Skip to content ↓ | Skip to navigation ↓

SCADA/ICS security expert Ralph Langner has published his latest analysis of the infamous Stuxnet malware after reverse engineering the code, and has concluded that the older version of the malicous code was designed to be far more aggressive, and could have inflicted much greater kinetic damage.

Stuxnet is the highly sophisticated designer-virus that is thought to have caused severe damage to Iranian uranium enrichment facilities, setting back the nation’s nuclear weapons program by as much as several years.

Langner, who is credited with being the first to document how Stuxnet targeted Siemens PLCs employed by Iran to control centrifuges used to refine weapons-grade uranium, said the developers behind the malware made a tactical decision to decrease the destructiveness of the delivered payload, a move that might be considered counter-intuitive given the goal of the operation.

“If the idea was catastrophic destruction, one would simply have to sit and wait. But causing a solidification of process gas would have resulted in simultaneous destruction of hundreds of centrifuges per infected controller,” Langner writes.

“While at first glance this may sound like a goal worthwhile achieving, it would also have blown cover since its cause would have been detected fairly easily by Iranian engineers in post mortem analysis. The implementation of the attack with its extremely close monitoring of pressures and centrifuge status suggests that the attackers instead took great care to avoid catastrophic damage. The intent of the overpressure attack was more likely to increase rotor stress, thereby causing rotors to break early – but not necessarily during the attack run,” Langner theorized.

He goes on to warn that it would not require a powerful nation-state to produce such malware, as similar exploit code could one day be packaged into “user-friendly point-and-click software applications” and that the “skill set for those who assemble and deploy a specific sample of cyber-physical attack code will then drop dramatically.”

Read more Here…(PDF)