Stuxnet computer virus much older than once thought

Stuxnet, a computer virus that attacked Iran's nuclear program, dates back to 2007, according to researchers at Symantec Corp. Stuxnet, believed to have been created by the US and Israel, was in development as early as 2005. 

|
John Adkisson/Reuters
A cyber warfare expert holds a notebook computer while posing for a portrait in Charlotte in this December 2011 photo.

Researchers at Symantec Corp have uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear program in November 2007, two years earlier than previously thought.

Stuxnet, which is widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility at Natanz, Iran. It was the first publicly known example of a virus being used to attack industrial machinery.

Symantec researchers said on Tuesday they have uncovered a piece of code, which they called "Stuxnet 0.5," among the thousands of versions of the virus they recovered from infected machines.

They found evidence Stuxnet 0.5 was in development as early as 2005, when Iran was still setting up its uranium enrichment facility, and the virus was deployed in 2007, the same year the Natanz facility went online.

"It is really mind blowing that they were thinking about creating a project like that in 2005," Symantec researcher Liam O'Murchu told Reuters.
Security experts who reviewed Symantec's 18-page report on Stuxnet 0.5 said it showed the cyber weapon was already powerful enough to cripple output at Natanz as far back as six years ago.

"This attack could have damaged many centrifuges without destroying so many that the plant operator would have become suspicious," said a report by the Institute for Science and International Security, which is led by former United Nations weapons inspector David Albright and closely monitors Iran's nuclear program.
 
ALTERNATE APPROACH

Although it is unclear what damage Stuxnet 0.5 might have caused, Symantec said it was designed to attack theNatanz facility by opening and closing valves that feed uranium hexafluoride gas into centrifuges, without the knowledge of the operators of the facility.

Previously dissected versions of Stuxnet are all believed to have been used to sabotage the enrichment process by changing the speeds of those gas-spinning centrifuges without the knowledge of their operators.

"The report provides even more concrete evidence that the United States has been activity trying to derail the Iranian nuclear program since it was restarted under President Mahmoud Ahmadinejad's reign," said John Bumgarner, an expert on cyber weapons who works as chief technology officer with the U.S. Cyber Consequences Unit.

The Natanz facility has been the subject of intense scrutiny by the United States, Israel and allies, who charge that Iran is trying to build a nuclear bomb.
The United States began building a complex cyber weapon during the George W. Bush administration to prevent Tehran from acquiring nuclear weapons, U.S. officials familiar with the program have told Reuters. The government has declined to comment on the reports and has launched investigations into leaks on its cyber programs.

Since Stuxnet's discovery in 2010, security researchers have uncovered a handful of other sophisticated pieces of computer code they believe were developed in tandem to engage in espionage and warfare. These include Flame, Duqu and Gauss.

Stuxnet 0.5 was written using much of the same code as Flame, according to Symantec's report, which was published at the RSA security conference in San Francisco, an event attended by more than 20,000 security professionals.

Symantec said it has now uncovered four versions of Stuxnet and there are likely others that have not been discovered yet. Researchers at Symantec and elsewhere are still trying to understand the full extent of the virus's capabilities.

"This fills in some of the gaps," said O'Murchu.

He said the researchers found no evidence to prove who was behind Stuxnet.

Later versions of Stuxnet, which manipulates industrial control software known as Step 7 from Siemens AG, used more sophisticated methods to infect computer systems, he said.

Siemens previously said it plugged the security holes that allowed Stuxnet to breach its software. A company spokesman had no immediate comment on Symantec's latest research.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Stuxnet computer virus much older than once thought
Read this article in
https://www.csmonitor.com/Technology/Latest-News-Wires/2013/0227/Stuxnet-computer-virus-much-older-than-once-thought
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe