Quantcast

Monday, July 28, 2014         

 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

Report: Stuxnet cyberweapon older than believed

By Raphael Satter

Associated Press

POSTED:
LAST UPDATED: 05:56 a.m. HST, Feb 27, 2013


LONDON » The sophisticated cyberweapon which targeted an Iranian nuclear plant is older than previously believed, an anti-virus firm said Tuesday, peeling back another layer of mystery on a series of attacks attributed by The New York Times to U.S. and Israeli intelligence.

The Stuxnet worm, aimed at the centrifuges in Iran's Natanz plant, transformed the cybersecurity field because it was the first known computer attack specifically designed to cause physical damage. The precise origins of the worm remain unclear, but until now the earliest samples of Stuxnet had been dated to 2009, and the Times — in the fullest account of the attack so far published — traced the origins of the top-secret program back to 2006.

In a new report issued late Tuesday, Symantec Corp. pushed that timeline further back, saying it had found a primitive version of Stuxnet circulating online in 2007 and that elements of the program had been in place as far back as 2005.

One independent expert who examined the report said it showed that the worm's creators were particularly far-sighted.

"What it looks like is that somebody's been thinking about this for a long, long time — the better part of a decade," said Alan Woodward, a computer science professor at the University of Surrey. "It really points to a very clever bunch of people behind all of this."

Security experts generally agree that Stuxnet was an attempt to sabotage Iran's uranium enrichment centrifuges, which can be used to make fuel for reactors or weapons-usable material for atomic bombs. Iran maintains its nuclear program is for peaceful purposes.

Last year, the Times reported that President George W. Bush ordered the deployment of Stuxnet against Iran in a bid to put the brakes on its atomic energy program, detailing how the worm tampered with the operation of Natanz's centrifuge machines to send them spinning out of control.

President Barack Obama, who succeeded Bush shortly after the first attacks, expanded the campaign, the report said.

U.S. and Israeli officials have long declined to comment publicly on Stuxnet or their alleged involvement in creating and deploying the computer worm.

Symantec's report suggests that an intermediate version of the worm — Stuxnet 0.5 — was completed in November 2007. That worm lacked some of the sophistication of its descendant, Symantec said, and was designed to interfere with the centrifuges by opening and closing the valves which control the flow of uranium gas, causing a potentially damaging buildup in pressure.

That approach was dropped in later, improved versions of the Stuxnet code.

Symantec said the servers used to control the primitive worm were set up in November 2005, suggesting that Stuxnet'strailblazing authors were plotting out their attack at a time when many parts of the Internet now taken for granted were not yet in place. Twitter did not exist, Facebook was still largely limited to U.S. college campuses, and YouTube was in its infancy.

Woodward said that had troubling implications.

"Clearly these were very forward-thinking, clever people that were doing this," he said. "There's no reason to think that they're less forward-thinking now. What are they up to?"

___

Online:

The Symantec report: http://bit.ly/128ux2s







 Print   Email   Comment | View 2 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(2)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
fstop wrote:
"Last year, the Times reported that President George W. Bush ordered the deployment of Stuxnet against Iran..."

Ah ha, "Bush's fault", again...


on February 27,2013 | 05:36AM
nodaddynotthebelt wrote:
My question is, why is it that we have found out that China's military was responsible for cyber attacks on our businesses, which resulted in billion dollars in information stolen, but we have not really spoken out about it. China has denied responsibility but the "fingerprints" all point to them. Unfortunately, because of this fiasco it would be the kettle calling the pot black.
on February 27,2013 | 09:12AM
IN OTHER NEWS
Breaking News
Blogs