The attacks on Iranian nuclear facilities that these days scare the world for their geopolitical repercussions, are the last of a campaign that the Armed Forces and Israeli intelligence services began years ago to hack, sabotage and delay Iran’s ability to manufacture atomic bombs. It all started with Stuxnet, the first cybermark in history that managed to destroy Industrial infrastructure in an intelligence operation and later he became infected thousands of teams in 115 countries.
On Thursday, June 12, Israeli Prime Minister Benjamin Netanyahu announced that war planes in his country had attacked the main uranium enrichment installation of Iran in Natanz, one of the two sites where, according to Western sources, he has been operating centrifugators to enrich uranium at levels much higher than necessary for peaceful uses, such as the generation of energy. American media point out that the White House also has plans to bombard Iranian nuclear plants in what would be an escalation of unpredictable consequences for a convulsive world.
Leaving aside the political issues that do not correspond to a technological environment, we must remember how and when this campaign began. The attacks against Iran of recent weeks occur 15 years after Israel launched an intelligence operation that inserted a worm called Stuxnet in the software of the Natanz plant that controlled the centrifuger waterfalls. The operation destroyed approximately 1,000 centrifugators in a plant that like others of its kind was not connected to the Internet. He also infiltrated another dozen facilities.
IEEE Spectrum has recovered a special article published in 2013 where it is described ‘The true story’ of this malware. It was one of the detailed reports pioneers about how the Stuxnet worm was discovered and analyzed from the point of view of an analyst of the Kaspersky cybersecurity firm, one of the first researchers that detected Stuxnet. A case that is still studied and that has given rise to a whole family of malware of the Cybermine Group, some based on this same development.
Unfortunately, it is again fully in the terrible situation of the Middle East and in a time of digital cold war in which the most powerful countries compete to cybermage, spy on other nations and try computer networks with the intention of Use Internet as a battlefield.
Stuxnet: malicious, but masterful in code and capacity
As a senior researcher at Kaspersky Lab, a leading computer security company based in Moscow, Roel Schouwenberg spent days (and many nights) at the American headquarters of the laboratory in Woburn, Massachusetts, fighting against the most insidious digital weapons in history, capable of paralyzing the water supply, the power plants, the power plants, the banks, the banks, the banks, the banks, the banks, the banks and Infrastructure that once seemed invulnerable to computer attacks.
Recognition of these threats He shot in June 2010 with the discovery of Stuxneta computer worm of only 500 kilobytes that infected the software of at least 14 industrial plants in Iran, including the aforementioned uranium enrichment plant. While a computer virus depends on an involuntary victim to install it, a worm is able to spread on its own, often through a computer network.
This worm was a unprecedented malicious code that attacked in three phases. First, it attacked Microsoft Windows machines and networks, repeatedly replicating. Then, I was looking for Siemens Step7 software, also based on Windows, used to program industrial control systems that operate equipment such as centrifuging. Finally, it compromised programmable logical or PLC controllers.
In this way, the authors of the worm could spy on industrial systems and even cause centrifuging, which turned at high speed, were dismantled without the plant operators knowing it. Iran has not yet confirmed the reports that Stuxnet destroyed some of its centrifugers, but multiple analysts take it for granted.
Although the authors of Stuxnet have not been officially identified, the sophistication of the worm have led experts to believe that it could only have been created with the sponsorship. While no one has recognized it, filtrations to the press of officials from the United States and Israel firmly suggest that these two countries were responsible.
Since Stuxnet’s discovery, Schouwenberg and other computer security engineers have been fighting other ‘armed’ viruses, such as Flame, Gauss and Duqu, a development that became known as ‘Stuxnet 2.0’ for their similarities. Since then, the malicious offensive of these developments has been total and has marked a inflection point in geopolitical conflicts. The apocalyptic scenarios that before only imagined in science fiction films, finally became plausible.
