Page 57 - Cyber Warnings
P. 57







The Case Study: The Stuxnet Operation


By Milica Djekic


The Stuxnet is a malicious computer worm which is believed to be the part of the US-Israeli
secret project that got the task to destroy the Iranian nuclear program. The entire case occurred
in 2010 and right here we would try to explain what happened then.

Through this article, we intend to talk a bit more about this sophisticated cyber weapon and
discuss how it was possible to conduct such an operation.

As Stuxnet was the advanced persistent threat – it’s clear why it could go through that defense,
but how the entire campaign got conducted is a sort of complicated question and we are ready
to provide such an answer right here.


Phase 1: The data collection before any attack occurred

Through this review, we want to discuss our perspectives how the Stuxnet operation could
occur and present a new insight into this well-known sabotage. Many resources would suggest
that the computers with the entire network got infected through a USB stick, which could get
accurate. On the other hand, it’s not necessarily needed to provide a physical access to such an
infected removable device to your critical asset.

The infection of the USB device could occur inside the facilities simply using that stick with
some globally connected computer that could get the target of, say, state-sponsored hacker’s
attacks. The entire attack could pass as invisible for the reason the Stuxnet got unknown to any
computer’s defense system of that time. In addition, we should never underestimate the
capacities of professional security equipment being used by state-sponsored hackers – but we
would not discuss anything of that through this effort.

Many reports would indicate that the reason to such sabotage would be that removable device,
so we would try to analyze how it was possible to happen under those circumstances. It’s more
like leading the investigation using the findings you can collect at the first glance.

Right here, we would suggest that the intelligence community would obtain the information
about that nuclear program being conducted for the terrorist purposes through its hard work.
Once the intelligence community obtained the details about geo-location of those facilities being
somewhere in Iran – they would put the entire location under the exposure.

It’s not necessary to monitor such a project from the close, but rather remotely using highly
sophisticated technology. The good way to discover such an asset is to follow someone being


57 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   52   53   54   55   56   57   58   59   60   61   62