Stuxnet nuclear sabotage malware's evolution revealed
Discovery of older Stuxnet 0.5 shows it used different attack mechanism
By Emily Chung, CBC News
Posted: Feb 26, 2013 2:27 PM ET
Last Updated: Feb 26, 2013 4:23 PM ET
An earlier version of malware designed to sabotage Iran's nuclear program has been discovered, revealing new information about the development of the sophisticated cyber-weapon.
Stuxnet 0.5 was already active in 2007, suggesting that it was developed as early as 2005, security researchers at internet security firm Symantec reported Tuesday at the RSA information security conference in San Francisco.
"They were working on these types of cyber-sabotage well before anyone gave any credence to this sort of thing," said Eric Chien, Symantec's technical director of security technology and response, in an interview Tuesday.
"The guys behind this were well ahead of their time …. It's kind of mind-blowing."
The older version of Stuxnet also contained code that had been disabled and was noticeably missing in the newer version. That code was designed to implement a completely different type of attack on Iran's nuclear facilities.
The discovery of Stuxnet 1.x in July 2010 alarmed and astonished the world. The highly sophisticated malware appeared to have been developed as a military-grade cyber-weapon to damage real-world facilities — centrifuges in Iran used to produce enriched uranium fuel for the country's nuclear reactors.
The New York Times reported that Stuxnet may have shut down a fifth of the Iran's nuclear centrifuges at one point by causing them to spin out of control.
A book by New York Times chief Washington correspondent David E. Sanger published last July, based on interviews with unnamed U.S. cyberweapons officials, confirmed the U.S. and Israeli military were behind the attack, that they first started testing Stuxnet in 2003, and that the plan to attack Iran's Nantaz nuclear enrichment facility was first hatched in 2006.The older version of Stuxnet also contained code that had been disabled and was noticeably missing in the newer version. That code was designed to implement a completely different type of attack on Iran's nuclear facilities. (Reuters)
Symantec discovered Stuxnet 0.5 in a sample submitted by a malware scanning service in November 2007. The company collects samples from internet security services around the world and regularly combs through its archives, looking for both new and familiar threats.
In this case, Chien said, the malware showed some familiar patterns.
"Pretty quickly, we realized it was an early version of Stuxnet."
The team spent the next couple of months studying it and comparing it with the later version of Stuxnet.
Missing code found
They discovered that the code missing in the newer version was designed to open and close the valves that manage the flow of uranium hexafluoride gas into the uranium enrichment centrifuges. That would have caused pressure to build up inside the centrifuge system, causing damage.
Chien said the fact that the later version used a different strategy suggests that the first strategy was not as successful as Stuxnet's creators had hoped.
The other major difference between the early and later version of Stuxnet is its method of spreading. The later version used seven different methods, including some that exploited vulnerabilities in the Windows operating system, which would have let it spread to a variety of machines, including laptops and PCs.
However, Stuxnet 0.5 used only one of the seven methods — one that restricted it a specific type of file used mainly by developers to add source code to a text file, Chien said.
The discovery of Stuxnet 0.5 still leaves some unanswered question. There are still missing pieces that suggest there are other versions of the malware out there, Chien said.
However, it does highlight the usefulness of going back and searching through malware archives, he added.
"It's something we do because we find stuff like this."
The RSA conference runs until March 1.
Top News Headlines
- 3 more suspects arrested in slaying of U.K. soldier
- British police investigating the savage killing of an off-duty soldier in London have arrested three more suspects. more »
- Hockey Canada votes to ban bodychecking in peewee hockey
- Hockey Canada's board of directors voted to eliminate bodychecking from peewee-level hockey on Saturday in Charlottetown. more »
- Neil Macdonald: How serious is Obama about curbing the drone surge?
- In a key speech this week, the U.S. president set out a host of supposed new safeguards for America's controversial practice of remote-controlled rough justice. But as Neil Macdonald writes, the underlying rationale for drone use has not fundamentally changed. more »
- Ontario man lost in Australian mountains has survival skills
- The sister of an Ontario man who disappeared in Australia's Snowy Mountains nearly two weeks ago says she remains hopeful he will be found, partly because of his training as a Canadian Forces reservist. more »
Latest Technology & Science News Headlines
- 1976 Apple computer sells for $668,000
- An auctioneer says one of Apple's first computers — a functioning 1976 model — has been sold for a record $668,000 US. more »
- 3D printers give rise to 'desktop manufacturing'
- Customizable objects from plastic dollhouse furniture to medical prosthetics can now be designed and printed out by almost anyone at the press of a button, and is going to lead to an 'explosion of new stuff,' predicts author Chris Anderson. more »
- Google Street View captures Galapagos Islands
- Few have explored the remote volcanic islands of the Galapagos archipelago, an otherworldly landscape inhabited by the world's largest tortoises and other fantastical creatures that inspired Charles Darwin's theory of evolution. more »
- King Richard III buried in 'untidy' grave
- New information has surfaced in the odd tale of the British king buried in a car park. King Richard III's remains, which were discovered August under a parking lot in Leicester, England, were laid to rest in a grave researchers are now saying was "badly prepared" and "untidy." more »
Bob McDonald's Blog
- Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.
- McDonald's CEO chastised by 9-year-old B.C. girl
- Will Rob Ford's supporters leave Ford Nation?
- Toronto Mayor Rob Ford denies using crack cocaine
- Dog snared on baited hooks near Vancouver's Grouse Grind trail
- Washington police blame bridge collapse on Alberta trucker
- 3 more suspects arrested in slaying of U.K. soldier
- Wallin may be forced to repay thousands in travel expenses
- Canada ranks 3rd last in paid vacations
- Toronto mayor's brother says he never dealt drugs