Stuxnet, what a badass story - I can’t believe no one has made a movie about this yet. The US goverment wanted to derail Iran’s nuclear program, but diplomacy prevented them from launching a kinetic attack… sort of.
Instead, the NSA writes a worm specifically targeting computers used by Iran’s nuclear program to administer Seimens control units that operate centrifuges used to produce weapons-grade uranium. By subtly altering their spin rates, Stuxnet malware caused physical degradation while simultaneously feeding false data to monitoring systems, ensuring the sabotage remained undetected for an extended period. By the time the malware was discovered, Iran’s nuclear weapons production capabilities are delayed significantly.
Key Ideas
- Malware can cause kinetic harm, I believe this was the first evidence of a “cyber weapon”
- Air-gapped networks can be bypassed by human error. In this case, weaponized USB storage devices left laying around where Iranian nuclear program employees would find them.
- Diplomacy in the digital age is a lot more interesting than intelligence operatives chopping off fingers.
Also, it turns out Jake Williams (@malwareJake), prominent figure in the InfoSec community, was deeply involved in the project that produced Stuxnet. One really cool Easter Egg is Jake’s Twitter background image, which shows frustrated Iranian nuclear scientists surveying damage to their equipment.