​A Cute Little Computer Story

I normally don’t tell stories in this column but I couldn’t resist this one. With Iran in the news, I am reminded of the destruction of the Iranian nuclear development program by a piece of software called Stuxnet. I remember back in 2011 the smartest people in the room commenting about the software and wondering what would happen if that software code were let loose on the world.

It's now widely accepted that Stuxnet was created by the intelligence agencies of the United States and Israel. The classified program to develop the worm was given the code name "Operation Olympic Games"; it was begun under President George W. Bush and continued under President Obama. While neither government has ever officially acknowledged developing Stuxnet, a 2011 video created to celebrate the retirement of Israeli Defense Forces head Gabi Ashkenazi listed Stuxnet as one of the successes under his watch.

While the individual engineers behind Stuxnet haven't been identified, we know that they were very skilled, and that there were a lot of them. Kaspersky Lab's Roel Schouwenberg estimated that it took a team of ten coders two to three years to create the worm in its final form. Several surveys that have come out just recently have Stuxnet listed as the most complex piece of software in the world.

So, what the heck is going on?

Why spend all of this time and money developing a computer worm?

The U.S. and Israeli governments intended Stuxnet as a tool to derail, or at least delay, the Iranian program to develop nuclear weapons. The Bush and Obama administrations believed that if Iran were on the verge of developing atomic weapons, Israel would launch airstrikes against Iranian nuclear facilities in a move that could have set off a regional war. Operation Olympic Games was seen as a nonviolent alternative. Although it wasn't clear that such a cyberattack on physical infrastructure was even possible, there was a dramatic meeting in the White House Situation Room late in the Bush presidency during which pieces of a destroyed test centrifuge were spread out on a conference table. It was at that point that the U.S. gave the go-head to unleash the malware.

Stuxnet was never intended to spread beyond the Iranian nuclear facility at Natanz. The facility was air-gapped and not connected to the internet. That meant that it had to be infected via USB sticks transported inside by intelligence agents or unwilling dupes, but also meant the infection should have been easy to contain. However, the malware did end up on internet-connected computers and began to spread in the wild due to its extremely sophisticated and aggressive nature, though as noted it did little damage to outside computers it infected.

So what is the answer to the question above? What would happen if that software code were let loose on the world?

Here is one answer…

Alex Gibney, the Oscar-nominated documentarian behind films like "Enron: The Smartest Guys In The Room and Going Clear," directed "Zero Days," which explains the history of Stuxnet's discovery and its impact on relations between Iran and the west. Zero Days includes interviews with O'Murchu and some of his colleagues, and is available in full on YouTube.

One dramatic sequence shows how the Symantec team managed to drive home Stuxnet's ability to wreak real-world havoc: they programmed a Siemens PLC (programible logic controller) to inflate a balloon, then infected the PC it was controlled by with Stuxnet. The results were dramatic: despite only being programmed to inflate the balloon for five seconds, the controller kept pumping air into until it burst.

The destruction of the Iranian uranium centrifuges, which followed the same logic—they were spun too quickly and destroyed themselves—was perhaps less visually exciting, but was ultimately just as dramatic. As the documentary explains, we now live in a world where computer malware code is causing destruction at a physical level. It's inevitable that we'll see more in the future.

Stay Tuned...