The Stuxnet computer virus is the "Hiroshima of cyber-war." That's according to an article the latest edition of Vanity Fair. Most folks might remember it as the virus that was rumored to be unleashed by Israel in attacking Iran's nuclear facility--the one that made its uranium enrichment centrifuges go haywire. The name "Stuxnet" was first coined by a Microsoft researcher after it showed up in the company's operating system. But does the connection end there? Or, as a Russian malware expert hints in the VF piece, was Microsoft another shadowy player, along with the CIA and Israel's Mossad intelligence agency, in its unleashing?
A self-replicating computer virus, called a worm, was making its way through thousands of computers around the world, searching for small gray plastic boxes called programmable-logic controllers--tiny computers about the size of a pack of crayons, which regulate the machinery in factories, power plants, and construction and engineering projects. These controllers, or P.L.C.'s, perform the critical scut work of modern life. They open and shut valves in water pipes, speed and slow the spinning of uranium centrifuges, mete out the dollop of cream in each Oreo cookie, and time the change of traffic lights from red to green.
The worm was complicated to the point of being treated like a fine piece of art by those agencies and firms that had quickly set about dissecting it. One such researcher, Eugene Kaspersky, co-founder and C.E.O. of Kaspersky Lab in Moscow, dove into researching the virus and soon found himself working directly with Microsoft, which was seeing the virus pop up in certain operating systems.
The virus was indeed so complicated and so unique that he concluded it had to have been written by a government agency, as no mere basement hacker could have come up with it. Also, and perhaps most important, the author(s) of the virus would have had to have received source code directly from Microsoft.
"We are coming to the very dangerous zone. The next step, if we are speaking in this way, if we are discussing this in this way, the next step is that there were a call from Washington to Seattle to help with the source code."
In the months since Stuxnet's discovery, more than 62,000 computers in Iran are said to be infected, and centrifuges at the country's Natanz nuclear facility have been severely compromised.
Rumors have abounded as to who was behind the attacks. But most theories involve the U.S., Israel, and possibly Jordan.
What Microsoft did in naming the virus, studying it, and coming up with defenses for it is mostly on the books. What the company did before it was discovered and behind the scenes are very much off the books.
But tailor-making a complex computer virus to move easily through a Microsoft operating system would certainly benefit from having a Microsoft engineer or two on hand. In fact, it may have been impossible without them.