In four steps, Stuxnet infiltrated a nuclear factory undetected, then hunted down and destroyed its target. But how?
Stuxnet gets onto the network
According to cyber-security firm Symantec, Stuxnet probably arrived at Iran’s nuclear plan Natanz on an infected USB stick.
Someone would have had to physically insert the USB into a computer attached to the network – this could have been done deliberately or accidentally. The worm then uploaded itself into the plant’s computer system.
Worm spreads through computers
Once inside the computer system, Stuxnet searched for software that controls machines called centrifuges.
Centrifuges spin materials at high speeds to separate out their components. In the Natanz plant, the centrifuges were separating different types of uranium, to isolate the type (called ‘enriched uranium’) that is critical for both nuclear power and nuclear weapons.
Stuxnet re-programmes centrifuges
The worm found the controlling software and inserted itself into it, seizing control of the centrifuges.
Stuxnet carried out two separate attacks. First, it made the centrifuges spin dangerously fast, for about 15 minutes, before returning to normal speed. Then, about a month later, it slowed the centrifuges down for around 50 minutes. This was repeated for several months.
Several months later
1,000 machines are destroyed
Over time, the strain from the excessive speeds caused infected machines to disintegrate.
It is reported that Iran decommissioned around 20 per cent of its centrifuges in the Natanz plant during the attack.