Stuxnet cyberweapon dates back to 2005, Symantec researchers find

Timed to hit Natanz nuclear facility in 2007

The Stuxnet cyber-weapon discovered slamming into Iran's Natanz nuclear enrichment facility in the summer of 2010 was probably in development for up to five years before that date, a new analysis by Symantec has suggested.

The evidence for this extraordinary conclusion is the discovery of an early version 0.5 development cycle that the company said ran from November 2005 to mid-2009 when the more advanced version 1.0 eventually detected by security companies took over the heavy lifting.

Domains associated with Stuxnet 0.5's command and control (C&C) network had been traced to this early date, with the same software submitted to a public scanning service two years later in November 2007.

After 4 July 2009 (is that date pure coincidence?) Stuxnet 0.5 was not used for new infections, a period that overlapped with the emergence of the more potent Stuxnet 1.0.

The dates are important because it suggests that Stuxnet's creators started work on the weapon before the Natanz facility started operation in 2007, a degree of foresight that identifies the sofwtare as surely the earliest cyberweapon yet discovered.

Intriguingly, the early Stuxnet was partly based on the 'Flame' platform, the later version on the 'Tilded' platform, which reinforces the sense researchers have been given since 2010 that there were two development teams working on different families of cyber-weapon.

These two teams produced not only Struxnet's two incarnations but a number of other cyberweapons that included Duqu, Gauss and the remarkable Flame, all discovered since Stuxnet.

Symantec's detective work confirms the fascinating extent to which Stuxnet 0.5 had been designed to reach Iranian networks not even connected to the Internet.

"To allow updates to reach these machines, Stuxnet 0.5 also used a peer-to-peer mechanism [Windows mailslot]," said Symantec.

"As long as one updated version was introduced into this network- for example through an infected USB key - all the other infected machines on the network could receive updates or new code modules."

The precise origins of Stuxnet might never be confirmed but in Symantec's view all doubt that this was a weapon designed to cause damage to nuclear centrifuges should now be discounted.

Its designers thought through how to mis-control the equipment in minute detail, according to the security firm, to the extent of trying to hide the fact that it was being made to malfunction.

"It is really mind blowing that they were thinking about creating a project like that in 2005," Symantec researcher Liam O'Murchu told Reuters in advance of the report's publication.

Feature: Iran v USA - the world's first cyberwar has started

More about: Reuters, Symantec
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Personal Tech, symantec, security
ARN Directory | Distributors relevant to this article
Anyware Corporation , Aquion , Dicker Data , Express Data , Impact Systems Technology , Ingram Micro Australia , Leader Computers , Lynx Technologies , Topstar Computer International
ARN Directory | Vendors relevant to this article
Get exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
ARN Vendor Directory

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.


Latest News

Apr 17
Splunk exec defects to tech disruptor Elasticsearch
Apr 17
JCurve acquisition to boost telco play following $A2.5m capital raising
Apr 17
Vodafone tackles FIFA World Cup with $5 roaming in Brazil
Apr 17
Kim Dotcom says he's set to get assets back
More News
24 Apr
The China Healthcare ICT Conference 2014
05 May
CeBIT Australia 2014
06 May
Oracle Day 2014 - Across 2 Cities
06 May
Oracle Day 2014 - Across 2 Cities
View all events