Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.
Assuming Iran exercises caution, Stuxnet is unlikely to destroy more centrifuges at the Natanz plant. Iran likely cleaned the malware from its control systems. To prevent re-infection, Iran will have to exercise special caution since so many computers in Iran contain Stuxnet.Although Stuxnet appears to be designed to destroy centrifuges at the Natanz facility, destruction was by no means total. Moreover, Stuxnet did not lower the production of low enriched uranium (LEU) during 2010. LEU quantities could have certainly been greater, and Stuxnet could be an important part of the reason why they did not increase significantly. Nonetheless, there remain important questions about why Stuxnet destroyed only 1,000 centrifuges. One observation is that it may be harder to destroy centrifuges by use of cyber attacks than often believed.
On 29 November 2010, Iranian president Mahmoud Ahmadinejad stated for the first time that a computer virus had caused problems with the controller handling the centrifuges at its Natanz facilities. According to Reuters, he told reporters at a news conference in Tehran, "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts."
Back in 2010, Moore actually discovered 2 vulnerabilities. The first was a weak hashing algorithm that left passwords vulnerable. This vulnerability was eventually fixed by VxWorks in later versions, and should not be a problem on VxWorks 6.9 or later. The second, which is the topic of discussion for this paper, was a debug service open over UDP port 17185 that was enabled by default. The protocol is called Wind River Debug, and is built on top of RPC. For short, it is known as WDBRPC. Wind River declined to add any additional security to this service, since vendors should be disabling it in production anyway. As a result, 10 years later, unsuspecting vendors continue to leave this debug port open in their final products and unwitting consumers continue to have their systems exposed.The service allows for typical debugging functions such as stepping through instructions and reading from and writing to memory and registers. There is no security built into the protocol. Anyone with knowledge of how the service works can gain access to the same abilities as the Wind River debugging software. In practice, this means that hackers can use this protocol to gain full control over any system running VxWorks with its debugging capability enabled and no firewall in place.In the original disclosure, Moore specifically focused on combining both discovered vulnerabilities to read password hashes in memory, and crack them to gain full access to the system. However, even after fixing the hashing algorithm, system compromise is possible through the additional debugging functionality. Proprietary code detailing this functionality has been exposed on various search engine-indexed sites at several points in the past, so it is unsurprising that several public exploits (and undoubtedly private ones as well) exist.
The spring and summer of 2016 were spent preparing for attack. And while members of Task Force ARES didn't reveal everything they did to crack into ISIS's network, one thing they used early on was a hacking standby: a phishing email. ISIS members "clicked on something or they did something that then allowed us to gain control and then start to move," said Gen. Edward Cardon, the first commander of Task Force ARES. 2b1af7f3a8