Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran's nuclear program. Wikipedia

1. Case Study on Stuxnet malware

2. What is Stuxnet?
• Designed to target industrial control systems for
equipment made by Siemens.
• These components are used for uranium enrichment in
Iran
• AIM: to damage and destroy the controlled
equipment
• First virus of its kind to cause damage to the physical
world instead of the virtual world
• One of the most sophisticated and deadliest virus in
history

3. • Enriched uranium is required to make a
nuclear bomb
• Local computer at the plant not
connected to the internet
• Malware was physically brought by an
agent carrying an infected USB stick
• The USB stick will then be connected to
the computer in the plant by curious
employees where the worm spreads in
the network
How it is infected?

4. Since it’s a worm, it propagates by spreading
it to other computers in the network
As mentioned, the virus aims for a specific
component. Until then, it remains dormant

5. Infographics of the centrifuges
Centrifuges are spinning device that
process enriched uranium

6. The malware were targeting a component
called programmable logic controller(PLC)
PLC controls the equipment that allows the
worker to monitor and operate using a
software.
Stuxnet’s main target was a PLC that
controlled the centrifuges that processed
enriched uranium

7. The virus remain dormant until it reaches the PLC that controls the
centrifuges.
Once the virus reaches the PLC, it unleashes its payload into the
component

8. Stuxnet contains device drivers that were
stolen from sources like Realtek
and Micron digitally signed means
the driver has a trusted certificate
allows the virus to install malicious code
into the controller
without any suspicion
Example of a signed driver
DN
Example of a warming of an unsigned driver
DN
Hence, Stuxnet is a rootkit

9. The attack
The worm overwrite the PLC software by
infecting the STEP 7 project files, used by
Siemens Simatic Wincc
Once it gain control Stuxnet intercept
all the data coming in and out of the PLC
and also able to alter the data

10. When there is internet connection available,
the worm’s author will monitor on the
centrifuges
The malware will then destroy the centrifuges
by causing them to spin faster until they break
apart.
All this whilst telling the operator everything is
normal

12. Outcome of the attack
the cyber-attack undermined the Iranian Nuclear Program by
damaging the centrifuges, slowing their progress for years.
5,084out of 8,856centrifuges were shut down

13. Origin of the attack
• The U.S. and Israel are involved in the cyber-
attack
• Fearing that Iran will get its hand on nuclear
bomb
• U.S. launched Operation Olympic Games to
undermine the Iran’s nuclear program
• Programmers from Israel military and NSA wrote
the malware

14. What did Iran do to repair the damage?
Equipment had to be replaced
❖Infected computers
● Computers in nuclear facilities had to be thrown away
● 60% of computers in Iranalso had the virus but are
unaffected. But most probably had to have been disposed.

15. Statistics of computers affected

16. Equipment that had to be rebuild
❖Centrifuges
• 1,000 centrifuges were destroyed
• Production of uranium gas went down by 30%

17. What was learnt?
Globally
• Opened a new form of military attack .It showed that even a
secured nuclear plant was vulnerable of being attacked by a
computer malware.

18. What did Iran learn?
Iran
• Learnt that their cyber defence was weak and vulnerable. They
learnt the importance of cyber warfare first hand and in turn boost
their cyber force to retaliate against the hackers.

19. What could have prevented it?
If Iran had…
• Implemented technology called device and application control. This
application prevents unauthorised applications from uploading and
executing.

20. References
(n.d.). Retrieved from http://avsw.autism.org.sg/2014/img/logos/sp.png
(n.d.). Retrieved from Wallpaper Up:
https://www.wallpaperup.com/455984/STUXNET_virus_iran_nuclear_computer_political_anarchy_windows_microsoft_cyber_
hacker_hacking.html
Best Gallery of Wind Turbine and Power Plant Energy. (n.d.). Retrieved from nevadanscleanenergy:
https://nevadanscleanenergy.org/houston-nuclear-power-plant/superb-houston-nuclear-power-plant-wallpaper/
Iran presses ahead with uranium enrichment technology. (2013, December 7). Retrieved from Yalibnan:
http://yalibnan.com/2013/12/07/iran-presses-ahead-with-uranium-enrichment-technology/
Natanz. (n.d.). Retrieved from Wikipedia: https://en.wikipedia.org/wiki/Natanz
NATANZ ENRICHMENT COMPLEX. (7, July 2017). Retrieved from NTI: http://www.nti.org/learn/facilities/170/
Standford. (2015, July 16). Retrieved from Stuxnet Worm Attack on Iranian Nuclear Facilities:
http://large.stanford.edu/courses/2015/ph241/holloway1/
Stuxnet. (2017, August 10). Retrieved from NJCCIC: https://www.cyber.nj.gov/threat-profiles/ics-malware-variants/stuxnet
Stuxnet and stolen certificates. (2010, July 20). Retrieved from Securelist: https://securelist.com/stuxnet-and-stolen-
certificates/29724/
What is Stuxnet? (n.d.). Retrieved from Caleton: http://people.carleton.edu/~grossea/spread.html
What Is the Stuxnet Worm Computer Virus? (2018, June 16). Retrieved from LifrWire: https://www.lifewire.com/stuxnet-worm-
computer-virus-153570
Why Steal Digital Certificates? (2010, July 22). Retrieved from WeLiveSecurity: https://www.welivesecurity.com/2010/07/22/why-
steal-digital-certificates/

21. Thank you for your kind attention!