Stuxnet worm targeting Iran in works as early as 2005, Symantec finds
By Ellen Nakashima,
The secret cyber-sabotage campaign aimed at Iran’s nuclear program may have been in existence as early as 2005 and may have been capable of inflicting more damage than previously known, according to a security firm’s analysis released Tuesday.
The findings, by the security company Symantec, were announced after the discovery of an earlier variant of Stuxnet, as researchers have dubbed the worm reportedly developed by the United States and Israel.
The variant, which they have called Stuxnet 0.5, was being developed as early as 2005, five years before the discovery of the now-famous version of the worm.
Unlike that version, which caused centrifuges at Iran’s Natanz nuclear facility to speed up and slow down until they crashed, Stuxnet 0.5 was built to modify the pressure of the raw uranium gas being fed into the centrifuges by opening and closing intake valves, thus affecting the centrifuges’ operation, said Vikram Thakur, a researcher with Symantec Security Response.
In some cases, he said, the worm could cause a fivefold increase in the pressure levels. At such pressures, the gas could even have solidified, damaging the centrifuges, he said.
The New York Times has reported that the impetus for the covert cyber program, dubbed “Olympic Games” by U.S. officials, dates from 2006, when President George W. Bush was seeking options to curb Iran’s nuclear ambitions. Iran has said it is developing nuclear capabilities expressly for peaceful purposes.
Individuals familiar with the program have told The Washington Post that Stuxnet was developed by specialists at the National Security Agency under the CIA’s covert authority. Israel collaborated with the United States in the effort, which continued under President Obama, they said.
Symantec’s research also found that the same organization that developed Flame, a sophisticated software program created for espionage purposes, built Stuxnet 0.5. The Post has reported that Flame was jointly built by the United States and Israel as a way to penetrate networks and map them or obtain information without alerting the target.
“The brilliance of Stuxnet lay in [the attackers] being under the radar of the target entity,” Thakur said. Both variants of Stuxnet “tried to do damage in a manner that would seem random” to the targeted party.
The Iranians initially thought the malfunctioning of the centrifuges was the result of technical problems at the plant. But when the virus somehow spread to computers outside Iran, the research community was alerted and eventually concluded that the virus was aimed at Natanz.
Stuxnet destroyed nearly 1,000 uranium-enrichment centrifuges at Natanz.
Thakur said it would be difficult for experts to re-engineer Stuxnet to use against other targets. The sophistication level in both variants is very high and building a weapon depends on deep knowledge of the target, he said.