Researchers now know that the sabotage-oriented code first attacked five component vendors that are key to Iran's nuclear program, including one that makes the centrifuges Stuxnet was targeting. These companies were unwitting Trojan horses, security firm Kaspersky Lab says. Once the malware hit their systems, it was just a matter of time before someone brought compromised data into the Natanz plant (where there's no direct internet access) and sparked chaos. As you might suspect, there's also evidence that these first breaches didn't originate from USB drives. Researchers saw that Stuxnet's creators compiled the first known worm mere hours before it reached one of the affected companies; unless there was someone on the ground waiting to sneak a drive inside one of these firms, that code reached the internet before it hit Natanz.
This attack-a-trusted-user technique isn't shocking in light of the National Security Agency's frequent use of malware against network administrators, and it supports leaks suggesting that Stuxnet has American roots. That's reinforced by additional claims in the book; it notes that the closely linked Duqu worm may have served as a "forward scout," swiping security certificate technology that could be used to make rogue code (possibly including Stuxnet) appear legitimate. With that said, Kaspersky and other investigators have yet to confirm the origins of the cyberattacks. They can tell you where Stuxnet and Duqu went, but not where they started.
[Image credit: IIPA via Getty Images]