Stuxnet | The World’s First Digital Weapon
By Tibor Moes / Updated: October 2024
Stuxnet
It’s 2007. Steve Jobs just unveiled the iPhone, J.K. Rowling wrapped up her final Harry Potter novel, and Rihanna’s Umbrella is dominating the charts.
In the meanwhile, deep inside an Iranian nuclear facility, a Dutch engineer named Eric van Sabin quietly finishes his work.
To everyone else, he’s just a technician. But in reality, he’s unknowingly about to change the future of warfare. His mission? Uploading a virus that would cripple one of the most secure facilities on Earth.
This isn’t just any virus. It’s the first-ever digital weapon.
A weapon fueled by an Iranian-Israeli conflict that still rages today and could escalate … at any moment
This is Stuxnet.
Chapter 1 – The Discovery
In the late 1990s, the world began to notice a growing nuclear threat.
A.Q. Khan, a Pakistani nuclear scientist, had helped build Pakistan’s atomic bomb. But he didn’t stop there. Khan went rogue, selling nuclear secrets and materials to some of the world’s most unstable countries—North Korea, Libya, and Iran.
But the CIA was watching.
They infiltrated Khan’s network, flipping his suppliers to gather intel. What they discovered was alarming: Iran had secretly started a nuclear program, buying blueprints and equipment to enrich uranium.
By 2002, a hidden facility at Natanz was exposed. Under pressure from the West and the UN, Iran agreed to pause its program, allowing inspectors from the International Atomic Energy Agency to investigate.
But what they found was disturbing: Iran was more advanced than anyone thought, nearly ready to start enriching uranium. They were dangerously close to building a nuclear weapon.
Then in 2004, a breakthrough came. US and UK intelligence intercepted a shipment of nuclear materials bound for Libya. This exposed Libya’s nuclear program, but the real shock was still to come. The CIA seized key centrifuges—identical to those Khan sold to Iran.
These centrifuges were sent to Oak Ridge National Laboratory in Tennessee, where scientists studied them to see how quickly Iran could enrich uranium and how soon they might have enough for a bomb. At the same time, Israel was conducting its own research in the remote city of Dimona.
Everything changed in 2005 when Mahmoud Ahmadinejad became president of Iran. He restarted the nuclear program, defying the international community’s concerns. Iran insisted it was a civilian program, but the US wasn’t buying it.
With Afghanistan and Iraq already invaded, another war wasn’t an option. Diplomacy was failing. The US needed a new way to stop Iran’s nuclear ambitions.
Chapter 2 – The Plan
The plan was simple: slow down Iran’s nuclear program without them realizing it. The goal? Buy time for negotiations. The CIA teamed up with scientists from Oak Ridge National Laboratory to craft a covert strategy.
Oak Ridge National Laboratory, famous for the Manhattan Project, teamed up with experts from Idaho National Lab—both coincidentally part of the Department of Energy.
Meanwhile, Iran was making progress. By September 2005, they were ready to start enriching uranium at Natanz, and by 2006, they began running their first batch. The clock was ticking for the US, but their secret weapon wasn’t ready yet. So, they launched a different type of attack.
That’s when the first sabotage occurred.
About 150 centrifuges at a pilot plant in Natanz suddenly spun out of control after ten days of smooth operation. The Iranians were baffled. It took them weeks to trace the problem to a fault in the uninterruptible power supply systems they had bought from Turkey.
But this was no accident.
This sabotage caused major damage, forcing Iran to stop enrichment for the rest of 2006. The CIA had likely infiltrated the supply chain, planting faulty equipment.
At the same time, US intelligence was gathering detailed information about Natanz—using spies, intercepting communications, and possibly planting viruses in Iranian computers. They needed a clear map of the facility, so they’d know exactly what systems to target later.
Meanwhile, Israel grew anxious. The long-standing tension between Israel and Iran was intensifying. Israel had bombed nuclear facilities before—in Iraq and Syria—but this time, they needed US permission to bomb Natanz.
But the US had another plan.
The alternative? Stuxnet.
Chapter 3 – The Attack
The plan was in motion. But Israel had doubts.
To get them on board, the US shared everything—the malware (Stuxnet), strategies, intelligence, and how the attack would work. Convinced, Israel joined, helping to fine-tune the malware.
At Oak Ridge National Lab, scientists built a replica of the Natanz facility.
Teams worked on Stuxnet, but none of them had the full picture. Stuxnet was designed to manipulate the valves in the centrifuges, trapping gas and causing a pressure buildup that would eventually break the machines.
But there was a problem: Natanz was air-gapped—meaning it wasn’t connected to the internet, which made delivering Stuxnet directly to the facility a challenge. The solution? USB sticks. Stuxnet was loaded onto USB drives and discreetly distributed, hoping someone would eventually plug one into the Natanz systems.
