Inside the World's Most Dangerous Industrial Cyber Weapon

Using reverse comprehensive engineering, a team at cyber security firm Symantec found that Stuxnet 0.5, the older version of the virus widely considered to be a joint effort between Israel and the U.S., was actually first deployed in 2007, several years before it was detected in 2010.  Moreover, its virus codes trace back to 2005. This original version of Stuxnet infiltrated multitudes of computer networks and targeted industrial control systems.

Stuxnet 0.5 had the ability to cause damage while going unnoticed by facility operators. It also had explosive potential – Stuxnet coding was able to shut gas valves inside Natanz, part of Iran’s nuclear enrichment system. The shutdown had dangerous consequences, as built-up pressure nearly led to an explosion and caused serious damage to equipment.

While Stuxnet 0.5 was a potent weapon, it didn’t fulfill the attacker’s goals, and it eventually evolved into the final version of Stuxnet, a virus that was used to alter the speed of Iranian centrifuges. According to Symantec, the discovery of earlier versions of the cyber weapon helped researchers understand Stuxnet’s goals, but other versions remain undiscovered. The firm admits that obtaining these other samples may prove impossible.

So where did Stuxnet originate?

Federal officials recently revealed that the U.S. initiated a complex cyber weapon development program to prevent Iran from acquiring nuclear weapons when President George W. Bush was in office. Other reports claim that President Barack Obama ordered the Stuxnet attack on Iran’s nuclear enrichment facilities.

“The [Symantec] report provides even more concrete evidence that the U.S. has been actively trying to derail the Iranian nuclear program since it was restarted under President Mahmoud Ahmadinejad’s reign,” John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, an independent non-profit research institute, told Reuters.

Other dangerous cyber weapons continue to proliferate. After Stuxnet was discovered, engineers found similar viruses with the names Duqu, Gauss, and Flame. The same developers who created Stuxnet 0.5 also developed Flame, Ars Technica reports. One of Flame’s key characteristics is that it is able to infiltrate a machine when a user updates the operating system.

Sophisticated and ever-evolving cyber weapons put national infrastructure, operating factories, power plants, and other industrial systems at risk, while incurring a high cost. According to the Ponemon Institute, the annualized cost of cyber crime in 2012 among a sample of 56 organizations ranged from $1.4 million to $46 million per company.

Cyber attacks have impacted a range of industries and many U.S. companies. Last year, Secretary of Defense Leon E. Panetta drew attention to several attacks on large U.S. financial institutions, focusing on a virus named Shamoon, which was responsible for the “largest destructive attack that the private sector has seen to date.”

Shamoon also infected computers in the Saudi Arabian state oil company Aramaco. That attack destroyed more than 30,000 computers. Soon afterward, there was a similar incident at RasGas of Qatar, another energy company.

Panetta announced that the Department of Homeland Security, the F.B.I., and U.S. intelligence agencies are increasing their efforts to shield the U.S. from cyber threats, and that the Department of Defense, with support from the National Security Agency, has developed the world’s most sophisticated system for detecting cyber attackers and intruders.

Yet he also warned about the damage that cyber weapons can cause across the nation, and explained the potential devastation of a major strike on U.S. businesses and infrastructure.

“We know that foreign cyber actors are probing America’s critical infrastructure networks. They are targeting the computer control systems that operate chemical, electricity, and water plants and those that guide transportation throughout this country,” Panetta said. “The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability.”