Details of the Stuxnet worm’s origins and functioning have been seeping into the media, tidbit by intriguing tidbit, since last Summer, when news of the worm went mainstream. But a new exclusive from the New York Times breaks the Stuxnet story wide open, confirming oft-cited theories that it was a state-sponsored attack and pointing the finger at both the U.S. and Israel as the creators of the worm.
The story, in Sunday’s New York Times, cites Obama administration sources, as well as experts including Ralph Langner, saying that Stuxnet was created specifically to disable Iran’s uranium enrichment facility at Nantaz – a mission that the worm apparently carried out with aplomb.
Much has been written about Stuxnet in the last six months, with researchers settling on centrifuges used for uranium enrichment fairly early in the analysis of the worm. connections to Israeli intelligence have also come out of analysis of the worm by Symantec and others.
But the Times article goes well beyond those reports, retracing a complex U.S. Israeli joint operation, that also included cooperation from Germany and Great Britain, as well as knowing or unknowing cooperation by Siemens, the firm that made the programmable logic controllers (PLCs) targeted by Stuxnet. U.S. intelligence and scientists helped analyze the PLCs for vulnerabilities, part of a larger project to research vulnerabilities in commonly used industrial components. Israeli intelligence tested aspects of the worm using centrifuges identical to Iran’s at Israels Dimona complex prior to deploying it – making the worm’s success a foregone conclusion, the article claims. In the end, Stuxnet may have knocked Iran’s progress towards a nuclear weapon off by five years or more – part of a program to “run the clock” on Iran. That’s more than Israeli military estimates for the time that they would earn by bombing the Nantaz facility – an act that may have ignited a regional war.
However, experts said that the release of Stuxnet was an act akin to crossing the Rubicon – opening the door to similar, state sponsored attacks aimed at critical infrastructure. The U.S., just like Iran, is vulnerable to such attacks and could find itself targeted, the article notes.