clock menu more-arrow no yes

Filed under:

Stuxnet's creators may have had an earlier, stealthier plan to cripple Iran's nuclear program

New, 10 comments
via <a href=""></a>

The Stuxnet virus is one of the best-known cyberweapons in recent history: between 2009 and 2010, it's believed to have hijacked the centrifuge controls in Iran's Natanz nuclear facility, altering their operation and apparently breaking over 1,000 of the 9,000 machines. But in Foreign Policy, researcher Ralph Langner says that the virus was originally meant to do something much more devious. After researching both the Stuxnet code and how Iran managed its centrifuges, he believes that the routine we know today was a simpler and less sophisticated version of an earlier variant, which was meant not only to break the machines but to cover its tracks so well that nobody would notice.

This first variant, says Langner, probably had the same basic purpose as the later one: to place ultimately catastrophic stress on the centrifuge rotors. Rather than infecting the controls and just raising pressure until the centrifuge broke, though, this program would make sure that nobody would realize anything was wrong. First, it would record 21 seconds of status records for the centrifuge regulation system. Then, it would play those values back over and over. While engineers watched the fake numbers, the first Stuxnet would slowly undermine the mechanisms that kept the rotors working — but carefully enough that they'd look like they were just wearing out early, not outright breaking. So why was the later version introduced? In his piece, Langner explains a complex series of fail-safes and workarounds that made the first Stuxnet an uncertain plan, as well as one that might have been detected just like the second version.