The Complex

Stuxnet is way older than we thought

Think you knew all there was to know about Stuxnet, the worm that was discovered in 2010 to have destroyed thousands of uranium enrichment centrifuges at Iran’s Natanz nuclear facility? Think again. It appears that an early version of the worm was attacking Iran’s nuclear program years before the version that made headlines in 2010 ...

By
Getty Images
Getty Images
Getty Images

Think you knew all there was to know about Stuxnet, the worm that was discovered in 2010 to have destroyed thousands of uranium enrichment centrifuges at Iran's Natanz nuclear facility? Think again. It appears that an early version of the worm was attacking Iran's nuclear program years before the version that made headlines in 2010 was unleashed, according to a new report by the IT Security firm Symantec.

Think you knew all there was to know about Stuxnet, the worm that was discovered in 2010 to have destroyed thousands of uranium enrichment centrifuges at Iran’s Natanz nuclear facility? Think again. It appears that an early version of the worm was attacking Iran’s nuclear program years before the version that made headlines in 2010 was unleashed, according to a new report by the IT Security firm Symantec.

Dubbed Stuxnet 0.5, the early version of the worm attacked Iran’s nuclear program by closing valves that allowed uranium hexafloride gas (UF6) to flow into the centrifuges at Natanz, according to Symantec. Cutting off the flow of UF6 would, in theory, damage the centrifuges. (Click here for a primer on gas centrifuges.)

This apparently didn’t work as well as Stuxnet’s designers wanted it to and we saw later versions of the worm that famously caused the centrifuges to spin out of control — thereby destroying them. Stuxnet 0.5 was under development as early as November 2005 and in the wild by November 2007 with orders to shut down by July 2009 — the year that the version aimed at causing the centrifuges to spin out of control was developed, according to Symantec.

"The earliest known variant of Stuxnet was version 1.001 created in 2009. That is, until now," reads a Symantec blog post accompanying the report.

Remember, Stuxnet was reportedly the work of a U.S.-led cyber campaign against Iran known as Operation Olympic Games. At the time of its discovery the worm was considered to be one of the most advanced cyber weapons ever fielded. The worm reportedly took an unprecedented amount of time, expertise, and money to create.

As a Symantec blog post says, "Stuxnet proved that malicious programs executing in the cyber world could successfully impact critical national infrastructure."

The malware was designed to worm its way (See what I did there?) harmlessly around the globe until it found its precise target, the Siemens-made programmable logic control (PLC) computers that ran the centrifuges at Natanz. Once there, it attacked. You know the rest.

Some cybersecurity experts fear that cyberweapons like Stuxnet can be revers- engineered and used against their creators or sold on the ever-growing black market for cyber weapons.

"The difference between traditional weapons and cyber weapons is that it’s not possible to [re]assemble a cruise missile after it has been used," said cyber security expert Eugene Kaspersky last September in Washington. "Cyber weapons are different" because the victims "can learn from" weapons used against them.

As another cyber security expert told Killer Apps last fall:

Because uranium centrifuges and power turbines are both spinning machines, "the attack is identical — the one to take out the centrifuges and the one to take out our power systems is the same attack."

"If a centrifuge running at the wrong speed can blow apart" so can a power generator, said the expert. "If you do, in fact, spin them at the wrong speeds, you can blow up any rotating device."

These new revelations are unlikely to assuage such fears.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

Tags: Cyber Security & Hacking, Iran, National Security Agency, Nuclear Weapons, Strategic Intelligence

Editors’ Picks

  1. 1
    Stop Worrying About Chinese Hegemony in Asia
  2. 2
    Gen Z Has Finally Found Its Karl Marx
  3. 3
    Erdogan Won by Exploiting Fear
  4. 4
    China Can’t Have It Both Ways in Europe
  5. 5
    The Indo-Pacific Has Already Chosen Door No. 3

More from Foreign Policy

Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.
Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.

At Long Last, the Foreign Service Gets the Netflix Treatment

Keri Russell gets Drexel furniture but no Senate confirmation hearing.

Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.
Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.

How Macron Is Blocking EU Strategy on Russia and China

As a strategic consensus emerges in Europe, France is in the way.

Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.
Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.

What the Bush-Obama China Memos Reveal

Newly declassified documents contain important lessons for U.S. China policy.

A girl stands atop a destroyed Russian tank.
A girl stands atop a destroyed Russian tank.

Russia’s Boom Business Goes Bust

Moscow’s arms exports have fallen to levels not seen since the Soviet Union’s collapse.

Trending

  1. Stop Worrying About Chinese Hegemony in Asia
    Argument |
    Stephen M. Walt

  2. Gen Z Has Finally Found Its Karl Marx
    Essay |
    Samuel McIlhagga

  3. Erdogan Won by Exploiting Fear
    Analysis |
    Gonul Tol

  4. The Indo-Pacific Has Already Chosen Door No. 3
    Argument |
    Kelly A. Grieco, Jennifer Kavanagh

  5. The Rise and Sudden Fall of the Arctic Council
    Analysis |
    Brett Simpson