What was Stuxnet?


A cyber attack that showed a glimpse into the future of warfare

The three physical domains of land, water and air have long been recognised as the traditional domains for military conflict. Another can be added; cyberspace. The digital world, with all the services and resources it may provide, serves also as an environment through which various countries engage in ongoing cyber warfare which for the most part goes unnoticed to most users of the internet. Almost £2 billion will be invested into the UK’s National Cyber Security Strategy over the next 5 years. Kaspersky’s cyberthreat real time map delivers an astonishing visual representation of the mass volume of cyberattacks which take place across the world every second (see more). Cyber warfare is, therefore, nothing to be ignored.

Multiple significant attacks have taken place so far around the globe. In June 2015, the US Office of Personnel Management blamed China for a data breach leaking sensitive information of government employees. In 2008, Georgian computer networks were infiltrated supposedly by the Russian military. One of the most prolific attacks though, often labelled as one of the first major cyber warfare attacks, took place in 2010. Holger Stark, a writer for German news outlet Der Spiegel, even called it the “first digital weapon of geopolitical importance [which] could change the way wars are fought.” But how did Stuxnet work and why is it so important?

The first variant of the computer worm first appeared in 2009, according to experts at Kaspersky. The aim of the worm was to corrupt a computer system known as SCADA (supervisory control and data acquisition system), which controlled the centrifuges used in a uranium purification facility in Iran. The German-produced system was ‘air-gapped’ however, meaning that it was not directly connected to the broader internet. Thus, the worm could not be delivered remotely by the attackers. As such the worm was first installed on to a Microsoft-based computer and was designed to then move to the SCADA system through a USB drive. The hope was that the infected drive would be removed from the Microsoft operating system and connected to the SCADA system. The infected USB drive would have likely come from one of the numerous outside companies believed to have been connected with Iran’s nuclear program at the time.

Once the worm reached the targeted machine, it would seek to alter the speed of the centrifuge rotors which would ultimately damage them. Designing the worm to work in this way would have required a great amount of knowledge of how the uranium facility worked. The worm also contained a rootkit component which hid all the malicious files to avoid detection. It also embedded data which falsely showed that the facility was operating as normal. Before it was eventually detected, around 100,000 computer servers were infected, according to Symantec, 60% of which were in Iran.

Not only did Stuxnet prove to be a highly sophisticated piece of malware, it was also unprecedentedly damaging. Unlike any other worms before it, this malware had gone beyond digital disruption and caused actual physical destruction as well. Furthermore, it was reported at the time that America and Israel had cooperated to build the worm, although this has not been confirmed. Nevertheless, the events of the Stuxnet attack has been widely regarded as one of the most significant acts of cyber warfare to date. It is likely more attacks like this await.


Timeline: How Stuxnet attacked a nuclear plant

An Unprecedented Look At Stuxnet, the World’s First Digital Weapon

Stuxnet (Wikipedia)

Embracing Cyber Warfare

Thinking about Cyber Security (Course Guidebook) by Professor Paul Rosenzweig of The George Washington University Law School

Chancellor speech: launching the National Cyber Security Strategy