Stuxnet material by Langner

Our Stuxnet analysis is considered a milestone in cyber forensics.
Here is your one-stop place where you can access our most consequential material.

background

In the summer of 2010, a malware of unprecedented complexity made the news. It used multiple zero-day exploits, and was dubbed “Stuxnet” by anti-virus companies. Even though it proved to be the most sophisticated piece of malicious code known to man, nobody had a clue what its purpose was. The simple reason was, because all IT security experts were looking in the wrong direction. Stuxnet didn’t act like any previous malware before. Its objective was not the theft or manipulation of data. It was the physical destruction of gas centrifuges in the Natanz fuel enrichment plant, the crown jewel of Iran’s nuclear program.

Once that rumors emerged that Stuxnet could be targeting industrial control systems, our team downloaded a copy of the malware and started an analysis that ultimately spanned three whole years. During the course of this analysis, we:

– identified that Stuxnet was a targeted cyber-physical attack, aimed at one specific, unique target
– identified that this target was the Iranian nuclear program (something that nobody wanted to believe first)
– analyzed the exact details of how this attack, or more accurately: these two attacks, were intended to work.

Langner’s Stuxnet analysis team, from left to right: Ralf Rosen, Andreas Timm, Ralph Langner. Picture taken on Sep 16, 2010, when we published that Stuxnet was a targeted cyber-physical attack against the Iranian nuclear program.

Documents

To kill a centrifuge

A summary of three years of forensic analysis, with a special focus on how the two versions of Stuxnet are dramatically different, and what that means for understanding the campaign.

Stuxnet’s secret Twin

Abbreviated version of “To kill a centrifuge” for Foreign Policy

Stuxnet und die folgen

Updated and largely enhanced 2017 German language version of “To kill a centrifuge”. With lots of material that was excluded from the original English language text

Videos

Ralph Langner’s TED talk
Stuxnet Technical Deep Dive at S4x12
“60 Minutes” Segment on Stuxnet
Non-Technical Talk at Zurich Minds
Can you HEAR Stuxnet?
German Language Introduction