【Introduction】Today marks the tenth anniversary of the “Stuxnet” virus.Since its first attack in 2009, this virus, known as a “super destructive weapon,” has been in a decade-long game of cat and mouse with global industrial control systems.If we consider a decade as a cycle, then in this era where “cyber warfare” could erupt at any moment, industrial control systems are at the forefront. Reflecting on “Stuxnet” after ten years is of great significance to prevent its resurgence.
In 1945, the first atomic bomb in human history was successfully tested, marking a new military era and establishing the United States as a military superpower.
In 2005, as this superpower found itself mired in war and fearful of the Iranian nuclear threat, it began planning a new type of “weapon” to counter the “nuclear” threat, which was the origin of the “super destructive weapon”—the “Stuxnet” virus.Using precise and covert “cyber attacks” to disrupt the physical world’s “nuclear” capabilities, the initiation of the “Stuxnet” project once again changed the world, opening the door to “cyber warfare” and breaking the boundaries between the cyber and physical worlds.
Today, “cyber warfare” can produce a colossal advantage that can overturn a country or even the world without losing a single soldier, gradually becoming the preferred method of confrontation between nations. This explains why, on the 20th of this month, Trump unexpectedly halted military retaliation against Iran, as he had a new idea—launching a cyber attack against Iran, targeting its intelligence agencies and missile launch systems.
With tensions high, the cyber warfare between the United States and Iran, two long-time adversaries, seems poised to ignite at any moment. The initiation of the “Stuxnet” virus stemmed from the grievances between these two countries a decade ago.
“Super Destructive Weapon”
Is actually a scheme of the U.S. cyber warfare operations
The story traces back to 2006.
That year, Iran violated agreements and restarted its nuclear program, installing a large number of centrifuges at the Natanz nuclear facility to produce enriched uranium, preparing materials for further nuclear weapon development. President Ahmadinejad proudly declared to the world, “Iran will say no to Western countries.”
However, the progress was far from what Iran expected: the operation of the nuclear facility was highly unstable, with a high failure rate of the centrifuges, and the urgently needed enriched uranium was not being produced. The unexplainable troubles left Iranian technicians uneasy:“Why do the centrifuges, which are clearly of good quality, wear out and fail as soon as they are put into production?”
On April 8, 2008, Ahmadinejad inspected the Natanz nuclear facility again, hoping to resolve this issue. This time, a key image leaked revealing the problems at the nuclear facility: the screen in the lower left corner displayed points, each representing a centrifuge, with green indicating normal operation, while two gray points indicated that two centrifuges had failed.
President Ahmadinejad inspects the Natanz nuclear facility
As time moved forward, the Iranians continued their research without finding the cause, bringing in new centrifuges, only to face repeated failures.
Until 2010, the world first discovered the “Stuxnet” virus—defined as the first virus specifically designed to target physical world infrastructure (such as nuclear power plants, dams, and national power grids). This virus, once discovered, swept through global industry and finally provided an explanation for Iran’s five-year nuclear dilemma.After extensive research by experts, it was determined to be a virus weapon specifically tailored for the Natanz nuclear facility in Iran.
Bushehr Nuclear Power Plant in Iran
Originally planned to generate power in 2008, it actually began operation in 2010
In 2012, as the Iranian nuclear issue reached a critical point, the New York Times revealed the mystery, reporting:
“The U.S. initiated a secret cyber program codenamed “Olympic Games” in 2006, launched by President Bush and vigorously promoted by President Obama, aimed at curbing Iran’s nuclear ambitions.This event also marked the opening of a dazzling door to cyber warfare.”
A Decade of Vigilance: Always Be Aware of This
World’s First Deployed “Cyber Weapon” in Combat
As the world’s first “cyber weapon” deployed in a combat scenario, the “Stuxnet” virus does not profit from stealing personal information; it is designed to attack industrial control systems.It can be said that it is a malicious virus specifically written for industrial control systems,essentially exploiting multiple “zero-day vulnerabilities” in the Windows system and Siemens SIMATIC WinCC system to carry out attacks.
Moreover, the “Stuxnet” code is highly sophisticated, primarily serving two functions: one is to cause Iran’s centrifuges to run out of control, and the other is to conceal the occurrence of failures, “misreporting” to management as “normal operation,” leading to misjudgment in decision-making.
Even more terrifying,the “Stuxnet” virus can destroy the core production control software used by chemical, power generation, and electricity transmission companies worldwide without needing a network connection; it can simply be introduced via a USB drive and then issue commands to other computers in the factory.Thus, if the “Stuxnet” virus’s Pandora’s box is opened, global industry will be shrouded in a dark haze.
Although this complex and sophisticated virus was officially exposed in 2010, research has confirmed:
As early as June 2009, the “Stuxnet” virus began to appear, with attackers launching three waves of attacks in June 2009, March-April 2010, and June 2010, each using slightly different code. Subsequently, the “Stuxnet” virus reached a peak of “conquering cities and territories.”
