The Stuxnet is believed to be a computer worm that surfaced in the mid 2010 year. It revolutionized the world of cyber-attacks which represented a major development in the cyber war battleground. This infamous computer worm was/is known to initially spread via an operating system mostly the on the Microsoft Windows with an objective target on industrial software systems and equipment.
The Stuxnet worm is believed to have been developed and created by the United States and the Israel to facilitate attacks on the Iranian nuclear systems, and facilities via the use of systematic step by step programmable and reprogrammable code that controlled the nuclear program devices remotely. The worm was best designed to run on three specific systems, that is, the Windows operating system developed by Microsoft, one or more Siemens S7 PLCs, the Siemens PCS 7, WinCC and STEP7 industrial software applications that run on Windows (Microsoft). The ability of this software application to control the systems without the owners/operators knowing subsequently even allowing hackers to manipulate the real-world equipment created the notion of anonymity.
The victim to such attacks was Iranian industrial and manufacturing system specifically the ones controlling their nuclear facilities. The malware was meant to spy on subvert nuclear industrial systems and among the first of its kind to include a programmable logic controller (PLC) rootkit that took control over the system controller. The worm’s modules targeted an estimated five Iranian organization responsible with controlling nuclear systems in the country.Other countries that were subject early attacks and computer worm infection included the Indonesia, India and some parts of the Pakistan and Azerbaijan.
The sole motivation behind the attacks was aimed at disabling or slowing down the nuclear reactors in the targeted countries. The virus additionally had the properties that of collecting information from mailing servers from leading or high security mailing lists on industrial systems. It could disable the lists and even interrupt information flow in power plants and factories.
Iran being the country that reported the most attacks on their computers recording up to an approximated sixty percent on their PC’s being infected by the malicious worm. The ability for this worm to monitor controls and take over certain root activities in the industry devices enabled the worm’s operation even without the users being notified of the worm installing itself on the system.
The nature of these attacks was intense since the intended targets for the worm were hit, and that is, hit quite heavily. The worm was intelligent enough to execute along safeguarded guidelines of working only specific system conditions like for example being able to identify a Siemens industrial manufacturing technological device. Otherwise, the worm made itself inert incase the environment was not conveniently favorable for execution.
A code, also known as a ‘man in the middle attack’, is one of the strings of code that was responsible for faking the industrial process control sensor signals. This effect would make a manufacturing or processing plant not even shutdown in the event of an irregular behavior in the current system. The sophistication of the malware is what intrigued the suspicious developers and software engineers. Its complexity is argued to have been achieved only by a team of well skilled software developers estimated to be between five to ten of them.
The convolution on code and the size of the worm plus the strings of well programmed, protected and targeted lines of instruction aided in the spreading of the worm between specific computers. The worm could only work on targeted computers it was intended for in the specific countries attacked, and it managed to embed itself in the top high value infrastructure in Iran specifically being their upcoming nuclear power plants, that is, the instances of the Bushehr Nuclear Power Plant and the Natanz nuclear facility.
The ability of the malware to work on the various platforms gave it the edge to be able to infect the systems it was intended for attack. The Windows system infection was used an unprecedented four zero-day attacks via using the target operating system vulnerability. It initially spread via USB flash drives from one device to the other plus using other different techniques like the peer to peer RPC to infect and update computers residing in a private network with the malware.
The Windows operating system component of the malware was defined as promiscuous, that is, it was able to spread indiscriminately and relatively quickly. The malware was able to operate in both kernel-mode rootkit and user-mode capabilities under Microsoft Windows, and its device drivers were claimed to have been digitally signed with the remote keys of 2 licenses or certificates that were claimed to have been reportedly stolen from two separate and well-known tech companies, that is, the Realtek and JMicron, which are both situated at Hsinchu Science Park in Taiwan. The licenses and keys used in the driver signing aided the malware install the kernel-mode rootkit drivers effectively without intended end users being notified, and thus helping it remain hidden for a comparatively an extensive period of time. Since the incident both compromised licenses have been retracted by the VeriSign encryption tech firm.
The various versions of the malware that cropped during its execution have been discovered due to the virus’s ability to update itself if in the presence of favorable components, for instance the Siemens software modules. One of the variants was the Stuxnet 0.5 and unlike the other variant versions which were known to cause the centrifuges at the Iran’s Natanz atomic (nuclear-powered) plant facility to speed up rapidly and then slow down tremendously until they stopped working or suddenly crashed.
The Stuxnet 0.5 variant was assembled by the software developer behind the attack to alter the pressure of the unprocessed uranium gas in pipes or cambers being fed into the centrifuges via randomly closing and opening the intake valve regulators, thus in overall interfering with the centrifuges’ normal operation process. Subsequently since the slowdown of production of the nuclear plants, the Iranian government and computer software security professionals have been gradually convinced that the Stuxnet virus was meant and targeted at the manufacturing plants and objected to interrupt their uranium enrichment nuclear facility at Natanz, where most of the centrifuge responsible for plant operational process capacity had plunged over the past year by an estimated 30 percent fall.
The attacks outcome seemed designed to power an alteration in the centrifuge’s rotor spinning speed, by first increasing the speed and then subsequently lowering it, with the likely purpose of prompting extreme distortions or vibrations that would eventually destroy or damage the centrifuge. An exemplified instance of the execution of the worm is when in one of the Iranian plants it operated via initially triggering an infected Iranian IR-1 manufacturing industrial plant centrifuge to increase its rotational speed from its standard working speed of one thousand and sixty four (1,064 hertz) to an estimated one thousand four hundred and ten (1,410 hertz) for about a 15 minute period before resuming to its standard frequency.
