InformIT: As the Worm Turns: The Stuxnet Legacy -
informit.com
This is one of the better summations of Stuxnet and how it really worked from the author…
True confession time. In 2003, I was the software architect for a new breed of malware, a precision-targeted virus designed to exploit known vulnerabilities in the Supervisory Control and Data Acquisition (SCADA) systems and the Programmable Logic Controller (PLC) hardware that monitor and operate industrial equipment and processes, including electric generators and the national power grid. Drawing on experience consulting in industrial automation—including as a lead designer on the award-winning Siemens STEP7 Lite PLC programming system—I created a root-kit worm to destroy electrical power generating equipment by throwing it out of synch.
Flash forward. In 2010, the win32.stuxnet worm was discovered in the wild by a small Belarus software security firm, and by September, when the story was widely reported in the press, it was becoming clear that win32.stuxnet was a sophisticated cyber-weapon, a piece of software that crossed the divide between the digital and the physical. This computer program was intended to undermine Iran’s nuclear efforts by destroying high-speed centrifuges at the Natanz uranium enrichment facilities and possibly disabling turbines in Iran’s nuclear plant at Bushehr.
The win32.stuxnet virus was designed, debugged, and deployed; the root-kit worm that I architected was an exercise, a paper proof-of-concept program whose only use was to help drive the plot of a novel, the techno-thriller Web Games (Gesher Press, 2010, ISBN 9780984377220). I finished the manuscript for Web Games in August—just before the stuxnet story broke. While I was busy writing, fact caught up with fiction.