DEC 2 - The code inside the cyber weapon to attack Iran’s nuclear program traces back to 2006, according to cyber warfare expert John Bumgarner, who has spent more than a year studying samples of the malicious software and analyzing other data related to the unprecedented effort. His claims have not been independently confirmed.
Here are some key milestones he says he has uncovered related to the attack on a heavily secured underground uranium enrichment facility at Natanz, Iran.
* May 2006 - Engineers compile code for a component of Stuxnet that will allow them to attack programmable logic controllers, or PLCs, manufactured by Siemens of Germany. Iran’s nuclear program uses Siemens PLCs to control the gas centrifuges in its uranium enrichment facilities.
* 2007 - Duqu, a data-stealing piece of malware, is deployed at targeted sites in Iran and some of its allies, including Sudan.
* Late 2007 - Engineers write the code for the “digital bomb” component of Stuxnet, allowing those behind the attack to force the gas centrifuges to rotate at faster-than-normal speeds, which is what damaged the sensitive equipment when the cyber weapon was eventually deployed.
* November 2008 - Conficker appears, starts to spread rapidly.
* December 2008 - Actors behind Stuxnet start running www.mypremierfutbol.com, a website appealing to soccer fans that will eventually be used to cloak traffic traveling between machines infected with Stuxnet and the server controlling them.
* January 2009 - They start running www.todaysfutbol.com, which will be used for the same purpose.
* January 2009 - Spread of Conficker peaks and engineers continue writing code for key components of Stuxnet.
* March 2009 - Conficker Variant C is deployed. This version will be used to deliver Stuxnet to Iran.
* April 1, 2009 - Attackers begin to deploy Stuxnet to Iran on the 30th anniversary of the declaration of an Islamic republic in Iran.
* January 2010 - Operators of Stuxnet accelerate program by adding new malware components that make it spread faster and also make it more dangerous.
* March 2010 - Stuxnet operators add additional components to the malware to make it even more powerful.
* June 2010 - Computer security firm VirusBlokAda identifies Stuxnet as a piece of malware after reviewing a sample that was found in Iran.
* July 2010 - Cyber security blogger Brian Krebs breaks news of Stuxnet on his website.
* November 2010 - Iran President Mahmoud Ahmadinejad discloses that a cyber weapon had damaged gas centrifuges at his nation’s uranium enrichment facility. “They did a bad thing. Fortunately our experts discovered that,” he said.
Reporting by Jim Finkle. Editing by Martin Howell