How Stuxnet was discovered
The viruses were not always so malicious. In the 1990s, when Schouwenberg was just a teenager geek in the Netherlands, andL Malware used to be the work of jokers and hackerspeople looking to block computers or graffiti in the AOL starting pages. After discovering a computer virus on his account with 14 years, Schouwenberg sent an email to the founder of Kaspesky, asking him if he should study mathematics at the university if he wanted to be a security specialist. Eugene Kaspersky responded by offering her work with only 17 years.
After four years working for the company in the Netherlands, he moved to the Boston area. There, Schouwenberg discovered that an engineer needs specific skills to combat malware. Since most viruses are designed for Windows, applying reverse engineering required assembly language X86. During the following decade, Schouwenberg witnessed most significant change in history of the cybersecurity industry. Manual virus detection gave way to automated methods designed to detect up to 250,000 new malware files every day.
All this changed in June 2010, when a be bellruused company of malware detection received a customer application to determine why their machines were restarted again and again. Malware was signed with a digital certificate to appear to come from a reliable company. This feat caught the attention of the antivirus community, whose automatic detection programs could not control such a threat. This was Stuxnet’s first sighting in Action.
The danger represented by the counterfeit signatures was so scary that computer security specialists began to discreetly share their email findings and in online private forums. “The exchange of information in the computer security industry can only be classified as extraordinary”explained the director of F-Secure research. «I can’t think of any other IT sector where there is so wide cooperation between competitors«.
Objectives and responsible
Before they knew the concrete objectives of the malware, the researchers of Kaspersky and other security companies began to carry out reverse engineering of the code, collecting clues on the road: the number of infections, the fraction of infections in Iran and the references to the industrial programs of Siemens that were used in energy plants. Schouwenberg was very impressed by the fact that Stuxnet had done not only one, but four zero day exploitsattacks that take advantage of vulnerabilities previously unknown to the community.
«It was not only a revolutionary figure; Everyone complemented perfectly »explained the analyst. LNK vulnerability (direct access to files in Microsoft Windows) is used to spread through USB memories. The vulnerability of the shared printing tail is used to spread in networks with shared printers, something extremely common in shared internet connection networks. The other two vulnerabilities were related to the privilege escalation, designed to obtain privileges at the system level even when computers had been completely blocked. “And all this brilliantly executed”he commented.
Schouwenberg and his Kaspersky colleagues soon concluded that the code was too sophisticated to be the creation of a heterogeneous hacker group and described it as «A functional and scary prototype of A cybernetic weapon that will lead to the creation of a new world arms race«. The development was so complex that the cybersecurity firm thought that a team of 10 people would have needed at least two or three years to create it.
The questions were in the air: who was responsible and why had been created? It was soon clear, both in the code itself and in the field reports, that Stuxnet had been specifically designed to subvert the Siemens systems that operated centrifuging in Iran’s nuclear enrichment program.
Kaspersky analysts realized that the objective was not to obtain economic benefits. It was an attack with political motivations. There was no doubt that it was sponsored by a nation-state, a well-known phenomenon today, but that at that time the majority of computer security specialists surprised. «This was the first real threat we saw with real political ramifications. It was something we had to deal with »They say.
Implications
Stuxnet’s implications and later from others such as Flame (supposedly developed by the same authors and equally powerful although dedicated to espionage) opened the era of cyberbrains sponsored by the states, but their implications went much further, Because the code always ends up being publicly available. Recall that Stuxnet ended up infecting thousands of computers in 115 countries with distant objectives for which it had been originally created.
Hackers can simply Reuse specific components and technology available online for your own attacks. Criminals could use cyberspage to, for example, steal customer data from a bank or simply havoc as part of an elaborate joke.
“There is much talk about nations trying to attack ourselves, but we are in a situation in which we are vulnerable to an army of 14 -year -olds with two weeks of training”said Schouwenberg in 2013 with a clairvoyance that scares today, because cyber attacks to critical infrastructure are the order of the day. And what we know is only the tip of the iceberg.
