Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

Symantec reports early Stuxnet variant first went live in 2005

'Very different' code caused gas attack on nuclear program

Iain Thomson in San Francisco Tue 26 Feb 2013 // 19:12 UTC

RSA 2013 A new report from Symantec claims that Stuxnet is not a recent piece of malware, but was in action trying to cripple Iran's nuclear program way back in 2005.

"We now have evidence that Stuxnet actually had its command and control servers alive in 2005, that's five full years than anyone previously thought," said Francis deSouza, president of products and services at Symantec in his RSA 2013 keynote. "We also have evidence of this early variant of Stuxnet that we captured called Stuxnet 0.5, which behaves very differently from Stuxnet 1.0 found in 2010."

The 2010 version of Stuxnet attacked the Iranian nuke fuel program at Natanz by varying the speeds of motors in the centrifuges used for preparation of uranium at the plant. But Stuxnet 0.5 was designed for a different form of sabotage, and one that could have had explosive results.

The newly discovered code, which was first active in 2007, was installed via a USB key and lay dormant until the enrichment process began. It then took a series of snapshots of the control screen of the plant with all systems running normally, made an inventory of the system, and then went to work on the valves that feed uranium hexafluoride gas into the centrifuges.

These valves would be opened up to make sure the gas flowed into the centrifuges regardless of the state of the fuel. It would hold them open for six minutes, all the while displaying the normal operations screens it swiped earlier, then would shut itself down and go into hiding again.

As well as damaging both the centrifuges and the fuel, such jiggery pokery could conceivably have caused a pressure buildup that would have caused the highly corrosive and toxic gas to leak out. It is not known what the final damage was to the Iranian facility, but according to data from the Institute for Science and International Security (ISIS) it caused a significant dip in the amount of usable uranium created.

What's interesting here is the timing. The earlier build of Stuxnet was set up in 2005, well before the Natanz plant was even operational. The plant went live in 2007, and the malware was ready to go once the Iranians started the process. The 0.5 version of the code finally deactivated in 2009, six months before Stuxnet 1.0 was released.

It's widely reported that the US and Israeli government developed Stuxnet as a counter to Iran's nuclear ambitions as part of Project Olympic. It was tested on Pakistani-sourced P-1 centrifuges that the Libyans handed over when they ended their nuclear program in 2003, and these same systems are in use by the Iranians.

"These results show we are now close to the end of the first decade of weaponized malware," deSouza said. "As research continues to show, research and development on these kinds of weapons continues to grow." ®

7 Comments

Similar topics

Broader topics

Other stories you might like

  • Apple iOS privacy clampdown 'did little' to reduce tracking
    Double-standard rules have strengthened iGiant's gatekeeper power
    Thomas Claburn in San Francisco Fri 8 Apr 2022 // 21:06 UTC

    Apple's ramp up in iOS privacy measures has affected small data brokers, yet apps can still collect group-oriented data and identify users via device fingerprinting, according to a study out of Oxford.

    What's more, the researchers claim, Apple itself engages in and allows some forms of tracking, which serve to strengthen its control over the iOS market.

    In a paper titled, "Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels," due to be published in June for the ACM Conference on Fairness, Accountability, and Transparency 2022, Oxford academics Konrad Kollnig, Max Van Kleek, Reuben Binns, and Nigel Shadbolt, with independent US-based researcher Anastasia Shuba, describe what they found after analyzing 1,759 iOS apps from the UK App Store, both before and after the introduction of iOS 14.

    Continue reading
  • Microsoft dogs Strontium domains to stop attacks on Ukraine
    Software giant sinkholes systems used by Russian gang
    Jeff Burt Fri 8 Apr 2022 // 20:29 UTC

    Microsoft this week seized seven internet domains run by Russia-linked threat group Strontium, which was using the infrastructure to target Ukrainian institutions as well as think tanks in the US and EU, apparently to support Russian's invasion of its neighbor.

    The seizure is also part of a long-running legal and technical hunt by Microsoft to disrupt the work of Strontium – aka APT28 and FancyBear, among other names – via an expedited court process that enables the company to quickly get judicial approval for such actions, according to Tom Burt, corporate vice president of customer security and trust at Microsoft.

    Before the latest seizures, Microsoft had used this process 15 times to take over more than 100 domains controlled by Strontium, which is thought to be run by the GRU, Russia's foreign military intelligence agency. Microsoft obtained a court order for the most recent operation on April 6 and acted immediately.

    Continue reading
  • Newly released Space Force data could save life on Earth
    Goodness, gracious, lots of insights on great balls of fire
    Brandon Vigliarolo Fri 8 Apr 2022 // 20:04 UTC

    The US Space Force is publicly releasing nearly 30 years of data on fireball meteors in the hopes it can improve the detection and impact prediction of near-Earth objects (NEOs).

    The data contains information on bolides, classified as any meteor that has enough mass to become a fireball but not enough to cause a ground impact, several dozen of which happen each year.

    Data from NASA on bolides is publicly available, but the Space Force is adding light curve data to the mix, which the agency said has been greatly sought by the scientific community.

    Continue reading

Biting the hand that feeds IT © 1998–2022

Your Consent Options Cookies Privacy Ts&Cs