The History and Legacy of Stuxnet

It wreaked havoc in the past, but is Stuxnet still a threat?

Stuxnet spelled out against a background of computer components
Diane Macdonald / Getty Images

Stuxnet was a malicious computer worm that was uncovered in 2010 but was probably in development since 2005. Its original target was Iran's nuclear facilities. It eventually mutated and spread to other industrial entities, such as water treatment plants, power plants, and gas lines.

Stuxnet garnered unprecedented media attention. It was the first computer virus that could cripple hardware and because it appeared to have been created by intelligence agencies in the U.S. and Israel.

In 2012, the United States confirmed that Stuxnet was a joint effort by U.S. and Israeli intelligence experts developed during the George W. Bush administration.

What Did Stuxnet Do?

Stuxnet was a tool that aimed to derail or at least delay Iran's program to develop nuclear weapons. Stuxnet was designed to alter the Programmable Logic Controllers (PLCs) used to automate machine processes in nuclear facilities and other industrial and energy-producing plants.

Specifically, Stuxnet targeted the centrifuges that produce the enriched uranium that powers nuclear weapons and reactors. Reports say that Stuxnet destroyed many centrifuges in Iran's Natanz uranium enrichment facility by making them burn themselves out.

The Stuxnet worm spread on Windows computers through infected USB sticks. When it landed on a computer, it searched for a certain type of Siemens software. It determined if the computer controlled or monitored specific PLCs that interacted with industrial machines, such as uranium centrifuges.

Illustration of Stuxnet worm's infiltration via USB
 Vamos Sandor / CC BY 4.0

After finding a computer that controlled PLCs, Stuxnet automatically updated its code and altered the PLC programming to send damaging instructions. As a result, the uranium centrifuges spun too quickly and for too long, damaging or destroying the electro-mechanical equipment. Meanwhile, anyone monitoring the equipment would be unaware that anything was wrong until it was too late.

Stuxnet had a specific purpose and was never intended to go beyond its mission at Iran's Natanz nuclear facility. Since Natanz didn't have internet access and the worm spread via USB, its perpetrators thought it would be easy to contain. However, it eventually ended up on internet-connected computers and spread. Although because of its specificity, it did little damage to outside computers.

Experts theorize that Stuxnet was introduced to Iran's Natanz nuclear facility by a double agent.

The Legacy of Stuxnet

Stuxnet reportedly had an expiration date of June 2012 preprogrammed, and Siemens issued fixes for the software vulnerabilities in its PLCs that Stuxnet exploited. Still, malware with similarities to Stuxnet lives on.

Duqu was a collection of computer malware discovered in 2011 and thought to be related to Stuxnet. In 2012, a new malware known as Flame was found, also thought to be related to Stuxnet. In 2017, a form of malware eerily similar to Stuxnet called Triton malware was discovered attacking industrial complexes in the Middle East.

Stuxnet's biggest legacy was its new approach. It was a game-changer because, as weapons-grade malware, it created a world where computer viruses can cause physical destruction. It set off a kind of cyber arms race that exists to this day, with malware growing ever more sophisticated.

The Stuxnet types of worms aren’t after the average person. These worms do, however, serve as a reminder that all users must take precautions when using corporate websites to enter personal data.