Stuxnet: the first digital weapon

In January 2010, inspectors from the International Atomic Energy Agency visiting the Natanz nuclear plant in Iran noted that the centrifuges used to enrich uranium gas were failing at an alarming rate. Neither the Iranian technicians nor the inspectors could find the cause.

Five months later, an apparently unrelated event occurred. A computer security firm from Belarus was called in to look for faults in a number of computers in Iran that kept shutting down and rebooting. Again, no one could find the cause of the problem. The cause only became known when IT technicians found a handful of malicious files on one of the systems. They had found both the cause of the errors and the world's first digital weapon.

Stuxnet: the first of its kind

The cause of the failing centrifuges and computer systems later became known as Stuxnet. Stuxnet was a computer worm designed specifically to take over certain industrial control systems and cause the equipment powered by those systems to fail, while the systems sent false data to the system monitors indicating that the equipment was working fine.

Stuxnet targeted certain control systems (SCADA systems) manufactured by the German company Siemens AG. SCADA systems typically control machinery used in power plants and similar installations.

More specifically, Stuxnet targeted only Siemens SCADA systems used in conjunction with frequency converters manufactured by certain manufacturers in Finland and Iran and programmed to control motors at very high speeds. This specific combination indicated that the Stuxnets had a very specific target, namely nuclear facilities in Iran.

Investigations later showed that of the approximately 100,000 computers infected by Stuxnet at the end of 2010, around 60% were located in Iran.

Why was Stuxnet created?

Stuxnet is believed to have been in circulation since 2005. After the large-scale attack on Iran's nuclear facilities, speculation began about where Stuxnet originated. Many security analysts pointed to the US and Israel as the culprits. Both countries had for some time considered the threat posed by Iranian nuclear weapons to be particularly serious, and both had the means and expertise to plan and carry out such cyber attacks.

Officials from both countries refused to discuss the matter. Meanwhile, the Iranian government said a foreign virus had infected computers at some nuclear facilities, but had caused only minor problems. However, there was a consensus among experts that Iran's problems were far from minor; many believed that the country's nuclear programme may have suffered a serious setback.

After the attack, several institutes and news media reported that between 10 and 30% of Iran's nuclear centrifuges were destroyed by Stuxnet.

The start of modern cyber warfare

Although it was impossible to verify the extent of Stuxnet's damage, it was clear to cyber security experts that Iran had been subjected to a malware attack that was more sophisticated and damaging than any other documented attack

By taking over and disrupting industrial processes in a significant part of an Iran, Stuxnet was a truly powerful cyber weapon. Stuxnet led to a significant escalation in state-sponsored hacking and states' capacity and willingness to engage in cyber warfare.