An in-depth report that came out today from the the New York Times confirms the reality of the statement because it finally unravels the history and development of the Stuxnet virus—and how it accidentally escaped from the Iranian nuclear facility that was its target.
The code was solely speculated to work among Iran’s Natanz refining facility, that was air-gapped from outside networks and so tough to penetrate. However computers and memory cards can be carried between the general public web and therefore the personal Natanz network, and a preliminary little bit of “beacon” code was used to map out all the network connections among the plant and report them back to the NSA.
[pullquote]Previous cyberattacks had effects limited to other computers,[/pullquote]
That program, initially allowed by George W. Bush, worked well enough to supply a digital map of Natanz and its industrial management hardware. Soon, US national labs were testing totally different bits of the decide to sabotage Natanz (app
arently while not knowing what the work was for) using similar centrifuges that had return from Libya’s Qadaffi regime. When the coders found the correct sets of commands to literally shake the centrifuges apart, they knew that Stuxnet may work.
When Stuxnet net was originally ready, it was introduced to Natanz, possibly by a double agent.
Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others—both spies and unwitting accomplices—with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.
Stuxnet is old news now. Even the newly discovered “Flame” malware was developed some time ago. Whereas details concerning these 2 targeted attack packages are finally rising, the generation of attack tools has a new standard, and they are no doubt being developed and even deployed as of now.