Security researchers claim Stuxnet, a worm first detected in June, may be a highly-advanced cyber weapon created to destroy something in the physical world: the Bushehr nuclear power plant in Iran. It is believed that the worm is created by a team of hackers working for a nation state, and because Iran is the apparent epicenter of the Stuxnet infections it is believed that an enemy of Iran with advanced cyber war capability might be involved.
The exact target is unknown, but experts discovered the virus is capable of attacking one specific factory or power plant in the entire world, even if the target is not directly connected to the Internet, as it's also capable of spreading via USB sticks. Analysis of the worm found that once Stuxnet finds its target, it identifies and overrides a criticial function running on a Siemens programmable logic controller (PLC), resulting in the destruction of the worm's target.
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.
Interestingly, the article suggests the worm may already have wrecked Bushehr, as the expected startup in late August has been delayed, for unknown reasons:
Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)