with O'Murchu and some of his colleagues and is available in full on YouTube.
One dramatic sequence illustrates how the Symantec team was able to drive home Stuxnet's ability to wreak havoc in the real world: they programmed a Siemens PLC system to inflate a balloon, then infected a Stuxnet -controlled PC. The results were dramatic: despite only being programmed to inflate the balloon for five seconds, the controller continued to pump air until it had exploded.
The destruction of Iran's uranium centrifuges, which followed the same logic - spun very quickly and self-destructed - may have been less visually exciting, but ultimately it was dramatic. As the documentary explains, we now live in a world where computer malware code causes destruction on a physical level. We will undoubtedly see more later on.