But years before the Stuxnet we know and love went to work, an early variant targeted Iran's Natanz nuclear facility. Natanz employs a complicated, cascading system of safeguards to prevent centrifuges used for uranium enrichment from overheating and malfunctioning in order to overcome the country's outdated and dubious nuclear technology. Stuxnet's genius was in its ability to override those safety systems, by infecting computers that weren't connected to the outside world, and without anyone realizing it was being done until it was too late.
What the very early Stuxnet virus was designed to do is "so far-out, it leads one to wonder whether its creators might have been on drugs," Langer says. But in reality, they may have got the idea from a brilliant 1994 action flick starring Reeves and Sandra Bullock.
A controller infected with the first Stuxnet variant actually becomes decoupled from physical reality. Legitimate control logic only "sees" what Stuxnet wants it to see. Before the attack sequence executes (which is approximately once per month), the malicious code is kind enough to show operators in the control room the physical reality of the plant floor. But that changes during attack execution.
One of the first things this Stuxnet variant does is take steps to hide its tracks, using a trick straight out of Hollywood. Stuxnet records the cascade protection system's sensor values for a period of 21 seconds. Then it replays those 21 seconds in a constant loop during the execution of the attack. In the control room, all appears to be normal, both to human operators and any software-implemented alarm routines.
In you're too young (or old) to remember Speed, a terrorist installs a bomb on a Los Angeles bus and holds the passengers, including a cop played by Reeves, hostage by watching them through a closed circuit camera. The cops win by intercepting the video feed, and replacing it with looped footage of bus; making it appear to the villain that everything was normal, while the hostages escaped unnoticed. There was a big explosion at the end, too.
Anyway, once the Iranian system was blinded to the threat, American hackers remotely messed with the safety systems, routinely destroying Iranian centrifuges through coordinated attacks that would do significant damage without revealing the virus's existence. The version of Stuxnet that came later was much more abrasive, and did more damage in a shorter time. Staying hidden was no longer a goal, Langer posits, because once the damage was done, the creators wanted the world to know what they were capable of in the realm of cyberwarfare. It was time to reveal the secret.
This article is from the archive of our partner The Wire.