The five biggest hacks of all time

Stuxnet virus

Stuxnet is one of the best-known names when it comes to cyber attacks, and for good reason. The worm (a self replicating, self propagating computer virus) destroyed a fifth of Iran's nuclear centrifuges in 2009, seriously hindering the country's atomic plans.

But what makes Stuxnet really stand out among all the destructive malware out there was just how well crafted it was.

According to Trend Micro, the Stuxnet payload consisted of three parts: the worm itself (WORM_STUXNET), an execution .LNK file (LNK_STUXNET) that allowed the worm to auto-execute, and a rootkit (RTKT_STUXNET) that hid the worm's existence.

It was also propagated by an unusual means. For four years, it was thought the virus was introduced into the Natanz uranium enrichment facility, the primary target of the attack about 1,000 centrifuges were damaged, via an infected USB stick. However, researchers at Kaspersky Lab discovered in 2014 that the vector of attack was in fact the plant's supply chain.

Five organisations supplying Natanz were the initial victims of Stuxnet, including a company named NEDA, the lead supplier of the Siemens centrifuges that were the ultimate target of the worm. It's now thought that these organisations, and NEDA in particular, were the real vector of infection.

So why wasn't the worm detected at this initial point of infection? The answer lies in what Stuxnet did.

As Ralph Langner, one of the first people to decode the worm, described it, to describe it in an interview with the New York Times, Stuxnet was "a marksman's job". Unless you were running a uranium enrichment facility, it lay dormant, with the rootkit hiding its presence. There was no way for the Stuxnet Typhoid Marys to know they were being used by the attackers.

Speaking of whom, this leads us to the last question - whodunnit?

The sophistication of the Stuxnet program led many to believe it was created by a nation state and, given the target, that the US and Israel were probably involved.

Cables obtained by Wikileaks that were republished by The Guardian showed the US "was advised to adopt a policy of 'covert sabotage' of Iran's clandestine nuclear facilities, including computer hacking and 'unexplained explosions', by an influential German thinktank". The same thinktank informed US officials in Germany that this kind of undercover operation "would be 'more effective than a military strike' in curtailing Iran's nuclear ambitions".

Suspicions of the US' involvement were bolstered by documents leaked to New York Times journalist David Sanger.

In the end, the only reason we even know of Stuxnet's existence is thanks to a botched software update that led to the worm escaping into the wild, where security experts were able to analyse it.

Sanger's sources told him this led to panic in the newly installed Obama administration for precisely the reason that analysts would be able to dissect the virus and determine its creators. Vice President Joe Biden allegedly blamed the incident on the Israelis, which all but confirmed the two countries collaborated on the virus.

Next: bedroom hackers blow a hole in NASA and DoD defenses