TIMELINE
1. Stuxnet gets onto the network
According to the cyber-security company Symantec, Stuxnet likely reached Iran’s Natanz nuclear facility through a contaminated USB drive.
For the malware to infiltrate the network, someone would have needed to physically plug the USB stick into a computer connected to the system—either intentionally or unintentionally. Once connected, the worm installed itself into the plant’s computer network.
2. Worm spreads through computers
Once it infiltrated the computer system, Stuxnet began searching for software that manages machines known as centrifuges.
Centrifuges operate by spinning materials at extremely high speeds to separate their components. At the Natanz facility, these centrifuges were used to separate various forms of uranium, focusing on isolating ‘enriched uranium,’ a material essential for producing both nuclear power and nuclear weapons.
3. Stuxnet re-programmes centrifuges
The worm located the software controlling the centrifuges and embedded itself, taking over their operation.
Stuxnet launched two distinct attacks. Initially, it caused the centrifuges to spin at dangerously high speeds for approximately 15 minutes before restoring them to normal operation. About a month later, it executed a second attack, slowing the centrifuges down for around 50 minutes. These disruptions were repeated over several months.
4. 1,000 machines are destroyed
Over time, the stress caused by the extreme speeds led the infected machines to break down.
Reports indicate that Iran had to decommission approximately 20 percent of the centrifuges at the Natanz facility during the attack.
Stuxnet, a sophisticated computer worm, was designed to disrupt Iran’s nuclear enrichment capabilities, particularly targeting the Natanz facility. Here’s a timeline of key events:
- 2005-2007: Development of Stuxnet is believed to have commenced during this period, requiring collaboration among experts in cybersecurity, industrial systems, and intelligence.
- 2007: Reports suggest that Stuxnet was deployed against Iran’s nuclear facilities around this time, aiming to sabotage uranium enrichment processes.
- 2009: The worm is believed to have caused significant disruptions at the Natanz facility, leading to the breakdown of approximately 1,000 centrifuges.
- June 2010: Stuxnet is publicly identified by cybersecurity experts after it spreads beyond its intended targets, affecting systems worldwide.
- September 2010: Analyses reveal that Stuxnet specifically targeted Siemens PLCs used in Iran’s nuclear program, manipulating centrifuge speeds to cause physical damage while displaying normal operations to monitoring systems.
- November 2010: Iranian officials acknowledge that malicious software attacked their nuclear facilities, causing delays in their nuclear program.
- 2011: Further investigations confirm that Stuxnet was a joint operation by the U.S. and Israel, marking one of the first known uses of a cyber weapon to cause physical destruction.
Stuxnet’s deployment marked a significant milestone in cyber warfare, demonstrating the potential for malware to cause tangible damage to critical infrastructure.