The History of Stuxnet: The World’s First True Cyberweapon
Watch CYBERWAR on VICELAND to see how a mysterious computer virus sabotaged Iran's nuclear program.
We trace the history of Stuxnet, and how it changed the world, in tonight's episode of CYBERWAR. You can watch CYBERWAR on VICELAND every Monday at 8:30 PM.
On July 16, 1945, the United States detonated a completely new kind of weapon, the atomic bomb, and changed the world forever.
Sometime in 2009, someone launched another completely new kind of weapon. Unlike the one detonated in New Mexico more than 50 years earlier, this wasn't a physical weapon, but a malicious computer program: a virus or malware. But unlike any other malware before it, it was capable of causing real-world, physical damage.
It would later come to be known as Stuxnet, the first-ever malware to attack the real world. Stuxnet was designed to hit only one very specific target: the computers that controlled Iran's nuclear facility in Natanz, where international authorities suspected the country was working on its secret nuclear weapons program.
Stuxnet was programmed to make the uranium enrichment centrifuges spin faster than they were supposed to, causing them to get out of control to the point of damaging them. The malware was so well programmed that even its victims couldn't stop it. In fact, they didn't even know the outages and disruptions were caused by a computer virus.
"The operators were doomed, the plant was doomed."
"The operators were doomed, the plant was doomed," Eric Chien, a security researcher at Symantec who tore apart Stuxnet for months, says.
The attack was so well-done that the virus worked undetected for months, and its victims didn't know about it until security companies around the world discovered it and started talking about it.
At the time, the security world gasped at the sophistication of Stuxnet. No one had ever seen anything like it. Obviously, everyone was wondering who could have been behind such advanced and unprecedented malware, which is perhaps the only one—at least that we know of—to really warrant the definition of "cyberweapon."
To this day, the "whodunnit," at least officially, is unknown. No country has ever claimed or admitted responsibility. But six years later, it's widely assumed that the United States and Israel were the culprits.
As Kim Zetter, the author of Countdown to Zero Day (the definitive book on Stuxnet) puts it, "I don't think that there's a question that the US is behind it." In 2012 The New York Times reported that the US government ordered the attack, which it was officially dubbed Olympic Games.
In this week's episode of the VICELAND documentary series CYBERWAR, Zetter refers to the years-long internal investigation that the US government launched after that New York Times article to find the leaker as one of the many signs pointing towards the US government.
"You don't launch a leak investigation for a covert operations you didn't do," she says.