Most Sophisticated Malware Ever Targets Iran

A computer worm is drawing awed respect and fear from security researchers, even as they wonder how and why it was created.

Four things about Stuxnet are particularly noteworthy, according to experts consulted by ComputerWorld. One, it appears to be the most sophisticated malware anyone has ever seen. Two, because of that, researchers do not believe it could have been created by a private group. They think it's the handiwork of a nation-state. Third, it could control real world machinery, like, say, a power plant. Fourth, it appears to have targeted Iran.

Add all that up and you come to this realization: Stuxnet is a targeted, apparently untraceable weapon. Christian Science Monitor summed up the situation:

Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says [German researcher Ralph] Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.

"Stuxnet is the key for a very specific lock - in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."

Speculation is now rampant that the worm was created to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant or perhaps its centrifuge facility in Natantz. Still, as uber-expert Bruce Schneier notes, "there's not much in the way of actual evidence to support that." Another security expert called the speculation "irresponsible."

Regardless of target, Stuxnet's appearance in the world signals a new depth and intensity to cyberwarfare. Michael Assante, former security chief for this country's grid-minding organization, the North American Electric Reliability Corp, sounded genuinely rattled in his remarks to Christian Science Monitor.

"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human - but can still take control of your infrastructure. This is the first direct example of weaponized software, highly customized and designed to find a particular target," he said. "The implications of Stuxnet are very large, a lot larger than some thought at first... It's the type of threat we've been worried about for a long time."

Perhaps it's no surprise that Langner's blog is called, "Knowledge Brings Fear."

Presented by

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register with Disqus.

Please note that The Atlantic's account system is separate from our commenting system. To log in or register with The Atlantic, use the Sign In button at the top of every page.

blog comments powered by Disqus

Video

A Stop-Motion Tour of New York City

A filmmaker animated hundreds of still photographs to create this Big Apple flip book

Video

The Absurd Psychology of Restaurant Menus

Would people eat healthier if celery was called "cool celery?"

Video

This Japanese Inn Has Been Open For 1,300 Years

It's one of the oldest family businesses in the world.

Video

What Happens Inside a Dying Mind?

Science cannot fully explain near-death experiences.

More in Technology

Just In