In one test, a centrifuge malfunctioned and shattered.
A team member gathered the broken pieces, flew to Washington, D.C, and presented the debris to President Bush. Impressed with the results, Bush gave the green light for the operation in 2006.
Now came the hard part: waiting.
The US and Israel couldn’t directly monitor the facility, so they had to rely on reports from local news and inspectors. By 2007, reports indicated that Iran’s centrifuges were malfunctioning, wasting gas, and making little progress in uranium enrichment.
Stuxnet was working.
The virus caused the centrifuges to spin out of control, leading to equipment failures without raising suspicion. However, this wasn’t enough.
So in 2009, the team created a more aggressive version of Stuxnet.
This updated version exploited four zero-day vulnerabilities, which made it harder to detect.
Stuxnet’s attack was multi-layered: first, it infected computers running Windows. Then, it targeted Siemens software that controlled the industrial machinery. Finally, it attacked the programmable logic controllers (PLCs)—the “brains” of the centrifuges, like a remote control for machinery.
Here’s the clever part:
If Stuxnet didn’t find the specific Siemens PLCs it was designed to target, it would sit still and do nothing, like a spy waiting for the right signal. But once it located the correct PLCs, it reprogrammed them to spin the centrifuges at irregular speeds, eventually damaging them.
To stay hidden, Stuxnet used a rootkit.
This rootkit acted like a burglar wearing a stolen uniform, allowing the malware to remain undetected by security systems.
But then, things went wrong.
Stuxnet began spreading beyond Natanz, infecting other systems across Iran and even in other countries. This wasn’t part of the plan.
In a Situation Room briefing, then President Obama and Vice President Biden were informed of the situation. Despite the concerns, they decided to let the operation continue.
Meanwhile, Stuxnet was still wreaking havoc at Natanz.
The virus caused the centrifuges to malfunction unpredictably, leaving Iranian scientists confused. With no signs of external tampering, they assumed the issues were due to technical faults. By the time inspectors returned, 1,000 centrifuges were out of operation.
But Iran wasn’t defeated.
They quickly replaced the broken machines and resumed enrichment. Stuxnet had slowed them down, but it hadn’t completely stopped their nuclear program.
Chapter 4 – The Revelation
Stuxnet was no longer a secret.
As the virus spread across systems worldwide, researchers at Symantec noticed something unusual. They quickly realized this wasn’t just any malware—it was a digital weapon, likely created by a nation-state.
The Symantec team knew publishing their findings would expose a covert operation, but they had a responsibility. When they went public, the world learned about Stuxnet.
Meanwhile, Iran was scrambling. The Symantec report made it clear their centrifuges had been sabotaged by a computer worm. The Iranian president confirmed, “They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts.”
The world was now asking: who built Stuxnet? There were only a few likely suspects, and soon, fingers pointed at the US and Israel.
But that wasn’t the end of the story.
As Iran tried to restore its nuclear program, key scientists were assassinated in targeted attacks. Car bombs took out leading physicists and officials linked to Natanz.
Had Stuxnet not spread so aggressively, it might have quietly sabotaged Iran for years. But the worm’s spread exposed everything.
The Symantec report captured global attention. Journalists, like David Sanger from The New York Times, dug deeper and uncovered classified information that linked the attack to the US and Israel.
While neither country officially confirmed their involvement, a 2011 video celebrating Israeli Defense Forces head Gabi Ashkenazi even listed Stuxnet as one of his achievements.
And when asked about the cyber-attacks, President Obama refused to comment, warning of severe consequences for leaks of classified information.
Final thoughts
The revelations about Stuxnet sent shockwaves through the cybersecurity world. It wasn’t just a new kind of malware—it was the first digital weapon to cause physical destruction.
One thing was clear: the rules of warfare had changed forever. The stage was set for a new kind of war—one fought not on battlefields, but through computer screens.
Stuxnet has revealed something else: the US government had been stockpiling zero-day vulnerabilities, using them as cyber weapons instead of fixing them.
In 2021, Iran’s nuclear facilities were hit by another likely Israeli cyberattack, but just like Stuxnet, it didn’t stop them. Iran is now closer than ever to having enough material for a nuclear weapon.
Fast forward to today, October 2024: Israel’s ground offensive spans both Gaza and Lebanon, while Iran has launched its second missile strike on Israel. The conflict is at risk of becoming a full-scale regional war, while the world watches nervously.
Will the Israeli-Iranian conflict escalate further? And will Israel, once again, attack Iran’s nuclear facilities?
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab
Tibor has tested 28 antivirus programs and 25 VPN services, and holds a Cybersecurity Graduate Certificate from Stanford University.
He uses Norton to protect his devices, NordVPN for his privacy, and Proton for his passwords and email.