Symantec uncovers 2005 version of Stuxnet

File photo: An Iranian technician works at the Uranium Conversion Facility just outside the city of Isfahan, south of the capital Tehran, Iran.

File photo: An Iranian technician works at the Uranium Conversion Facility just outside the city of Isfahan, south of the capital Tehran, Iran.

Published Feb 27, 2013

Share

San Francisco - Researchers at Symantec have uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear program in November 2007, two years earlier than previously thought.

Planning for the cyber weapon, the first publicly known example of a virus being used to attack industrial machinery, began at least as early as 2005, according to an 18-page report that the security software company published on Tuesday.

Stuxnet, which is widely believed to have been developed by the United States and Israel, was uncovered in 2010 after it was used to attack a uranium enrichment facility at Natanz, Iran. That facility has been the subject of intense scrutiny by the United States, Israel and allies, who charge that Iran is trying to build a nuclear bomb.

Symantec said its researchers had uncovered a piece of code, which they called “Stuxnet 0.5,” among the thousands of versions of the virus that they had recovered from infected machines.

Stuxnet 0.5 was designed to attack the Natanz facility by opening and closing valves that feed uranium hexafluoride gas into centrifuges, without the knowledge of the operators of the facility, according to Symantec.

The virus was being developed early as 2005, when Iran was still setting up its uranium enrichment facility, said Symantec researcher Liam O'Murchu. That facility went online in 2007.

“It is really mind blowing that they were thinking about creating a project like that in 2005,” O'Murchu told Reuters in ahead of the report's release at the RSA security conference, an event attended by more than 20,000 security professionals, in San Francisco on Tuesday.

Symantec had previously uncovered evidence that planning for Stuxnet began in 2007. The New York Times reported in June 2012 that the impetus for the project dated back to 2006, when US President George Bush was looking for options to slow Iran's nuclear ambitions.

Previously discovered versions of Stuxnet are all believed to have been used to sabotage the enrichment process by changing the speeds of those gas-spinning centrifuges without the knowledge of their operators.

Since Stuxnet's discovery in 2010, security researchers have uncovered a handful of other sophisticated pieces of computer code that they believe were developed to engage in espionage and warfare. These include Flame, Duqu and Gauss.

Stuxnet 0.5 was written using much of the same code as Flame, a sophisticated virus that researchers have previously said was primarily used for espionage, Symantec said. - Reuters

Related Topics: