Stuxnet is basically the first public act of “cyberwar” committed by one nation against another. But most of my non-technical friends, to the extent that they even know it exists, don’t know why it should be of interest to them. After explaining it repeatedly in real life (usually while trying to have more sophisticated conversations) I’ve decided to try to present the basic facts that they (and you) need to in order to understand why it matters in a concise and accessible way.
1. What does it do
On almost all computers it does nothing except replicate its self. Instead it looks for specific kinds of computers, those attached to Industrial Control Systems, before activating its payload. The payload itself infects the control system and interferes with the operation of the attached devices if, and only if, those devices are centrifuges used in the enrichment of uranium by Iran*. If it does detect such a centrifuge attached, it causes the device to malfunction in such a way that the centrifuge is destroyed. Further, it includes a feature that prevents the attached PC from detecting the malfunction. Malfunctions are caused slowly so that instead of looking like the product of malware the failures look like an inexplicably high failure rate. Centrifuges were specifically targeted because they are fragile, difficult to import, and critical to the enrichment process.
Additionally it tries to report back to the malware equivalent of a “dead drop” where the authors can give it additional instructions and monitor the locations of Iranian enrichment facilities. These dead drop servers were taken offline shortly after the existence of the worm was made public.
In short, stuxnet was purpose built to detect and disrupt Iranian uranium enrichment. The attack was effective, it attacked five targets in addition to Natanz processing facility and destroyed an unknown number (perhaps as high as 1000) of centrifuges. It has been reported that Iranian nuclear program has been set back by 3+ years due to this incident.
The other notable thing about stuxnet is that it uses “legitimate” credentials from two Taiwanese hardware manufacturers (RealTek and JMicron) which are assumed to be stolen. This means that that the warnings windows gives you about installing unsigned drivers wouldn't pop up.
There are other things that make it interesting to professional geeks and if you are interested Wikipedia and/or Google will tell you about how it spreads, how it gains access, etc. I’m not going to because while it is interesting it isn't that important. Nor is it something that is easy to put into an accessible form.
2. Who wrote it?
Whoever wrote it had operatives inside of the Iranian nuclear program and the resources to steal, or otherwise obtain, credentials from a real hardware manufacturer. This, along with the fact that it is designed to further specific “national defense” related objectives, strongly suggests that it is the product of a nation.
Most evidence points to Israel, though there is nothing conclusive. Gabi Askanazi (the head of the IDF) recently claimed it as a success , though the press has suggested this may be empty bragging. Beyond that no one has officially claimed or acknowledged its existence. To what extent the US Government was involved is an unknown. While its certainly plausible that we were involved and, indeed, this has been suggested the evidence that we were actively involved is, at this point anyway, pretty weak.
3. Why should you care
It’s entirely possible that Iran will retaliate. At which point this incident will, or at least should, be part of the conversation. But if history is any guide there will be elements that want shut down the dialog and rush to war. The more you, and the American people at large, know going into the more difficult this is.
*this is a bit of a simplification
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.