Stuxnet was deployed against Iran in 2007
San Francisco, February 27, 2013
Researchers at Symantec Corporation have uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear programme in November 2007, two years earlier than previously thought.
Stuxnet, which is widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility at Natanz, Iran. It was the first publicly known example of a virus being used to attack industrial machinery.
Symantec researchers said on Tuesday they have uncovered a piece of code, which they called "Stuxnet 0.5," among the thousands of versions of the virus they recovered from infected machines.
They found evidence Stuxnet 0.5 was in development as early as 2005, when Iran was still setting up its uranium enrichment facility, and the virus was deployed in 2007, the same year the Natanz facility went online.
"It is really mind-blowing that they were thinking about creating a project like that in 2005," Symantec researcher Liam O'Murchu told Reuters.
Security experts who reviewed Symantec's 18-page report on Stuxnet 0.5 said it showed the cyber weapon was already powerful enough to cripple output at Natanz as far back as six years ago.
"This attack could have damaged many centrifuges without destroying so many that the plant operator would have become suspicious," said a report by the Institute for Science and International Security, which is led by former United Nations weapons inspector David Albright and closely monitors Iran's nuclear programme.
Although it is unclear what damage Stuxnet 0.5 might have caused, Symantec said it was designed to attack the Natanz facility by opening and closing valves that feed uranium hexafluoride gas into centrifuges, without the knowledge of the operators of the facility.
Previously dissected versions of Stuxnet are all believed to have been used to sabotage the enrichment process by changing the speeds of those gas-spinning centrifuges without the knowledge of their operators.
"The report provides even more concrete evidence that the United States has been actively trying to derail the Iranian nuclear programme since it was restarted under President Mahmoud Ahmadinejad's reign," said John Bumgarner, an expert on cyber weapons who works as chief technology officer with the US Cyber Consequences Unit.
The Natanz facility has been the subject of intense scrutiny by the United States, Israel and allies, who charge that Iran is trying to build a nuclear bomb.
The United States began building a complex cyber weapon during the George W Bush administration to prevent Tehran from acquiring nuclear weapons, US officials familiar with the programme have told Reuters. The government has declined to comment on the reports and has launched investigations into leaks on its cyber programmes.
Since Stuxnet's discovery in 2010, security researchers have uncovered a handful of other sophisticated pieces of computer code they believe were developed in tandem to engage in espionage and warfare. These include Flame, Duqu and Gauss.
Stuxnet 0.5 was written using much of the same code as Flame, according to Symantec's report, which was published at the RSA security conference in San Francisco, an event attended by more than 20,000 security professionals.
Symantec said it has now uncovered four versions of Stuxnet and there are likely others that have not been discovered yet. Researchers at Symantec and elsewhere are still trying to understand the full extent of the virus's capabilities.
"This fills in some of the gaps," said O'Murchu.
He said the researchers found no evidence to prove who was behind Stuxnet.
Later versions of Stuxnet, which manipulates industrial control software known as Step 7 from Siemens AG, used more sophisticated methods to infect computer systems, he said.
Siemens previously said it plugged the security holes that allowed Stuxnet to breach its software. A company spokesman had no immediate comment on Symantec's latest research. - Reuters
More INTERNATIONAL NEWS Stories
- Investors monitoring Pimco after internal strife
- N Korea tanker ‘leaves Libya rebel port carrying oil’
- Malaysia plane incident not terror related: Interpol
- Crimea closes air space to commercial flights
- Missing Malaysian plane last seen At Malacca Strait
- Stolen passport holder on missing plane is Iranian
- China deploys 10 satellites to search for Malaysia jet
- Libya says halts tanker outside port; rebels deny it
- Libya orders military force to 'liberate' ports
- Big bananas: Chiquita, Fyffes merge
- Radar sweeps, dozens of aircraft, but no sign of plane
- N Korea tanker loads oil at Libya rebel port
- Gold drops as US growth optimism weighs
- Merkel raps Putin; Russia tightens grip on Crimea
- World 'at sea' over missing Malaysian jetliner
- Passports requiring probe were on Malaysia flight
- 40 killed in Yemen as Houthi fighters near capital
- Vietnam finds object in sea; search on
- $5bn poll spend to boost India economy
- Libya authorises use of force against Korean tanker
- Ukraine PM says he will go to US to discuss crisis
- Syrian journalist killed covering fighting
- Malaysian jet may have turned back before vanishing
- No sign of missing plane; Malaysia probes false passports
- Two Europeans not on board 'missing' Malaysian jet
- China draws red line on North Korea
- Saudi sentences three to death for 2003 bombing
- First bitcoin machine opens in UK
- US sanctions will boomerang, warns Russia
- China plans $50bn bank to fund projects