recommended reading

Stuxnet Used an Old Movie Trick to Fool Iran's Nuclear Program

An Iranian technician works at the Uranium Conversion Facility just outside the city of Isfahan, Iran.

An Iranian technician works at the Uranium Conversion Facility just outside the city of Isfahan, Iran. // Vahid Salemi/AP File Photo

In a fascinating new read, Foreign Policy's Ralph Langer explored the deep history of Stuxnet, the super computer virus jointly authored, allegedly, by American and Israeli intelligence services to attack Iranian nuclear facilities. In doing so , he learned the real story involves not one, but two viruses, including an early, previously unreported version of the virus that relied on the cyber-attack equivalent of the camera trick from the movie Speed.

Langer's impressive three-year investigation into the virus's effects on the Iranian nuclear program shows how it effectively tore the system limb-from limb. It reportedly destroyed 1,000 out of 5,000 nuclear centrifuges and, by Langer's estimates, set the program back by two full years. Langer also discovered that a much more complicated and lesser-known gambit than the one we're most familiar with, was already being carried out years earlier. 

Stuxnet was allegedly jointly created by U.S. and Israeli military forces to infiltrate and then damage Iran's nuclear program from the inside. It became public knowledge after it malfunctioned — or worked a little too well — and infected millions of non-Iranian computers worldwide in the summer of 2010. 

But years before the Stuxnet we know and love went to work, an early variant targeted Iran's Natanz nuclear facility. Natanz employs a complicated, cascading system of safeguards to prevent centrifuges used for uranium enrichment from overheating and malfunctioning in order to overcome the country's outdated and dubious nuclear technology. Stuxnet's genius was in its ability to override those safety systems, by infecting computers that weren't connected to the outside world, and without anyone realizing it was being done until it was too late.

What the very early Stuxnet virus was designed to do is "so far-out, it leads one to wonder whether its creators might have been on drugs," Langer says. But in reality, they may have got the idea from a brilliant 1994 action flick starring Reeves and Sandra Bullock. 

A controller infected with the first Stuxnet variant actually becomes decoupled from physical reality. Legitimate control logic only "sees" what Stuxnet wants it to see. Before the attack sequence executes (which is approximately once per month), the malicious code is kind enough to show operators in the control room the physical reality of the plant floor. But that changes during attack execution.

One of the first things this Stuxnet variant does is take steps to hide its tracks, using a trick straight out of Hollywood. Stuxnet records the cascade protection system's sensor values for a period of 21 seconds. Then it replays those 21 seconds in a constant loop during the execution of the attack. In the control room, all appears to be normal, both to human operators and any software-implemented alarm routines.

In you're too young (or old) to remember Speed, a terrorist installs a bomb on a Los Angeles bus and holds the passengers, including a cop played by Reeves, hostage by watching them through a closed circuit camera. The cops win by intercepting the video feed, and replacing it with looped footage of bus; making it appear to the villain that everything was normal, while the hostages escaped unnoticed. There was a big explosion at the end, too. 

Anyway, once the Iranian system was blinded to the threat, American hackers remotely messed with the safety systems, routinely destroying Iranian centrifuges through coordinated attacks that would do significant damage without revealing the virus's existence. The version of Stuxnet that came later was much more abrasive, and did more damage in a shorter time. Staying hidden was no longer a goal, Langer posits, because once the damage was done, the creators wanted the world to know what they were capable of in the realm of cyberwarfare. It was time to reveal the secret.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.