e-Careers

How Stuxnet almost started World War III

There have been multiple occasions since World War II ended in 1945 that the world thought it would be engulfed in another global conflict: the 1979 NORAD computer glitch, the Cold War, the Cuban Missile Crisis (my history GCSE means I can tell you a lot about those), and the Black Brant scare to name a few.

The Stuxnet computer worm is another such incident, and probably won’t be the last now that Donald Trump likes to play games of “my weapons are bigger than yours”, which I have no doubt they are.

Stuxnet was a malicious software that targeted control systems in the Natanz nuclear facility in Iran. It enters a computer connected to the system through an infected removable hard-drive, expected to be a USB stick, then the worm uploaded itself onto the plant’s computer system. It is still not known if Stuxnet was uploaded accidentally or deliberately. If done deliberately, it would have been the work of a double agent.

Stuxnet then targeted machines using the Microsoft Windows operating system and networks, and looked for machines with the Siemens Step7 software, the programme that controls industrial systems operating equipment, such as gas centrifuges.  The centrifuges in the Natanz facility were separating different types of uranium, isolating the type needed for nuclear power and nuclear weapons.

Once Stuxnet found the machinery in the network that had the Step7 software on it, the virus inserted itself into the software, taking control of the centrifuges. The worm then demonstrated three steps why it was such a sophisticated piece of malware:

  • It would make the centrifuges spin dangerously fast before returning to normal speed
  • A month later, it slowed down the centrifuges for around 50 minutes, this cycle was repeated for several months
  • It would implement a man-in-the-middle attack which would report false information back to outside controllers signalling that everything was fine and running normally. This ensured that Stuxnet could carry out maximum damage and no-one would know what’s going wrong until it’s too late.

Stuxnet would complete these three steps by modifying the codes and giving unexpected commands to alter the speed of the centrifuge programmable logic controllers (PLCs) while maintaining a loop of normal system feedback to users.

It was reported that the excessive speeds that Stuxnet was spinning the infected machines at caused the centrifuges to disintegrate themselves and self-destruct, destroying around 1,000 of the machines and causing severe delays in Iran’s nuclear programme.

Stuxnet was discovered when the worm accidentally spread beyond its intended target. A programming error introduced in an update allowed the worm to spread to an engineer’s computer which had previously connected to a centrifuge, which spread further when the engineer went back to his house, connected his computer to the internet and realised that not all was what it seemed.

How could this have been the start of World War III?

Well, during the digital autopsy of the Stuxnet worm, it was discovered that it was not developed and planted by any cybercriminal trying to ruin Iran’s chance of nuclear power. It is speculated that Stuxnet was a state-sponsored venture between the Israeli and United States governments who were deliberately trying to cause damage to Iran’s infrastructure.

Cyber security expert, Ralph Langner, was one of the first people to decode Stuxnet and realise the reality of what it was for. Langner knew the grim truth that a new form of industrial and political warfare was on the horizon, one that anyone with an internet connection is susceptible to.

If you are looking to start a career in cyber security, e-Careers offers a range of globally recognised qualifications to help boost your career, click here to find out more. If you are interested in watching Langner’s Ted talk on how he cracked Stuxnet, you can find it here.