The quality of its code, the stolen certificates used to digitally sign it, the specifically targeted configuration, the four 0-day Windows vulnerabilities it exploits to attack the systems, the very delicate nature of the targeted systems themselves – it all points to Stuxnet being an effort backed by a government.
“This is a game for nation state-sized entities, only two handful of governments and maybe as many very large corporate entities could manage and sustain such an effort to the achievement level needed to build Stuxnet,” thinks Frank Rieger.
He also believes that the ultimate goal of the worm was to infiltrate the system managing the the centrifuges at the uranium enrichment plant in Natanz, and not the reactor at Bushehr (both facilities located in Iran) as many still believe.
According to Ralph Langner, a German cyber-security researcher who is currently analyzing the worm, it doesn’t want to steal money or industrial secrets. “Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” he says.
Calling it a weapon seems very right. Stuxnet searches for a very particular system, with precise characteristics. Analysis by different researchers seems to indicate that when the worm finds the system it is designed to attack, it will spring into action.
What that action will be, it’s anyone’s guess at the moment, but it is highly likely it will force the infected system to make a change that will probably have dire consequences – i.e. will cause the industrial process to self-destruct.
According to the Christian Science Monitor, the geographical distribution of the affected systems seems to point to an Iranian facility being the ultimate target. The activation of the aforementioned Bushehr nuclear plant has already been delayed – could it be because of this worm?
As to the reason why the worm spread all over the world, Langner offers another theory. A Russian contractor was used to build the plant, so it is likely that the worm spread through the use of USB memory sticks, and then spread on to the contractor’s other clients in various other countries where Stuxnet has been discovered.
Speculations on who might be behind the worm lately favor the US or Israel – both countries are believed to have the cyber capabilities to make it and organize such an attack. The only thing we can know for sure is that any theory will be difficult to prove.