Report: Stuxnet cyberweapon older than believed (Update)

Feb 27, 2013 by Raphael Satter

The sophisticated cyberweapon which targeted an Iranian nuclear plant is older than previously believed, an anti-virus company said Tuesday, peeling back another layer of mystery on a series of attacks attributed by many to U.S. and Israeli intelligence.

The Stuxnet worm, aimed at the centrifuges in Iran's Natanz plant, transformed the cybersecurity field because it was the first known computer attack specifically designed to cause physical damage. The precise origins of the worm remain unclear, but until now the earliest samples of Stuxnet had been dated to 2009, and The New York Times—in the fullest account of the attack published so far—traced the origins of the top-secret program back to 2006.

In a new report issued late Tuesday, Symantec Corp. pushed that timeline further back, saying it had found a primitive version of Stuxnet circulating online in 2007 and that elements of the program had been in place as far back as 2005.

Independent security experts who examined the report said it showed that the worm's creators were well ahead of their time.

"To me, it's amazing," said Mikko Hypponen, whose Finland-based F-Secure has studied Stuxnet. "We had no idea the U.S.-Israel cyberoperations were so advanced already almost a decade ago."

Hypponen is one of a host of experts who've concluded that Stuxnet was an attempt to sabotage the uranium enrichment centrifuges at Iran's Natanz nuclear plant, a key element in the Islamic republic's disputed atomic energy program. Because the United States and Israel are two of Iran's biggest foes, the shadow of suspicion immediately settled on their tech-savvy intelligence services.

That theory got a boost when the Times reported that President George W. Bush had ordered the deployment of Stuxnet against Iran, laying out in unprecedented detail how the worm had been crafted so as to surreptitiously send Natanz's centrifuge machines spinning out of control.

U.S. and Israeli officials have long declined to comment publicly on Stuxnet or their alleged involvement in creating and deploying the computer worm.

Symantec's report suggests that an intermediate version of the worm—Stuxnet 0.5—was completed in November 2007. That worm lacked some of the sophistication of its descendant, Symantec said, and was designed to interfere with the centrifuges by opening and closing the valves which control the flow of uranium gas, causing a potentially damaging buildup in pressure.

That approach was dropped in later improved versions of the Stuxnet code.

Symantec said the servers used to control the primitive worm were set up in November 2005, suggesting that Stuxnet's trailblazing authors were plotting their attack at a time when many parts of the Internet now taken for granted were not yet in place. Twitter did not exist, Facebook was still largely limited to U.S. college campuses, and YouTube was in its infancy.

Alan Woodward, a professor of computer science at the University of Surrey, said that had troubling implications.

"Clearly these were very forward-thinking, clever people that were doing this," he said. "There's no reason to think that they're less forward-thinking now. What are they up to?"

Explore further: Apple helps iTunes users delete free U2 album

More information: The Symantec report: bit.ly/128ux2s

4.7 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

Symantec warns of new Stuxnet-like virus

Oct 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Second computer worm 'hits Iran'

Apr 25, 2011

Iran has been hit with new malicious software as part of cyber attacks against the country, a military officer told Mehr news agency on Monday without specifying the target.

Iran says Duqu malware under 'control'

Nov 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Iran: Computer worm could have caused huge damage

Apr 17, 2011

A senior Iranian military official involved in investigating a mysterious computer worm targeting Iranian nuclear facilities and other industrial sites said Saturday the malware could have caused large-scale accidents and ...

Iran claims computer worm is Western plot

Oct 05, 2010

(AP) -- Iran claimed Tuesday that a computer worm found on the laptops of several employees at the country's nuclear power plant is part of a covert Western plot to derail its nuclear program.

Recommended for you

Apple helps iTunes users delete free U2 album

11 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

17 hours ago

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

18 hours ago

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

Facebook vs. loneliness

21 hours ago

Are people becoming lonelier even as they feel more connected online? Hayeon Song, an assistant professor of communication at UWM, explored this topic in recent research.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

BSD
3 / 5 (2) Feb 27, 2013
Fantastic. Brilliant piece of coding. The more mischief it causes Iran, the more I like it. North Korea, China and Pakistan next please.