STUXNET: The Dawn of Cyber Warfare

Prepare yourself for extreme paranoia.  

In March of 2010, a weapon unlike any the world had seen before was unleashed upon a nuclear facility in Natanz, Iran.  It was explosive but not a bomb; stealth but not a spy.

The weapon was a computer virus: a string of 1’s and 0’s that set the Iranian Nuclear Program back over 2 years.

Once the Natanz Uranium Enrichment Nuclear Facility was infected, the virus wormed its way into the computers controlling the plant’s centrifuges (large industrial machines that spin in order to enrich uranium, pictured below) and began speeding them up.

Usually, this would be noticed by the operators on the plant, as their readings would indicate an increased speed.  But the virus intercepted those readings and instead reported normal speeds.  This threw the operators off the track for a while.  That is until the centrifuges spun at such high speeds that it sounded as if hundreds of jet engines were humming on the facility floor.

In this photo released by the Iranian President's Office, Iranian President Mahmoud Ahmadinejad, center, visits the Natanz Uranium Enrichment Facility some 200 miles (322 kilometers) south of the capital Tehran, Iran, Tuesday, April 8, 2008. Ahmadinejad announced major progress in Iran's push for nuclear power, saying Tuesday that his nation was installing thousands of new uranium-enriching centrifuges and testing a much faster version of the device. (AP Photo/Iranian President's Office)

Front and center is Iranian President Mahmoud Ahmadinejad walking amongst the centrifuges at the Natanz Uranium Enrichment Facility.  This released photo and others like it gave the cyber attackers crucial information about the make and model of the centrifuges needed in order to write the code of the “STUXNET” virus.

At this point, the operators had to have known that something was wrong and they would have attempted to power down the centrifuges at the main control board. But the virus intercepted the signal and the spinning continued.  There must have been panic as they rushed from the command room down to the floor and attempted to physically shut each centrifuge by hitting their “red button” kill switch.  And panic turned to terror when the cunning virus also intercepted this signal as humming turned to furious shaking.

All that was left to do was watch as the 6,000 centrifuges eventually erupted leaving nothing but scattered parts and unenriched uranium.  The Iranians had no idea what hit them.  In fact, they didn’t even know it was an attack.

“This has the whiff of 1945, somebody just used a new weapon and this new weapon will not be put back in the box.”   -Former Director of CIA and NSA, Michael Hayden


The first time I encountered a cyber hack capable of physical harm was during my time as a diabetic consultant for Medtronic Diabetes.  Medtronic was and still is the global leader in wearable diabetic insulin pump technology.  The pump itself is worn on the outside of the body (on a belt clip or in the pocket) but the IV tubing is inserted under the skin to allow for continuous injection of insulin.  This was a revolutionary technology in diabetes.

insulin piump

However, in 2012 a hacker demonstrated on live TV how our insulin pump could be remotely hacked using a bluetooth connection.  Once connected, if a hacker was so nefariously inclined, they could simply inject the entire vial of insulin from the pump into the patient.  An injection of that size would almost certainly end in coma or death.

I expected a huge backlash from our customers.  While we did have a few complaints, most people felt the same as they did about the NSA hacks.  “Why would anyone target me?  I’m not any sort of threat.”  And as far as I knew, they were right.  There were no incidents of such attacks on insulin pump patients and Medtronic quickly updated the software with protective encryption.  But even so, this idea of hacking into a physical system to cause real world damage introduced me to a completely new type of warfare.


Nothing is completely secure.

Facebook founder, Mark Zuckerberg knows this better than most as a recent picture gave us a peek at his personal computer which had tape over both the camera and the microphone.

Zuckerberg laptop


Perhaps Zuckerberg is justly paranoid because his company, Facebook, has been identified through the Snowden leaks as one of the many companies that share metadata with the NSA as a part of the PRISM program.  This PRISM program has recently been identified as not only a program that gives the NSA data on who you talk to, where you are, or when your talking to them, but it also allows the government to have access to the content of these communications. Furthermore, Snowden has demonstrated how an NSA employee could access both the camera and microphone of computers that were thought to be on secure networks.

So Zuckerberg is paranoid.  And he should be.  Hacking into personal data is a huge breach of privacy and should elicit some form of paranoia, but this new age of cyber warfare has given birth to something much more sinister.


Cyber attacks are no longer just for stealing private emails and bank account numbers.  Our very own Director of Homeland Security has expressed real concern that our countries infrastructure could be vulnerable to a cyber attack and with it, our citizens.

New York Power Grid

The most worrisome targets are called “Industrial Control Systems” and they control EVERYTHING.  Imagine a virus that shuts down the electricity in your neighborhood, turns every traffic light green, or even causes the gas pressure in a pipeline to build up to explosive levels.

Basically the plot of “Live Free or Die Hard.”  Unfortunately we don’t have a real life John McClane…

All of these physical systems are run by computers, many of them are remotely accessible via the internet, and most of them have very outdated cyber security.

Oh and beyond that, the NSA program called BULLRUN engineered back doors into many domestic corporations’ servers so that they could be accessed, but these security breaches could also ultimately be exploited by  hackers.  Feeling safe?


Why is the US government so paranoid about these sort of cyber attacks?  For the same reason they are paranoid about nuclear attacks.  We struck first.

In March 2010, a new kind of computer virus was spotted by a cyber security firm in Belarus after receiving complaints from some of their Iranian clients.  This virus or malware had 20x more lines of code than any of its predecessors with practically zero errors.


Within a year, the virus had spread to every continent, including the computer systems of major U.S. companies and government branches.  Included in these breaches were many “Industrial Control Systems.”

