The world's most powerful cyber weapon may have been originally designed to attack Iran's nuclear program, but it could also be manipulated the cause catastrophic damage to any industrialized nation -- including the United States -- experts said recently.
Stuxnet, the first computer worm ever discovered that is potent enough to physically alter the functioning of a nuclear enrichment plant and clever enough to cover its tracks in the process, is a "plug and play" worm, according to cyber security expert and former White House adviser Richard Clarke.
"You can take out certain components and put in others and you have a very powerful weapon that could be used against the electric power grid or any other system that has computers telling machines what to do," Clarke said on "Brian Ross Investigates". "The best cyber weapon in the world has been spread around for other people to have copies of... I think it's very likely that somebody could do this."
Click on the following links to view this week's reports from "Brian Ross Investigates": Is the U.S. Government a Slumlord?, S.P.O.T. the Terrorist, and Cyber War Boomerang.
Stuxnet was discovered in the summer of 2010, after it had apparently been spreading for months to tens of thousands of computers around the world. Liam O'Murchu, the supervisor of security response operations for North America for cyber security giant Symantec, was one of the first researchers to discover the worm and said it was unlike anything his team had seen before.
"It's the first time we've ever seen a threat that can change how machinery works," O'Murchu said. "So it's very innovative and it's a real change in the threat landscape from that point of few."
According to O'Murchu, Stuxnet copies itself repeatedly to crawl through a network, infecting as many computers as possible but does not alter anything until it finds the computer running a very specific sequence. When it does, the worm takes over that process -- whether it's spinning nuclear centrifuges or mixing baby formula -- but masks its sabotage so the people running the machinery never notice any change. That way, the virus can alter, damage or destroy critical functions for months without anyone knowing until it's too late.
As a Congressional report released in December said, Stuxnet is "the world's first precision-guided cybermunition."
The worm was seen as such a threat that in November -- two months after Iranian President Mahmoud Ahmadinejad announced an Iranian nuclear facility had been hit by a cyber attack -- the Senate Committee on Homeland Security and Governmental Affairs held a meeting called "Securing Critical Infrastructure in the Age of Stuxnet."
"[Stuxnet] dwarfed anything that has come before it in cyberspace, both in sophistication and destructive potential," committee chairman Sen. Joseph Lieberman, I-Conn., said at the meeting.
In that meeting, the President and CEO of the National Board of Information Security Examiners of the United States, Inc., Michael Assante said the worm stands as not only a "blueprint" for entities sophisticated enough to reproduce a Stuxnet-like attack -- such as Russia or China -- but "an attacker with less means" could still use parts of the code to wreak less-controlled havoc.