Why ‘Stuxnet’ is still the greatest cyberattack victory to date

Cyberattacks are the best way for America’s enemies to mess around with the United States without triggering a full-scale war. Let’s be real, if China and Russia saw real-world retaliation for every time they messed with U.S. computer systems, we’d be in the middle of World War III right now. 

But aside from stealing military technology, hacking the names and bank accounts of every federal employee, and mucking about in some utility companies, their cyber intrusions have been little more than a nuisance up to this point. That’s not how American cyberwarriors operate.

When the United States and Israel conduct a cyber attack, there’s a good reason for it and the target is clear. Stuxnet, a malicious virus designed to destroy Iran’s uranium enrichment program, was the sniper rifle of the U.S. cyber weapons arsenal. 

First uncovered in 2010, the Stuxnet worm was introduced onto the computer systems of the Iranian uranium enrichment facility at Natanz. The program was specifically engineered to be on that particular server, one that had to be running Supervisory Control and Data Acquisition software, that had to be using Siemens technology (specifically, Siemens 7), and had control over a programmable logic controller (PLC), controlling an electric motor. If all of these conditions didn’t exist, the program would eventually delete itself. 

PLCs are a critical component of almost all major manufacturing facilities and automated machines, managing everything from traffic lights to pipe valves. There was only one place in the world where those conditions existed: the Natanz nuclear facility in Iran. Those motors were controlling the centrifuges that were enriching uranium for Iran’s nuclear program.  

What this means is that whoever created the Stuxnet worm had an insider in the Natanz nuclear facility, one who knew the exact conditions malicious code would have to attack, as well as how best to permanently damage the facility’s operations, or at least set it back a little bit. 

Moreover, since the computer systems at Natanz weren’t connected to the internet, the inside man would also have to be able to introduce the worm to the Natanz controlling systems. According to the Times of Israel, this was done by the CIA and Mossad, who set up a fake front company with the sole purpose of getting Dutch intelligence agents posing as technicians into the facility. 

Once introduced, the worm lay dormant. Once awakened, it looks for the conditions that would begin its destructive sequence. At Natanz, it found those conditions and began to force the centrifuges to spin too fast for too long, damaging the mechanical equipment. Meanwhile data collection and reporting software tells monitoring engineers that all systems are operating normally. 

At Natanz, Stuxnet damaged 1,000 of the estimated 5,000 gas centrifuges before Iran realized something was amiss. They would reportedly execute a number of personnel at the facility, although it’s not known if intelligence assets were killed in the fallout. The day the Iranian government revealed what happened there, two Iranian nuclear scientists were killed by car bombs, further complicating the program’s restart. 

No intelligence agency has ever taken credit for the Natanz Stuxnet attacks, but evidence is clear that it was a highly-engineered bug, designed for a limited mission with a small target. But like most clandestine operations, there was unexpected blowback.

The Stuxnet virus escaped from the computers at Natanz and has since spread to other systems across the world, including European manufacturers and a Russian nuclear power plant – and possibly more. Stuxnet is difficult to find and is self-replicating, so computer systems infected by the worm may not realize it until it’s too late.