Cybersecurity professionals -- especially in Iran -- woke up today to the latest twist in the history of cyberwarfare when researchers at Symantec said they discovered a version of the Stuxnet computer virus which predates by two years the cyber weapon that was used to sabotage Iran's main nuclear enrichment facilities.
The U.S. and Israel are widely believed to be behind Stuxnet, though neither country has claimed authorship publicly. (The New York Times reported that President George W. Bush initiated the attacks, a program which has continued in the Obama administration.) Stuxnet first came to public light for the role it played in a 2007 attack against Iran's uranium enrichment facility. But in an 18-page report released today, Symantec said it had found a string of code it called "Stuxnet 0.5," which dates back to 2005.
"There isn't any really new evidence of who the people behind this attack were, but these were not just a bunch or hactivists or someone with a vendetta," said Eric Chien, technical director of Symantec's Security Response Team.
Whoever the author -- or authors -- are, Symantec paid them a compliment for creating "a complicated and sophisticated piece of malware requiring a similar level of skill and effort to produce" with Stuxnet 0.5, which Symantec termed "the missing link." When Stuxnet got discovered in July 2010, it was recognized as one of the most sophisticated pieces of malware ever written. What's more, it proved that malicious programs could successfully wreak havoc on critical national infrastructure.
The virus targeted computers running Siemens software used in industrial control systems. All told, it infected software in at least 14 industrial sites in Iran and is thought to be the first known malware that targeted the controls at industrial facilities.
It's unclear how effective or what level of success Stuxnet 0.5 achieved. Chien noted that the code in the 2005 version was complete and did not resemble a beta copy that escape into the wild. He suggested, however, that the later evolution of Stuxnet indicated that the authors adjusted their attack strategy in order to inflict wider damage. "It appears that it didn't work according to their liking so they got more aggressive. The results didn't work to their liking or didn't fill all their strategic goals. So they changed (Stuxnet) in the 1.x version."