All of us are familiar with “Satyagraha” – the non violent movement followed by Mahatma Gandhi in order to attain freedom for our country. Probably this became an inspiration for other countries. Can you believe if I said that we now live in a world where a piece of code can destroy machinery and stop/start a war? But yes, this has been possible. The term “Stuxnet” went viral in the year 2010 and probably the most hot favorite topic which created curiosity among the cybersecurity professionals.The initial name coined was Rootkit.Tmphider; Symantec later referred it as W32.Temphid and finally changed it to W32.Stuxnet; derived from a combination of two artifacts in malware code-.stub and mrxnet.sys
The creators of this malware is believed to be the joint venture of United States and Israel in order to destroy centrifuges that produced uranium enriched nuclear weapons and reactors in Iran. One of the affected industrial facilities was the Natanz nuclear facility in Iran. It took about 3 long years and a team of 10 coders to develop this malware. It was known as “Operation Olympic games” which started under President George W Bush and continued under President Barrack Obama.
Now lets come to most interesting part of knowing how the master plan was put into action technically. Stuxnet was a 500KB computer worm(code) that exploited multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread causing the nuclear systems to bring to a dead state. It is believed that this attack was initiated by a random worker’s USB drive as the main intent was just to attack the nuclear plant and not really to the systems that connected over internet. Though the malware so notorious , it was made sure not to infect/cause zero harm to non-uranium development computers. Rather it verified if the computer was connected to specific models of the programmable logic controllers(PLCs) [PLCs are small embedded industrial control systems that run all kinds of automated processes: factory floors, chemical plants, oil refineries and, yes, in nuclear power plants which are controlled by computers] .In this case it looked for the PLC, Siemens Step 7 controller software.The worm then alters the PLCs programming, resulting in the centrifuges to whirl too quickly and for too long, damaging and destroying the delicate equipment used in the process. The Stuxnet was so smart that the PLCs would not notify its controlling computer that such a damage is being caused making it ineffective to be detected.
After the successful compromise of the Step7 software , the malware gave access to its creators access to crucial industrial information and the ability to operate various machineries at the individual industrial sites.By the time the nuclear power plant authorities suspected the inactivity of the machines ,the Stuxnet worm had destroyed 984 uranium enriching centrifuges , thus contributing to a 30% decrease in enrichment efficiency.
An American documentary film named “Zero Days” was released in 2016 which is based on Stuxnet. Guess this is already creating a curiosity in you and made you google about this movie if already not watched 😉 Perhaps, this seems to be a perfect example of technology , especially a malware , the little evil also being an angel 😉 [in terms of preventing a war through non violence] . Don’t you think !!
P.S 😉 Expecting your views on this tiny article 🙂
InfosecVidya 
Leave a Reply