Report: Stuxnet cyberweapon older than believed (Update)

Feb 27, 2013 by Raphael Satter

The sophisticated cyberweapon which targeted an Iranian nuclear plant is older than previously believed, an anti-virus company said Tuesday, peeling back another layer of mystery on a series of attacks attributed by many to U.S. and Israeli intelligence.

The Stuxnet worm, aimed at the centrifuges in Iran's Natanz plant, transformed the cybersecurity field because it was the first known computer attack specifically designed to cause physical damage. The precise origins of the worm remain unclear, but until now the earliest samples of Stuxnet had been dated to 2009, and The New York Times—in the fullest account of the attack published so far—traced the origins of the top-secret program back to 2006.

In a new report issued late Tuesday, Symantec Corp. pushed that timeline further back, saying it had found a primitive version of Stuxnet circulating online in 2007 and that elements of the program had been in place as far back as 2005.

Independent security experts who examined the report said it showed that the worm's creators were well ahead of their time.

"To me, it's amazing," said Mikko Hypponen, whose Finland-based F-Secure has studied Stuxnet. "We had no idea the U.S.-Israel cyberoperations were so advanced already almost a decade ago."

Hypponen is one of a host of experts who've concluded that Stuxnet was an attempt to sabotage the uranium enrichment centrifuges at Iran's Natanz nuclear plant, a key element in the Islamic republic's disputed atomic energy program. Because the United States and Israel are two of Iran's biggest foes, the shadow of suspicion immediately settled on their tech-savvy intelligence services.

That theory got a boost when the Times reported that President George W. Bush had ordered the deployment of Stuxnet against Iran, laying out in unprecedented detail how the worm had been crafted so as to surreptitiously send Natanz's centrifuge machines spinning out of control.

U.S. and Israeli officials have long declined to comment publicly on Stuxnet or their alleged involvement in creating and deploying the computer worm.

Symantec's report suggests that an intermediate version of the worm—Stuxnet 0.5—was completed in November 2007. That worm lacked some of the sophistication of its descendant, Symantec said, and was designed to interfere with the centrifuges by opening and closing the valves which control the flow of uranium gas, causing a potentially damaging buildup in pressure.

That approach was dropped in later improved versions of the Stuxnet code.

Symantec said the servers used to control the primitive worm were set up in November 2005, suggesting that Stuxnet's trailblazing authors were plotting their attack at a time when many parts of the Internet now taken for granted were not yet in place. Twitter did not exist, Facebook was still largely limited to U.S. college campuses, and YouTube was in its infancy.

Alan Woodward, a professor of computer science at the University of Surrey, said that had troubling implications.

"Clearly these were very forward-thinking, clever people that were doing this," he said. "There's no reason to think that they're less forward-thinking now. What are they up to?"

Explore further: LinkedIn membership hits 300 million

More information: The Symantec report: bit.ly/128ux2s

4.7 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

Symantec warns of new Stuxnet-like virus

Oct 19, 2011

US security firm Symantec has warned of a new computer virus similar to the malicious Stuxnet worm believed to have preyed on Iran's nuclear program.

Second computer worm 'hits Iran'

Apr 25, 2011

Iran has been hit with new malicious software as part of cyber attacks against the country, a military officer told Mehr news agency on Monday without specifying the target.

Iran says Duqu malware under 'control'

Nov 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Iran: Computer worm could have caused huge damage

Apr 17, 2011

A senior Iranian military official involved in investigating a mysterious computer worm targeting Iranian nuclear facilities and other industrial sites said Saturday the malware could have caused large-scale accidents and ...

Iran claims computer worm is Western plot

Oct 05, 2010

(AP) -- Iran claimed Tuesday that a computer worm found on the laptops of several employees at the country's nuclear power plant is part of a covert Western plot to derail its nuclear program.

Recommended for you

LinkedIn membership hits 300 million

5 hours ago

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

11 hours ago

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

15 hours ago

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

BSD
3 / 5 (2) Feb 27, 2013
Fantastic. Brilliant piece of coding. The more mischief it causes Iran, the more I like it. North Korea, China and Pakistan next please.

More news stories

LinkedIn membership hits 300 million

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Treating depression in Parkinson's patients

A group of scientists from the University of Kentucky College of Medicine and the Sanders-Brown Center on Aging has found interesting new information in a study on depression and neuropsychological function in Parkinson's ...