by Kim Zetter
Stuxnet, and its ancillary espionage tools, were the state of the art at the time they were developed and unleashed, but that state has no doubt been surpassed by other digital tools developed in its wake that have yet to be detected and may not be for many years.
While the writing of this book was difficult, it was made easier by the enormous help and support I received from many people.
The book would not have been possible without the encouragement and support of my agent, David Fugate, who first reached out to me in 2007 following the publication of a three-part series I wrote for Wired about the digital underground of carding forums and the fascinating community of bank card thieves that inhabit them. Though I decided not to expand that series into a book, David remained in touch over the next few years, periodically reaching out to say he was still interested in collaborating and asking if I had any project in mind.
Throughout the proposal process and the writing of this book, he remained a steadfast supporter, providing valuable feedback and the seasoned perspective of a publishing veteran while lending the right amount of encouragement when needed the most. He’s the kind of advocate every writer should have in his or her corner.
In addition to David, my editor at Crown/Random House, Julian Pavia, played a great role in helping to shape the book and keep it on path. This was a difficult project to wrangle, but Julian did it with grace and patience, even as the content unexpectedly changed and deadlines passed. Additionally, Julian did a masterful job of streamlining the technical details to balance the narrative flow and refine my sometimes jagged prose.
I’d also like to thank Kim Silverton, editorial assistant at Random House, for her timely and helpful feedback on the manuscript during the editing phase, as well as the publicity and marketing teams—Sarah Breivogel, executive publicist at Random House, Sarah Pekdemir, senior marketing manager, and Jay Sones, director of marketing at Crown—for their enthusiastic backing of the book.
The book would not exist, however, without all of the talented researchers who did the hard work of deciphering Stuxnet and its arsenal of tools and who provided me with untiring assistance to help me get the details right. These include Sergey Ulasen of VirusBlokAda and now Kaspersky Lab, and Oleg Kupreev of VirusBlokAda, who sounded the first alarm and got the rest of the world to take note of the strange code discovered in Iran.
They also include, of course, the brilliant and hard-working team at Symantec—Eric Chien, Liam O’Murchu, and Nicolas Falliere—whose curiosity, persistence, and skill provided the most important pieces of the Stuxnet puzzle and ensured that the code would not pass quietly into obscurity. The three of them were extremely generous with their time and endured many rounds of questions in the midst of busy schedules to share their views and expertise.
I cannot express enough gratitude to them and to the equally brilliant and tireless global research and analysis team at Kaspersky Lab—Costin Raiu, Aleks Gostev, Roel Schouwenberg, Kurt Baumgartner, Vitaly Kamluk, and the rest of the company’s global group of researchers–who impressed me repeatedly with their skill and devotion to chasing down the tiniest details of very complex attacks, even though working with them often involved 6 a.m. phone calls on my end to accommodate the time difference with Eastern Europe. I’m particularly grateful to Costin for going beyond the call of duty, sometimes at the expense of time with his family, and for his remarkable wisdom, memory, and attention to detail, which helped me keep track of the many maddening facts that grew more extensive with each new discovery.
I’m also very grateful to Greg Funaro and Ryan Naraine at Kaspersky Lab who had an uncanny ability to anticipate what I needed before I knew I needed it and who had an unwavering commitment to leaving no question unanswered. Ryan’s former job as a top security journalist, combined with his technical expertise, made him the perfect liaison with the research team.
In addition to the Symantec and Kaspersky research teams, the story of Stuxnet could not be told without the work of Ralph Langner and his colleagues Ralf Rosen and Andreas Timm. Ralph’s passion for Stuxnet kept it alive in the press and brought it to the attention of mainstream media, while his extensive knowledge of industrial control systems helped the public understand Stuxnet’s broader implications for the security of critical infrastructure. I’m grateful for the many hours he spent with me on the phone and in person to help me make sense of Stuxnet’s broader context. His frank and straightforward manner cut to the heart of the issues and ensured that the public could not dismiss or overlook the importance of Stuxnet. I’m also grateful to Ralf Rosen for the time he gave to speak to me about their work on Stuxnet and for reviewing some of the completed text for accuracy.
Similarly, Boldizsár Bencsáth was immensely generous with his time and expertise, providing kind and invaluable assistance that helped me unravel a few mysteries and understand the ways in which all of the attacks were connected.
In addition to these researchers, I’m greatly indebted to David Albright at the Institute for Science and International Security, who helped not only me but also Symantec and Ralph Langner with understanding Stuxnet’s effects on Natanz and the enrichment process. Both he and Olli Heinonen, formerly of the IAEA and now a senior fellow at Harvard’s Belfer Center for Science and International Affairs, provided great insight into the Iranian nuclear program in general and to the enrichment process at Natanz in particular.
In addition, I’d like to thank Corey Hinderstein, now with the Nuclear Threat Initiative, for providing me with her firsthand memories of the press conference where Natanz was first exposed and her work uncovering the infamous satellite images.
I’d also like to thank Dale Peterson, Perry Pederson, Joe Weiss, and Mike Assante for helping me understand the wider effects of Stuxnet and weapons like it on critical infrastructure. Dale and Perry were especially helpful in reading the chapter on industrial control systems and providing feedback.
Similarly, I’d like to thank Jason Healey and Marcus Sachs for providing background information about the early days of the government’s digital warfare program and to Jason for providing perspective on the implications of Stuxnet and Flame and where we go from here. I’d also like to thank Charlie Miller and Chaouki Bekrar for their frankness in discussing the zero-day market and helping me understand the motivations that drive this market.
In addition to all of these people, there are others who sat for interviews or read through chapters or parts of chapters to provide welcomed and helpful feedback. Some of them I have named here; many others have asked to remain anonymous.
One reader I’d like to thank in particular is Andrea Matwyshyn, a good and valued friend who has been supportive of my work and career for many years and who took some of these chapters with her to conferences and holidays to provide the feedback I needed in a timely manner. I’d also especially like to thank Cem Paya, another good friend and supporter of my work who took chapters on holiday to Turkey and even read various versions of chapters several times to ensure that the technical details were accurate and consistent.
This book on Stuxnet is the culmination of more than a decade of experience reporting on cybersecurity, hackers, and the security community, all of which helped sharpen my knowledge and understanding of these complex issues. I’d like to thank the many friends, family, and colleagues who have provided much support, inspiration, guidance, encouragement, good editing, and a voice of reason over the years, including Richard Thieme, Dan Goodin, Elinor Mills, and Rob Lemos, as well as my Wired colleagues past and present—Chuck Squatriglia, Jim Merithew, Kevin Poulsen, Ryan Singel, and David Kravets. I’d also like to thank David Zetter and Mark Zetter for their enduring support and many good memories.
this book with friends