[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
By Kim Zetter
July 11, 2011
It was January 2010, and investigators with the International Atomic
Energy Agency had just completed an inspection at the uranium enrichment
plant outside Natanz in central Iran, when they realized that something
was off within the cascade rooms where thousands of centrifuges were
Natanz technicians in white lab coats, gloves and blue booties were
scurrying in and out of the "clean" cascade rooms, hauling out unwieldy
centrifuges one by one, each sheathed in shiny silver cylindrical
Any time workers at the plant decommissioned damaged or otherwise
unusable centrifuges, they were required to line them up for IAEA
inspection to verify that no radioactive material was being smuggled out
in the devices before they were removed. The technicians had been doing
so now for more than a month.
"We were not immune to the fact that there was a bigger geopolitical
picture going on. We were definitely thinking ... do I really want my
name to be put on this?" -- Eric Chien Normally Iran replaced up to 10
percent of its centrifuges a year, due to material defects and other
issues. With about 8,700 centrifuges installed at Natanz at the time, it
would have been normal to decommission about 800 over the course of the
But when the IAEA later reviewed footage from surveillance cameras
installed outside the cascade rooms to monitor Iran's enrichment
program, they were stunned as they counted the numbers. The workers had
been replacing the units at an incredible rate -- later estimates would
indicate between 1,000 and 2,000 centrifuges were swapped out over a few
The question was, why?
Iran wasn't required to disclose the reason for replacing the
centrifuges and, officially, the inspectors had no right to ask. Their
mandate was to monitor what happened to nuclear material at the plant,
not keep track of equipment failures. But it was clear that something
had damaged the centrifuges.
What the inspectors didn't know was that the answer they were seeking
was hidden all around them, buried in the disk space and memory of
Natanz's computers. Months earlier, in June 2009, someone had silently
unleashed a sophisticated and destructive digital worm that had been
slithering its way through computers in Iran with just one aim -- to
sabotage the country's uranium enrichment program and prevent President
Mahmoud Ahmadinejad from building a nuclear weapon.
But it would be nearly a year before the inspectors would learn of this.
The answer would come only after dozens of computer security researchers
around the world would spend months deconstructing what would come to be
known as the most complex malware ever written -- a piece of software
that would ultimately make history as the world's first real
[ <- SNIP -> ]
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.