In July 2010, it exploited at least four vulnerabilities in the Microsoft operating system, three of which were brand new zero-day vulnerabilities; forged digital signatures for drivers; and through a complete intrusion and propagation process, broke through the physical limitations of industrial dedicated local area networks; utilizing two vulnerabilities in the WinCC system to conductdestructive attacks. Not only did the Natanz nuclear facility in Iran experience a massive explosion, with over 2,000 centrifuges blown away, but 45,000 networks worldwide were infected, and 60% of personal computers were also affected.
Born from the application of warfare between nations, the ongoing state-level cyber attacks have also become the mission of “Stuxnet.”
In February 2011, at least 1/5 of the centrifuges at Iran’s Natanz uranium enrichment facility were forced to shut down due to infection by the virus.
In March 2013, the U.S. again used the “Stuxnet” worm virus to attack Iran’s uranium enrichment equipment, causing delays in the operation of the Iranian nuclear power plant. At that year’s Geneva conference, Iran was forced to announce a halt to the production of enriched uranium.
Since then, although “Stuxnet” has not launched any major attacks, since its disclosure, several virus creators have derived many variants based on it, widely spreading to every corner of the internet. The “Stuxnet” mission has never ceased, nor has it abandoned its goal of “conquering cities and territories.”
Today, nearly ten years since “Stuxnet” was first deployed in combat, its impact has far exceeded the Natanz nuclear facility, with reports indicating that six million computers in China alone have been infected.
A Decade of Vigilance: In the face of such a “super destructive weapon” capable of halting “nuclear” capabilities, especially regarding the safety of national infrastructure systems, it is not excessive for any country to remain vigilant with a hundredfold effort.
Impact That Changed the World
Did the “Stuxnet” virus achieve its goals?
A decade of cycles.At this time in 2009, the “Stuxnet” virus had begun a stable and strong attack on Iran’s nuclear program.Ten years later, Trump again authorized U.S. cyber forces to launch cyber attacks against Iran.And this day coincides with the tenth anniversary of the “Stuxnet” virus.
The question of the decade. Has this so-called “epic” cyber weapon been effective? Over the past decade, has it changed the world? In what ways?
The answer is undoubtedly affirmative! Looking back over the past decade, this virus, backed by a nation and targeting global industry, has not only shocked Iran with its destructive power comparable to that of a “nuclear” weapon but has also intimidated the world. Meanwhile, think tanks believe that the “Stuxnet” virus opened the door to “cyber warfare,” bringing about significant changes in the global military landscape:
1.From an attack perspective, “Stuxnet” changed people’s perception of weapons. If one can destroy a country’s power, industrial, and energy systems without losing a single soldier, military strategists will be eager to pursue such methods. This non-military warfare is what we call cyber warfare, and its “weapons” are those vulnerabilities and viruses.
2.From the scope of attacks, “Stuxnet” first broke the boundaries between the physical and cyber worlds, allowing them to influence, permeate, and utilize each other.The effect of 1+1>2 is particularly evident in these two worlds, making cyber warfare increasingly severe.
3.From a defensive perspective, cyber warfare represented by “Stuxnet” has completely changed the form of defense.Cyber warfare primarily targets critical infrastructure such as transportation, energy, and finance, with opponents being organized and powerful hacker groups backed by nations. Moreover, it does not distinguish between wartime and peacetime, often launching attacks without declaration, and may have infiltrated and laid dormant for years before an attack. Such powerful characteristics render traditional “Maginot Line” defenses inadequate.
Cyber warfare is gradually becoming a significant threat that could trigger a third world war in the 21st century, characterized by “invisible enemies, unknown attack locations, and unclear attack methods!” In this era, whoever masters “cyber weapons” will become the new hegemon in the world and gain the upper hand in this new battlefield.
In this regard, those leading cybersecurity companies have already recognized the severity of this situation. Just this June, Zhou Hongyi, chairman and CEO of 360 Company, stated at the Internet Security Conference (ISC) media communication meeting that cyber warfare poses a severe challenge to every country and is an unavoidable topic for the cybersecurity industry and enterprises. From the characteristics of cyber warfare, it does not distinguish between wartime and peacetime, nor between military and civilian; national critical infrastructure will be the primary target of attacks. The Chinese cybersecurity industry must undergo a shift in thinking; if it cannot think from a higher dimension regarding cybersecurity, the gap with cyber-strong nations will only widen.
Zhou Hongyi at the 2019 ISC media communication meeting
In the face of such an era, think tanks hope that China can give birth to more cybersecurity companies like 360 that are at the forefront of the world, empowering the nation, enterprises, and individuals with strong technology. At the same time, whether it is the nation, enterprises, or individuals, we must always be vigilant:The specter of war has never been far away; it has merely changed its form and could arrive at any moment!
Follow the “International Security Think Tank” public account
To learn more about domestic and international cybersecurity information