Stuxnet: Could Cyber Superweapon Be Turned on U.S.?

After attack on Iranian nuclear facility, "game-changing" worm is in the open.

ByABC News
January 6, 2011, 12:21 PM

Jan. 28, 2011 — -- The world's most powerful cyber weapon may have been originally designed to attack Iran's nuclear program, but it could also be manipulated the cause catastrophic damage to any industrialized nation -- including the United States -- experts said recently.

Stuxnet, the first computer worm ever discovered that is potent enough to physically alter the functioning of a nuclear enrichment plant and clever enough to cover its tracks in the process, is a "plug and play" worm, according to cyber security expert and former White House adviser Richard Clarke.

"You can take out certain components and put in others and you have a very powerful weapon that could be used against the electric power grid or any other system that has computers telling machines what to do," Clarke said on "Brian Ross Investigates". "The best cyber weapon in the world has been spread around for other people to have copies of... I think it's very likely that somebody could do this."

Click on the following links to view this week's reports from "Brian Ross Investigates": Is the U.S. Government a Slumlord?, S.P.O.T. the Terrorist, and Cyber War Boomerang.

Stuxnet was discovered in the summer of 2010, after it had apparently been spreading for months to tens of thousands of computers around the world. Liam O'Murchu, the supervisor of security response operations for North America for cyber security giant Symantec, was one of the first researchers to discover the worm and said it was unlike anything his team had seen before.

"It's the first time we've ever seen a threat that can change how machinery works," O'Murchu said. "So it's very innovative and it's a real change in the threat landscape from that point of few."

According to O'Murchu, Stuxnet copies itself repeatedly to crawl through a network, infecting as many computers as possible but does not alter anything until it finds the computer running a very specific sequence. When it does, the worm takes over that process -- whether it's spinning nuclear centrifuges or mixing baby formula -- but masks its sabotage so the people running the machinery never notice any change. That way, the virus can alter, damage or destroy critical functions for months without anyone knowing until it's too late.

As a Congressional report released in December said, Stuxnet is "the world's first precision-guided cybermunition."