Gone are those days of fighting wars using swords and sabres, whilst riding on horseback. Modern warfare is closely associated with technology. Needless to say, if it wasn’t for technology, Allies would have lost World War II. It was intelligent people like Alan Turing and Robert Oppenheimer who put an end to this war by devising new war weapons. Both of their contributions proved detrimental to technological advancement. Moreover, this marked the beginning of nuclear weaponry.
However, it seems as if we are heading towards a different realm of warfare. Shortly after WWII, Combat based warfare became far too great a political risk. Hence world governments are turning towards cyber warfare. Wars will be fought through the internet. Meaning, anyone can become the Genghis Khan in the future, building their empire using lines of code.
Cyberwarfare is a way of using technology to attack an enemy nation. This technology could be narrowed down to two things: Computers and the Internet. The biggest advantage of Cyberwarfare is its anonymity. Using internet mirrors such as VPN, encryption and Tor, anyone can launch huge online attacks. The best part, they can do all of this without even revealing their identity. Needless to say, cyberwarfare isn’t the dystopian vision of the future. In fact, there are claims of this cyber warfare to have found its beginning. Moreover, we have seen a few of them already.
Stuxnet is a malicious computer worm, capable of self-replicating and transmitting itself to other host devices in perpetuity. It is the world’s first digital weapon. In fact, this weapon is a piece of expertly choreographed espionage. First identified in Belarus, the worm spread quickly all across the world. However, there was one specific country that had been infected the most. In a matter of a few days, a vast amount of computer devices in Iran were infected with this virus.
How Stuxnet spreads?
Stuxnet is a sophisticated weapon. It was different from normal computer worms. While the virus spread either through two channels, the internet or file sharing, Stuxnet had 7 channels. In fact, that is the reason as to why it spreads quickly. It can even transmit through Local area networks. In addition to that, this spread is completely undetectable. Even if a person connects to a network that is infected with this virus, their system is in trouble. One doesn’t even need to intervene or directly contact this virus. Above all, it had 4 Zero Days, while it is extremely rare to find a virus with 1 Zero days.
Zero Day is an exploit, a weakness in computer software. It is this Zero Day that allows the virus to insert itself into the machine and control the system. This is called “Zero Day” because the even author of this software is unaware of this security hole. In fact, no one knows of this security hole but a hacker. Hence when a hacker uses this exploit, the software developer has spent zero days attempting to fix the security flaw.
However, it is extremely rare to find. Zero Days are popular amidst the hacker groups. They pay millions of dollars for purchasing one zero day virus. Hence such viruses are very rare to find. On the other hand, Stuxnet had 4. This ensures that, if one zero day fails or gets patched, there are 3 more to serve as a backup. Therefore, it is extremely difficult to beat this virus.
Stuxnet did nothing harmful
Yes, it is indeed a surprise that this highly sophisticated virus did nothing harmful. But hold on. It did nothing harmful to those devices that were not a part of its target. Stuxnet waited patiently until it had reached its target before it would deliver its deadly payload. It was designed to infect one specific target. Given the fact that the vast majority of computers were infected in Iran, people ascertained it to be the target. Not just any part of Iran, but one specific location.
Natanz Uranium Enrichment Plant, Iran
Stuxnet’s target was the Natanz Uranium Enrichment Plant in Iran. The facility consists of 7,000 centrifuges installed at Natanz, of which 5,000 were producing low enriched uranium. These centrifuges are essential to keep the plant running. They enrich uranium so that it could be used for developing nuclear weapons. However, these centrifuges are not manually operated. It uses a Siemens PLC unit to control and monitor the spin speed of these centrifuges. The goal of Stuxnet was to infest the Siemens PLC unit at the facility.
How does Stuxnet work?
Somehow, Stuxnet reached the Natanz facility. Investigators say it infected the system through a USB. For a sophisticated code such as Stuxnet, its working is expected to be unconventional.
It did nothing harmful for the first 13 days
Surprisingly, Stuxnet did nothing harmful at Natanz as well. It would just lay dormant on the PLC unit for the first 13 days. However, it was doing some calculations and recordings. During these 13 days, it was recording all the data from the centrifuge. It saved every log that every single centrifuge outputted.
Stuxnet in action
After two weeks of collecting data from PLC, Stuxnet finally started manipulating it. It increased the speed of all the centrifuges way beyond their safe operating range for 15 minutes. After that, it slowed down its speed to just 2 rpm for another 15 minutes. This variation in speed will cause the finely tuned machine to develop cracks, warp, bend or even blow up. You may ask, if PLC monitors the speed at all times, how come the maintenance engineers never noticed this. This is where this million-dollar computer worm fooled the scientists.
Even though Stuxnet did nothing harmful in the first 13 days, it was collecting data. So whilst varying the speed of the centrifuges, it would feed this old data to PLC. In the sense, it played back the recorded data to the system. As a result of which, the maintenance engineers couldn’t find the variation. In addition to that, the code disabled the emergency button. Engineers use this to shut the facility in case of any anomalies. Since the code had disabled, there was no way to stop this. Stuxnet repeated this 30-minute routine once every 27 days. Subsequently, it destroyed 1000 uranium enrichment centrifuges. As a result of which, Iran’s nuclear weapons program came to a halt. This significantly slowed down their nuclear research.
Who was responsible?
To develop a code of such complexity, a person should be proficient in PLC and its working. Moreover, they must know Natanz’s facility, or else the virus won’t be able to know whether it has reached the target. Although it is still unclear as to who did this, reports suggest that it was a multi-million project of 3 governments. NSA(US), GCHQ(UK) and UNIT8200(Israel’s elite government hacking agency) were the ones behind this malicious virus. This project was codenamed An insider said, Stuxnet was codenamed “Olympic Games” by the NSA.
Iran didn’t take Stuxnet lightly. They struck back with brute force. Firstly, they wiped out every piece of software from every single computer in the world’s largest oil company, Saudi Aramco. Then, they hit American banks. They took down the online banking capabilities of many banks. These banks include Bank of America, PNC and Wells Fargo. Even though Iran didn’t directly take responsibility, reports suggest that the government hired elite hackers to do this. This was the first cyberwar.
Stuxnet was just the beginning of cyberwarfare. Nitro Zeus is another multi-million dollar project, a backup in case Iran refused to agree with the nuclear deal. Nitro Zeus is called as the most terrifying cyberweapon ever created. Anonymous NSA testimonies call it, Stuxnet on steroids. It has the capability to infect every single computer in Iran. Once infected, the attackers will control them. It could attack Iran’s command and control system. Or it could even disable Iran’s defence system. Nitro Zeus attacks critical infrastructure systems. Meaning, a hacker can derail trains, blow up a gas pipeline, dam or nuclear reactors. If activated, the results will be catastrophic. Many insiders claim that Nitro Zeus is still inside Iran. It is just a click away from activation.