It was then reported twenty seven days later on that the worm had gone back into action, infecting and slowing down the affected centrifuges by reducing their motor rotational speeds to low or down of a few hundred hertz for a full time period of 50 minutes. This continuous stresses from the extreme, then sluggish speeds triggered most of the aluminum centrifugal tubes used for operation to expand, thus consequently regularly constraining some parts and components of the centrifuges to rub or contact with each other which facilitated in destroying the machine.
The ultimate motive of this electronic war launched against Iran also initiated and facilitated in aiding this computer worm to transfer data regarding manufacture lines from the Iranian manufacturing plants to various locations situated outside of Iran. It is believed the attack is still continuing with new versions of the virus/worm still spreading.
The success of these attacks were displayed and highlighted in what the Iranians originally thought was the faultiness of the centrifuges brought forth as a result of technical problems at the plant, actually turned out to be predetermined attacks. The virus had somehow managed to spread to other computers outside Iran, a discovery identified by the tech researcher in the Iranian research community of which the issue had drawn their attention and hence they ultimately established that the worm was intended for the Natanz plant.
Evidence of this is on the 23 November year of 2010 where it was proclaimed that uranium supplementation at Natanz had stopped numerous times since there had been a sequence of concerning technical or mechanical problems. The reported serious nuclear calamity (that purportedly led to the closure of a number of its centrifuges) ensued at the location in the initial half of the year 2009 of plant operation. This has been speculated to have been the reason that forced the boss of Iran's Atomic Energy Organization (IAEO) to resign.
Conferring to The Washington Post, the (IAEA) cameras which were put in in the Natanz plant facility had recorded the rapid removal and disassembling of just about 900–1000 centrifuges through the time when the Stuxnet worm was allegedly active at the manufacturing plant. It’s reported that the Iranian engineers, conversely, were able to swiftly interchange the centrifuges with report concluding that the uranium enrichment and processing plant was merely temporarily interrupted.
Well, if the main objective was to rapidly terminate all the centrifuges in the FEP [Fuel Enrichment Plant], then the Stuxnet failed. But the aim to damage a more partial number of centrifuges, slowing them down and setting back Iran’s advancement in effectively operating the FEP, while at the same time covering tracks and making their recognition problematic, then they may have succeeded, well, at least provisionally since they managed to slow down a number of them for a long period of time at tremendous costs.
The brilliance of Stuxnet worm actually relied on the attackers being under the radar, that is, they were able to hide their trails from that of the objective’s entity. This is due to the fact that the variants of Stuxnet tried to conduct itself in a manner that inflicted damage that seemed random to the directed party intended for the attack. The worm met criteria that it was only meant to identify via installing malware on memory blocks of PLC and monitors them while changing parameters for operation while masks itself from the system users, thus it could not be detected until after it has executed its instructions.
The malware was encoded in several programming languages ranging from C and C++ which enabled it to blend in into the various operational software system platforms while staying unnoticed and remaining undetected for a long period of time.
In a reaction to all the effects of the malware and the infection on its device platforms, Iran being one of the affected nations has brought together a team of specialists to fight this virus. Iran which reported up to over 30,000 Internet Protocol (IP) addresses being affected, is putting into place measures that would facilitate putting an end to this menace or in overall reducing its rate of infection on its technological platform around the country.
Though there are claims that the infection is still fast spreading in Iran, techniques that aid in controlling the malware are being enforced. The problem has been catalyzed by the capability of Stuxnet worm to mutate in different environments. Nevertheless, detection and removal software tools and control system security programs are being introduced to cab the malware.
References
Reynolds, George Walter. 2011. Ethics in information technology. Mason, Ohio: South-Western.
Rebane, Jackson C. 2011. The Stuxnet Computer Worm and industrial control system security. Hauppauge, N.Y.: Nova Science Publisher's, Inc.
Brinkman, William John, and Alton Sanders. 2012. Ethics in a computing culture. Mason, Ohio: South-Western.
Akhgar, Babak, and Simeon Yates. 2013. Strategic Intelligence Management National Security Imperatives and Information and Communications Technologies. Burlington: Elsevier Science. http://public.eblib.com/EBLPublic/PublicView.do?ptiID=1138208
Latta, Sara L. 2012. Cybercrime: data trails do tell tales. Berkeley Heights, NJ: Enslow Publishers.Ventre, Daniel. 2012. Cyberwar and Information Warfare. London: Wiley. http://public.eblib.com/EBLPublic/PublicView.do?ptiID=1120650.
Fildes, Jonathan. "Stuxnet worm’targeted high-value iranian assets’." BBC news 23 (2010).
Chen, Thomas M. "Stuxnet, the real start of cyber warfare?[Editor's Note]." Network, IEEE 24, no. 6 (2010): 2-3.
Markoff, John. "A silent attack, but not a subtle one." New York Times 26 (2010): A6.
O'Hern, Steven K. 2012. Iran's revolutionary guard. Washington, D.C.: Potomac.
Karnouskos, Stamatis. "Stuxnet worm impact on industrial cyber-physical system security." In IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490-4494. IEEE, 2011.
