September 26, 2011

From the man who discovered Stuxnet, dire warnings one year later

One year ago a malicious software program called Stuxnet exploded onto the world stage as the first publicly confirmed cyber superweapon – a digital guided missile that could emerge from cyber space to destroy a physical target in the real world.
It took Ralph Langner about a month to figure that out.

While Symantec, the big antivirus company, and other experts pored over Stuxnet's inner workings, it was Mr. Langner, an industrial control systems security expert in Hamburg, who deciphered and tested pieces of Stuxnet's "payload" code in his lab and declared it a military-grade cyberweapon aimed at Iran's nuclear facilities.
Days later, he and other experts refined that assessment, agreeing Stuxnet was specifically after Iran's gas centrifuge nuclear fuel-enrichment program at Natanz.

After infiltrating Natanz's industrial-control systems, Stuxnet automatically ordered subsystems operating the centrifuge motors to spin too fast and make them fly apart, Langner says. At the same time, Stuxnet made it appear random breakdowns were responsible so plant operators would not realize a nasty software weapon was behind it.


Christian Science Monitor