Flame & Stuxnet: From Viruses to Cyperweapons

by · June 25, 2012

Part 1: Stuxnet.

Malware, viruses, cyber threats generally are getting more and more sophisticated and now there is that other threat, the new kid on the digital block – ‘cyber-weapons’. How much do you actually know about these?  There was a media, technology, security, and political frenzy over the recently discovered Flame and Stuxnet viruses, but forgetting the current speculation about whether or not they were state sponsored cyber-war, there are some very interesting facts about this story that has taken the cyber-security world by surprise.

First, a brief: Stuxnet and Flame are highly advanced –probably the most advanced to date- computer viruses in the world. Their original authors remain unknown with fingers pointing everywhere.  The scripts of these viruses left little to no evidence about the identity of their creators. The names of the two viruses, Stuxnet and Flame, were derived from some of the file names found in the code (“.stub and MrxNet.sys” for Stuxnet).

For all its infinite complexity and space age programming, a person examining Stuxnet might say that it is a waste of resources. Why? Because   it could have done so much more than it was designed to. If you are a criminal mastermind – of the kind that designs advanced and complicated  viruses, you might like to break in to banks, for example. We are not advocating this of course but a virus as stealthy and contagious as Stuxnet could have infiltrated banks and organizations around the world without being detected, accruing millions of dollars for its creators had they had designed it for that. In fact, Stuxnet’s purpose was incredibly specific and localized, and it is that purpose which people use as a clue to who its creators might have been.

There was but one purpose to Stuxnet, it did not include any theft of information, wire transfer, or hacking: the Natanz nuclear reactor in Iran. More specifically, the centrifuges in the reactor. Even more specifically, the target was [intermittent] control of the frequencies at which the centrifuges rotated in the heart of the Natanz nuclear reactor. After sneaking into the computers controlling the centrifuges, Stuxnet would come out of the dark every 27 days and alter the frequency at which the centrifuges operate for a short amount of time (15 minutes, then 50 minutes, then 15 minutes, and so on). This in turn would cause these centrifuges to malfunction without drawing suspicion (centrifuges at nuclear reactors malfunction everywhere anyways). A higher rate of malfunctioning gas centrifuges create obstacles and delays in the process of enriching Uranium to the level it needs to be to harvest energy from it for either energy or weapons.

Stuxnet was thus exclusively a cyber-sabotage device-the first of its kind. Code is all around us, from the traffic light to the computer in your car; code is running to make sure everything goes smoothly and according to plan. However, Stuxnet is the first instance in which code is used ‘maliciously’ to bring in commands from the cyber world that can have an impact in the physical world, in this case sabotaging Uranium gas centrifuges at a top secret nuclear reactor in Iran.

How was Stuxnet discovered? It was-ironically enough- too stealthy. The malicious code was able to avoid detection for such a long time that it found its way outside the isolated network in Natanz and onto other computers, one of which happened to be a client of Kaspersky, the renowned Russian cyber-security firm. After they performed endless tests, they concluded that the virus at hand is much more than the average code they deal with on a daily basis.

If you thought that Stuxnet was serious business, wait until you find out what Flame is capable of in comparison, and most importantly, its deployment and detection dates. Flame’s purpose was more varied and closer to what one would expect of such a complex virus; data theft.

Just to give you an idea of what to expect about the upcoming Flame piece: Most evidence points to the fact that it had been ready and deployed no later than the summer of 2008.

Think about that for a minute: The most complex computer virus in today’s world remained undetected for four years. 

Post By Nadim Rifai (5 Posts)


Add a Comment