Flaws in Stuxnet Worm Deflect Suspicion From US, Israel

January 21, 2011 Updated: October 1, 2015

A handout image supplied by the IIPA (Iran International Photo Agency) shows Iran's Bushehr nuclear power plant on Aug. 21, 2010. The facility took 35 years to build and was the target of a cyberattack using the Stuxnet computer worm. (IIPA via Getty Images)
A handout image supplied by the IIPA (Iran International Photo Agency) shows Iran's Bushehr nuclear power plant on Aug. 21, 2010. The facility took 35 years to build and was the target of a cyberattack using the Stuxnet computer worm. (IIPA via Getty Images)
The video is still available online, an Israeli voice in the background. Targeting guides drift on the gun-cam as the F-16 nears its target. A bright flash is seen on the ground below, as Iraq’s Osiraq nuclear reactor bursts into flames. A beeping is then heard over the camera, the pilot, breathing hard, pulls up and to the side, presumably dodging an anti-air weapon.

Israel’s 1981 bombing of the Iraq nuclear reactor, dubbed “Operation Babylon,” is credited with preventing Iraq from being nuclear armed ahead of the Persian Gulf War in 1991. The attack was also one of the world’s first introductions to cyberwarfare. Israel preceded its airstrike with a cyberattack to shut down Iraqi air defense networks.

Nearly three decades later, it happened again. The difference this time is that the attack was purely digital. On Sept. 26, 2010, Iran’s state-run media announced that the Bushehr Nuclear Power Plant was infected by malware that hit the IP addresses of more than 30,000 computer systems. The virus then spread uncontrollably and was found on computers in countries including China, Germany, and Indonesia.

The malware behind the attacks was dubbed “Stuxnet.”

The New York Times published an article on Jan. 16 shining more light onto the issue. It stated that Israel built nuclear centrifuges identical to those in the Bushehr plant to test a computer worm, and had cooperation from the United States. Although there is still no direct proof that the United States or Israel were behind Stuxnet, the two countries were the main suspects to begin with.

Despite accusations that Stuxnet was a U.S.-Israel project, there are flaws in the worm that suggest it was created elsewhere. Black Hat DC conference on digital exploits and cyberattacks on Jan. 18, security consultant Tom Parker analyzed Stuxnet’s code.

Parker “presented a compelling case that Stuxnet may be the product of a collaboration between two disparate groups, perhaps a talented group of programmers that produced most of the code and exploits and a less sophisticated group that may have adapted the tool for its eventual use,” states a report from Threat Post, the security news service of anti-virus company Kaspersky Lab.

"This was probably not a Western state. There were too many mistakes made. There's a lot that went wrong," Parker said, according to Threat Post. “There's too much technical inconsistency. But, the bugs were unlikely to fail. They were all logic flaws with high reliability." In simple terms, there were technical shortcomings, but the virus was still highly reliable.

Nate Lawson, a cybersecurity expert with Root Labs, analyzed Stuxnet in a Jan. 17 blog post, stating, “I really hope it wasn’t written by the USA because I’d like to think our elite cyberweapon developers at least know what Bulgarian teenagers did back in the early ’90s.”

Like Parker, Lawson states that the Stuxnet worm is full of holes. Among the shortcomings are “the Stuxnet developers seem to be unaware of more advanced techniques for hiding their target,” and “It does not use virtual machine-based obfuscation, novel techniques for anti-debugging, or anything else to make it different from the hundreds of malware samples found every day.”

Giving it credit, Stuxnet was highly effective and accomplished at what it was likely set loose to do—destroy Iran’s nuclear centrifuges. It was also incredibly clean and was free of any digital fingerprints that could trace it back to its creator.

The worm has no potential for monetary gain, which made the United States and Israel prime suspects.

The shortcomings of the virus were its downfall, however, and allowed it to be caught, duplicated, and analyzed by security experts the world over.

The Perfect Cyberweapon

The latest revelation about Stuxnet’s origins isn’t likely to cause more fallout from the region since it is more accusatory than conclusive. Discussions around Stuxnet will likely continue to receive the same denials it already carries from U.S. and Israeli officials.

Follow Joshua on Twitter: @JoshJPhilipp