The cyber security company that came to the rescue was Symantec Research Labs of Santa Monica, California.  Piecing together a few keywords from the code, they coined the virus “STUXNET.”

They didn’t know it yet, but what they had stumbled across was an advanced form of the virus that wreaked havoc on the Iranian Natanz Nuclear Plant.  Even the Department of Homeland Security was in the dark as they tried to asses if the worm was a threat to the homeland.

STUXNET was something new.  It was enormously complex, had almost no errors, and it was capable of seamlessly spreading to connected devices without any need for user interface (this was done by using “zero-day exploits” and classified the virus as a “worm”).

Most viruses require a user to click a button or take some sort of action to spread, but STUXNET can worm its way through networks all on its own.  Anything from an insecure internet connection to plugging in a flash drive would cause an automatic malware download; nowhere was safe.  If you are running a Windows operating system, there is a chance that STUXNET is hiding on your computer right now.

Malware of this kind that are capable of targeting an array of targets can be sold on the black market for millions of dollars.  However, STUXNET was designed to attack a very specific target (on most computers the virus is harmless).  Such a huge investment for only one target meant two things: the entity that designed STUXNET must have had tons of resources and the target it is attacking must have been very important.

It was too perfect and too targeted to be done by a terrorist organization or the activist hacking community.  It had to be government.

Tracing the virus back to its roots and following hidden clues in the code, the Symantec antivirus team was able to determine that it specifically targeted the operating code of Siemens centrifuges and that the area targeted was in Natanz, Iran.  This led them straight to the Natanz Nuclear Plant which had recent news of industrial accidents and even local assassinations of nuclear scientists.  Whether these scientists were assassinated by foreign or domestic adversaries is still unknown.  But the team at Symantec had discovered STUXNET’s purpose.

cyber warrior


Officially, Barak Obama and the United States government have said that STUXNET and the events at Natanz are classified; leaving no room for comments or discussion.  Unofficially, after a plethora of leaks and articles written, it is well know that this attack was a joint effort by the United States and Israel.

According to the leaks, the original virus designed by the United States and Israel did not have the zero-day exploits that allowed it to indiscriminately spread across the world.  This meant that the first attack required a spy or double agent to gain physical access to the secure network of the site and then install the virus.

After the first attack, security at Natanz was tightened up and they were no longer able to physically sneak in the virus.  (Perhaps their inside man was one of the nuclear scientists assassinated around that time.)  Because of this, they needed another way to infect the facilities local network.

This is where the U.S. distances itself from the STUXNET virus.  Leaks from the NSA have asserted that the Israeli government was responsible for adding in these zero-days exploits and unleashing the virus in the surrounding area of Natanz.

They did this knowing that it would spread to infect the entire world.

The strategy was that eventually a computer or thumb drive used by a Natanz Nuclear employee at an offsite location would be infected.  After that, the infected device would be unknowingly brought to the nuclear facility, plugged into the network, and the worm would spread throughout the local network.

A brilliant use of technology, but this also showed blatant disregard for global safety.

To their credit, the attackers did build in stop dates that rendered STUXNET useless after a certain date.  However, this type of virus is now public knowledge and our enemies have a template for creating a cyber attack.


How soon before these weapons are used against us?

The answer:  its already happened.

Iran now operates one of the largest cyber armies in the world, which is full of young Iranians who grew up angry at the United States attacks in Natanz.  And in March 2013 they fired back.  Not only did they hack into Wells Fargo, Capitol One, and US Bank causing millions in damages, but they also managed to hack into a flood-control dam in New York.  If it was not for the quick thinking of the dam’s operators to disconnect the main flood gate, the hackers would have been able to release the water and flood the nearby population.  Many called this a warning shot by Iran that should lead to a cease fire, but it seems much more likely that these behaviors will continue.


STUXNET was a clandestine cyber assault during peacetime.  The United States and Israel may not have liked that Iran was developing a Nuclear program, but technically Iran had not broken any international law and was adhering to periodic inspections by the UN.

There were no legal grounds for the STUXNET attack.

But after hearing threats of nuclear war and promises of a destroyed Israel from Iran’s leaders, it is understandable how Israel’s Prime Minister Benjamin Netanyahu believes inspections are not enough.

Some could see STUXNET as an act of war.  And while declaring war in the United States is a power solely given to Congress; a cyber attack only requires presidential approval lending comparisons to the nuclear football.  The President has a completely new kind of red button at his/her disposal.

How did this power become delegated to the President alone?

60 words that became law after the attacks on September 11, 2001.  60 words that we might have wanted to give more thought to or taken a deep breath to sit on before emotionally solidifying as the creed of our country.

60 words

These 60 words known as the Authorization for Use of Military Force (AUMF) were written into law shortly after 9/11 and gave exclusive presidential power to approve US actions including Guantanamo Bay, drone strikes, and the STUXNET attack.

These words, with incredibly broad strokes, have given our President enormous power.  But perhaps even more terrifying is that due to the lack of transparency with these cyber attacks, were are unable to truly know how we are operating in the global cyberspace.  How can America have a public debate on how these weapons are to be used and elect leaders to accurately represent our views if we are kept in the dark?  There is undoubtedly a place for secrecy in international affairs and homeland defense, but these weapons are no longer a secret.

The rest of the world already has the blueprint and knows that the United States is willing to use these novel weapons.  All that is being protected at this point is our politicians affinity to dodge responsibility.




Inspired by the “Zero-Days” Documentary, Edward Snowden Ted Talk, and Mikko Hypponen Ted Talks.

By | 2016-09-04T17:35:56-07:00 August 26th, 2016|Featured, Politics, Technology|0 Comments

Leave A Comment