<- Back

Stuxnet & Flame

June 15, 2012

Members of the US government are now admitting that Stuxnet, the computer worm discovered in June of 2010, was created by the US with the help of Israeli Intelligence as an attack on the Iranian nuclear program. Stuxnet was unique in that it included the capability to spy on and subvert industrial systems, specifically Siemens programmable logic controllers. The Stuxnet project was apparently created in 2006 under the Bush administration as an alternative to pre-emptive Israeli airstrikes on Iran’s nuclear facilities. Marine General James “Hoss” Cartwright of the US Strategic Command created the plan to first map the isolated networks supporting the Iranian nuclear program and then to deliver the Stuxnet virus. The Israelis were kept on board not only to convince them that the virus could do the job better than airstrikes, but also because of their deep intelligence about operations at Iran’s Natanz Nuclear Facility. Initial tests of Stuxnet proved satisfactory against centrifuges surrendered by Libya in 2003 which are the same type of P-1 centrifuge which the Iranians use. The Natanz facility has over 5000 centrifuges enriching uranium. The goal of Stuxnet was to have the infected centrifuges shake themselves apart and hope the Iranians blamed themselves or their suppliers. Because the network at Natanz was not connected to the outside world, Stuxnet had to be delivered by spies or unwitting accomplices. Stuxnet then came back out of the facility on an engineer’s laptop and escaped into the “wild” on the Internet in 2010. While the operation is still classified secret, much of the emerging information comes from a new book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, by David Sanger. Stuxnet is also in the news because of the appearance of the Flame Worm, which is either a sophisticated banking trojan or a cyber-attack infecting computers in Iran and elsewhere in the Middle East. The more information security specialists learn about the new Flame Super-Worm, the less likely it looks like Flame is a new version of Stuxnet. At 20mb, Flame is 40x bigger than the Stuxnet virus and the code is not protected like Stuxnet, nor does it inflict the physical damage which made Stuxnet a weapon. An exeptionally complex malware first surfacing in Iran and Israel in 2010, it could take months to fully analyse. Flame is stealing information rather than money, and then wiping computers, but that behaviour could as easily be criminal enterprise as a nation’s espionage. Microsoft has discovered that Flame uses a rogue Terminal Server certificate to appear trusted and has already started patching the vulnerability.