Symantec: Stuxnet cyberweapon older than previously believed

Updated at 11:22 a.m. ET

LONDON The sophisticated cyberweapon which targeted an Iranian nuclear plant is older than previously believed, an anti-virus firm said Tuesday, peeling back another layer of mystery on a series of attacks attributed to U.S. and Israeli intelligence.

The Stuxnet worm, aimed at the centrifuges in Iran's Natanz plant, transformed the cybersecurity field because it was the first known computer attack specifically designed to cause physical damage. The precise origins of the worm remain unclear, but until now the earliest samples of Stuxnet had been dated to 2009.

Security experts generally agree that Stuxnet was an attempt to sabotage Iran's uranium enrichment centrifuges, which can be used to make fuel for reactors or weapons-usable material for atomic bombs. Iran maintains its nuclear program is for peaceful purposes.

Play Video

Stuxnet: Computer worm opens new era of warfare

Play Video

Stuxnet copycats: Let the hacking begin

As "60 Minutes" correspondent Steve Kroft reported last year, Stuxnet was incredibly complicated and sophisticated, beyond the cutting edge. By the time it was first detected in June 2010, it had been out in the wild for a year without drawing anyone's attention, and seemed to spread by way of USB thumb drives, not over the Internet.

By the fall of 2010, the consensus was that Iran's top secret uranium enrichment plant at Natanz was the target and that Stuxnet was a carefully constructed weapon designed to be carried into the plant on a corrupted laptop or thumb drive, then infect the system, disguise its presence, move through the network, changing computer code and subtly alter the speed of the centrifuges without the Iranians ever noticing, Kroft reported.

"Stuxnet's entire purpose is to control centrifuges," Liam O Murchu, an operations manager for Symantec, told Kroft. "To make centrifuges speed up past what they're meant to spin at and to damage them. Certainly it would damage the uranium enrichment facility and they would need to be replaced."

Last June, The New York Times traced the origins of the top-secret program back to 2006.

In a new report issued late Tuesday, Symantec Corp. pushed that timeline further back, saying it had found a primitive version of Stuxnet circulating online in 2007 and that elements of the program had been in place as far back as 2005.

One independent expert who examined the report said it showed that the worm's creators were particularly far-sighted.

"What it looks like is that somebody's been thinking about this for a long, long time — the better part of a decade," said Alan Woodward, a computer science professor at the University of Surrey. "It really points to a very clever bunch of people behind all of this."

Nuclear Iran: Sites and potential targets

A look at the locations where Iran carries out work linked to its suspected pursuit of nuclear weapons

The Times reported that President George W. Bush ordered the deployment of Stuxnet against Iran in a bid to put the brakes on its atomic energy program, detailing how the worm tampered with the operation of Natanz's centrifuge machines to send them spinning out of control.

President Obama, who succeeded Bush shortly after the first attacks, expanded the campaign, the report said.

U.S. and Israeli officials have long declined to comment publicly on Stuxnet or their alleged involvement in creating and deploying the computer worm.

Symantec's report suggests that an intermediate version of the worm — Stuxnet 0.5 — was completed in November 2007. That worm lacked some of the sophistication of its descendant, Symantec said, and was designed to interfere with the centrifuges by opening and closing the valves which control the flow of uranium gas, causing a potentially damaging buildup in pressure.

That approach was dropped in later, improved versions of the Stuxnet code.

Symantec said the servers used to control the primitive worm were set up in November 2005, suggesting that Stuxnet's trailblazing authors were plotting out their attack at a time when many parts of the Internet now taken for granted were not yet in place. Twitter did not exist, Facebook was still largely limited to U.S. college campuses, and YouTube was in its infancy.

Woodward said that had troubling implications.

"Clearly these were very forward-thinking, clever people that were doing this," he said. "There's no reason to think that they're less forward-thinking now. What are they up to?"

[nick0841]

Symantec, please put a thousand "investigators" on a hunt to discover previously unknown worms and such that are being used to help protect us from our enemies. Notoriety for your cleverness in order to increase market share at the nations expense is despicable!

[quincytodd]

This report is ludicrous, seeing how the right-wing news media tried very hard to scare us over the Chinese cyber attacks last week. These people keep crying "wolf" over China, and look at what we and the Israelis are up to!

[DamienII]

So the virus program was old? who cares! It's purpose at the time was to create a disruption in Iran's nuclear capabilities in the hopes of finding an alternative to military action. But thanks to the media reporting things like this, we will ALL now learn that the U.S. engages in clandestine operations in cyberspace. Like this is news???
All revelations and publication of it serves is to let our enemies know what we've been doing and gives them further reason to continue being what they are...a threat to world peace.
Thank God the media doesn't keep up with current things we do or we'll be
in this conflict forever... ;)

[dustin94sc]

Stuxnet is a simple trojan horse dating back to the Second World War. These recent variants, though, are weak and myoptic. The virus is a malignant adware that could be thwarted by a stronger server shield. Machines like centrifuges are easily stalled or broken by speed variables.

[Aussie_convict]

Dating back to the Second World War???

Wow youve got a very creative view of history Dustin.

[ea6bq2]

It was no the Americans who created Stuxnet, it had to be Israel. American Computer Programmers are worthless.

[alphaa10000]

@notheocracy-- Fascinated by your post. Why not provide a link, if one is easily available?

[Jhihmoac]

I think the skeptics advised us on the never-ending waves of hacking/viruses that would take place way back before the Information Superhighway launched 20 or so years ago...It's not like this all started yesterday...

[Forty-Four]

Symantec makes a good product. I recently had to get rid of it though due to requirements from a local WiFi network that I use heavily (a university network). I plan to go back to them as soon as I can.

[bobnjersey]

[Sophistication is in how the worm is acquired. The amount and specific damage it does is based on the results you want, not necessarily anything sophisticated if it requires an intermediary with admin access to implant.]
------------------------------------------------------
the sophistication is in the fact that it was designed specifically for the controllers used by the centrifuges the iranians were using ... and that it was able to exist and do it's harm without detection. earlier reports inferred that there must have been some collaboration between the company that made the controllers ... and those that wrote the worm.

[ReasonableVoicesAmongUs]

I take everything Symantec says with a grain of salt. Symantec is in the business of selling you stuff. It issues "reports" to keep its name in the press. Accuracy of those reports? Questionable at best.

[revdrdark]

The CIA must have honey trapped an Arab scientist and had him walk the thing in and upload it. Not rocket scientist. Probably had hackers working on it for years in exchange for staying out of prison.