This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth

Stuxnet—as the computer worm came to be called—had been discovered in bits and pieces in 2010 as it slithered its way through computers around the globe, using an unheard-of number of zero-day exploits, seven to be precise. Some were clearly designed to infect hard-to-reach—even offline—computers. One Microsoft zero-day allowed the worm to invisibly spread from an infected USB flash drive onto a computer undetected. Others allowed it to crawl across the network from there, climbing ever higher up the digital chain of command in search of its final destination: Iran’s Natanz nuclear plant, where it burrowed deep into the offline, or “air-gapped,” computers that controlled the rotors that spun Iran’s uranium centrifuges. And then, by remote command, Stuxnet silently spun some of Iran’s centrifuges out of control, while stopping others from spinning entirely. By the time Iran’s nuclear scientists discovered that a computer worm was responsible for the destruction of their centrifuges, Stuxnet had already destroyed a fifth of Tehran’s uranium centrifuges and set Iran’s nuclear ambitions back years.