Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Format: PDF / Kindle (mobi) / ePub
Top cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb.
In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the technicians replacing the centrifuges as to the inspectors observing them.
Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly.
At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity.
They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility.
In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran—and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making.
But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike—and shows us just what might happen should our infrastructure be targeted by such an attack.
Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.
exploiting a buffer-overflow vulnerability in the wallpaper feature of Windows. The vulnerability had been a zero day when the attackers created the exploit in February 2009, but by the time they released Stuxnet four months later that June, Microsoft had patched the hole.3 When it came time to release the next version of Stuxnet in March 2010, the attackers had eliminated this exploit, along with the Autorun code, and replaced it with the .LNK exploit and two other privilege-escalation exploits
internal network, perhaps stolen from a system administrator’s computer, which indicated the internal IP address assigned to each machine on the network. If this was the case, the attackers could have tracked Stuxnet’s path as it slithered inside a network infecting machine after machine, reporting back to the command-and-control servers each time it infected one that was connected to the internet. As for the computer name, it could have helped the attackers identify which employee or work group
what they were aiming for was not a brute-force attack but a finessed one. The tiniest mistake and they could destroy the centrifuges too quickly or destroy too many at once and expose the sabotage, blowing the operation. To pull this off, they would have needed a team of material scientists and centrifuge experts who understood the density and strength of the aluminum rotors and centrifuge casings, and who understood how the bearings at the bottom of each centrifuge, which kept them spinning in
Google staffer told me. 11 Ryan Naraine, “0-Day Exploit Middlemen Are Cowboys, Ticking Bomb,” ZDNet.com, February 16, 2012, available at zdnet.com/blog/security/0-day-exploit-middlemen-are-cowboys-ticking-bomb/10294. 12 Ibid. 13 “The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies,” Public Statement 2013 Plenary Meeting, available at wassenaar.org/publicdocuments/2013/WA%20Plenary%20Public%20Statement%202013.pdf.
demonstrations of destructive cyberattacks. In a 2009 report on 60 Minutes, researchers at Sandia National Lab showed how they could cause components at an oil refinery to overheat by simply changing the settings of a heating element and disabling the recirculation pumps that helped regulate the temperature.64 STUXNET AND THE Maroochy Shire incident aside, there have been no really destructive digital attacks recorded in the world to date. Experts have offered a number of possible reasons for