Directed and written by Alex Gibney, “Zero Days” is a 2016 documentary film about the Stuxnet computer virus and its relation with the damage caused in 2010 at Iran’s nuclear facilities (at Natanz, located 322 kilometres south of the Iranian capital of Tehran).
 |
| Natanz Nuclear Facility |
Although this cyber attack could have been conducted by other countries, such as the UK, France or Germany for example, the main idea of this documentary is that the malware was developed between the USA and Israel against the Iranian Nuclear Program, in a collaboration effort known as “Operation Olympic Games” (which still began during the Bush Administration and continued already with the Obama Administration).
According to a woman that appeared in the film, an actress representing some people from the National Security Agency, Israel is “the key of the story” and the attack was done by Unit 8200 Headquarters.
 |
| Israeli Military Intelligence - Unit 8200 |
Given the Stuxnet malware sophistication, it could only have as responsible a State, but it is impossible to discover for sure through the code who is the State or the combination of States involved. As a specialist of Information Security said in “Zero Days”, “every piece of code does something and does something right. You don’t need to download anything”. Once created, it does everything by itself.
In this sense, McAfee website provides an easily understandable explanation of how Stuxnet works:
“Stuxnet was a multi-part worm that traveled on USB sticks and spread through Microsoft Windows computers. The virus searched each infected PC for signs of Siemens Step 7 software, which industrial computers serving as PLCs use for automating and monitoring electro-mechanical equipment. After finding a PLC* computer, the malware attack updated its code over the internet and began sending damage-inducing instructions to the electro-mechanical equipment the PC controlled. At the same time, the virus sent false feedback to the main controller. Anyone monitoring the equipment would have had no indication of a problem until the equipment began to self-destruct.”
But… How did it work in this particular case?
Atika Shubert wrote an article, on 8th November 2011, with the title “Cyber warfare: A different way to attack Iran's reactors”, describing the Natanz computer network as a closed system,
“separated from any other network or internet access. So, Stuxnet infected a third party first, likely a trusted contractor to the Natanz facility. That contractor may then have unknowingly passed on the virus by plugging in an infected removable drive into the computers inside the Natanz facility”.
 |
| How Stuxnet Worked (from IEE, obtained in Gemserv website) |
Stuxnet is considered the first cyber weapon capable of “real world physical destruction” (in this case “physical equipment in a plant factory”), as underlined in the documentary by one of the specialists. Cyber could be seen as the fourth dimension of War for the 21st century, an idea that is also shared in “Zero days”.
________
*PLC - Programmable Logic Controllers is an industrial computer for the control of manufacturing processes. The first PLC, the Modicon 084, was created by Dick Morley in the sixties for General Motors.
Comentários
Enviar um comentário