- The worm was discovered by a Belarus based security company named VirusBlokAda. Since then, security experts have been commenting on how advanced Stuxnet really is - "like an F-35 into a World War I battlefield.
- The target of Stuxnet seems to be very specific Windows computers used to control and monitor industrial processes, namely, computers controlling the enrichment of uranium in Iran. There are currently 2 enrichment plants in Iran, both of which have been hit with the worm.
- Nuclear facilities in Iran run an "air-gap" system, meaning no connectivity to the web. This means the worm had to be transported from outside to the facility to a computer on the inside. Stuxnet was sent to computers around the area outside of these Iranian plants in hopes that some engineer would unknowingly take work from the site on a flash drive, get the flash drive infected, and brought back into the facility. As far as anyone knows, this is precisely what happened.
- Once the worm was inside the facility, it had to trick the system to trust and allow it into the system. This was done by using two stolen security certificates, both from certificate companies in Taiwan.
- Stuxnet utilized four 'zero day' vulnerabilities to gain access to the Windows 7 operating system being used at the facilities, and then targeted the frequency converters that controlled the centrifuges. In order to accomplish this, very specific information would have had to been obtained from two converter manufacturing companies - one of which was an Iranian company so secret not even the Intl Atomic Energy Agency knew it existed.
- The worm also had very specific information on the centrifuges built by Siemens, which allowed it to mask the changes in the system so computers could not detect the malfunctions. The code caused centrifuges to rotate extremely fast, and then slow down causing damage to the converter, centrifuge, and bearings while also corrupting the uranium itself.
Experts are estimating Stuxnet was affecting the system for more than a year, and it was reporting back to two servers - one in Denmark and one in Malaysia - presumably operated by foreign intelligence agencies. Efforts to find these servers since it's discovery have all failed.
I can't help but wonder what the ramifications are going to be on countries now having to worry about a cyberwar, and how that will effect web use around the globe. Regardless of what happens, I think we can be sure that security has some catching up to do.