IRIB Iranian TV via Reuters TV file
Workers are seen in what was described by Iranian state television as the control room at a uranium enrichment facility in Natanz, Iran, in this image taken from video released on Feb. 15.
When the worm dubbed “Stuxnet” wriggled into public view in July 2010, computer security experts recognized almost immediately that it was no ordinary piece of malware.
“This particular attack targets the industrial supervisory software SCADA,” Juraj Malcho, head of the Virus Lab at the Slovakia-based security firm ESET, wrote at the time. “In short, this is an example of malware-aided industrial espionage.”
It took months of analysis before experts were able to identify the target of the cyberattack: Iran’s nuclear program.
The worm, they discovered, was a powerful new tool for mayhem, capable of both surveillance and harming computers. It was initially spread using infected removable drives, such as USB drives, via the Microsoft Windows operating system. But its ultimate target was the control software known as SCADA, manufactured by the German engineering giant Siemens and used to control major industrial systems.
Stuxnet only burst into the limelight, they said, after escaping from those systems and spreading “into the wild” across the Internet.
U.S. officials later told NBC News that Stuxnet was directed at the centrifuge center at Iran’s Natanz uranium enrichment facility. When the worm got in and corrupted the control software, the motors that control the uranium centrifuge operations didn’t operate correctly, wobbling instead of spinning the way they’re supposed to, according to the officials, who spoke on condition of anonymity.
While the Washington was identified almost immediately by experts as the most likely perpetrator of the attack, U.S. officials later confirmed that Israel had collaborated with U.S. intelligence in a joint project aimed at disrupting the Iranian program.
More than two years later, the impact and consequences of the cyberattack remain open to debate.
Cybersecurity experts tell NBC News that the attack may not have done as much damage to the Iranian nuclear effort --which Tehran insists is geared toward developing nuclear energy, not weapons – as was initially reported in some media accounts.
And it has raised the stakes in the race to create online weaponry.
Iranian Ambassador Hossein Moussavian, in a Feb. 21 appearance at the Center for National Security at Fordham Law School, said the attack prompted Tehran to make development of its own cyberwar capability a priority.
“The U.S., or Israel, or the Europeans, or all of them together, started war against Iran,” he said. “Iran decided to have…to establish a cyberarmy, and today, after four or five years, Iran has one of the most powerful cyberarmies in the world.”
Scott Borg, a U.S.-based cybersecurity expert, said that while Iran may be exaggerating its offensive capabilities, there is no doubt that it has developed a “serious capability” to wage cyberwar.
“It's exaggerating the present capabilities,” he said, “but it’s working toward the future."
As an example, Borg and U.S. officials note that when the U.S. leveled new sanctions on Iranian banks last year, U.S. banks suddenly came under attack – apparently from Iran itself or its hired proxies.
The former head of cybersecurity for the White House, Frank Cilluffo, testified before Congress at the time that “we were waiting for something like this from Iran.”
“The government of Iran and its terrorist proxies are serious concerns in the cyber context. What Iran may lack in capability, it makes up for in intent. They do not need highly sophisticated capabilities—just intent and cash — as there exists an arms bazaar of cyber weapons, allowing Iran to buy or rent the tools they need or seek.”
More from NBC News Investigations:
- Report: Millions wasted on disappearing tractors, solar panels in Afghanistan
- Disabled workers paid just pennies an hour — and it's legal
- Google: 'We're not in cahoots with the NSA'
Read and vote on readers' story tips and suggested topics for investigation or submit your own.