Could the Stuxnet virus that sabotaged the Iranian nuclear program be used against the U.S. infrastructure or other high profile targets? A retired American general who was the head of the Central Intelligence Agency when Stuxnet would have been created calls the cyber weapon a "good idea," but warns it is out there now for others to exploit. Steve Kroft reports on Stuxnet and the potential consequences of its use in a "60 Minutes" story to be broadcast Sunday, March 4 at 7 p.m. ET/PT.
About two years ago, the all-important centrifuges at Iran's nuclear fuel enrichment facility at Natanz began failing at a suspicious rate. Iran eventually admitted that computer code created problems for their centrifuges, but downplayed any lasting damage. Computer security experts now agree that code was a sophisticated computer worm dubbed Stuxnet, and that it destroyed more than 1,000 centrifuges. Many believe the U.S., in conjunction with Israel, sabotaged the system. Retired Gen. Mike Hayden, once head of the NSA and CIA, who was no longer in office when the attack occurred, denies knowing who was behind it, but said, "This was a good idea, alright? But I also admit this was a big idea, too. The rest of the world is looking at this and saying, 'Clearly, someone has legitimated this kind of activity as acceptable.'"
Not only that, says Hayden, but the weapon, unlike a conventional bomb that is obliterated on contact, remains intact. "So there are those out there who can take a look at this...and maybe even attempt to turn it to their own purposes," he tells Kroft.
In fact, says Sean McGurk, who once led the Department of Homeland Security's efforts to secure U.S. systems from cyberattack , "You can download the actual source code of Stuxnet now and you can repackage it...point it back to wherever it came from." McGurk worries terrorists or a rogue country could refashion it to attack U.S. infrastructure like the power grid or water treatment facilities, even nuclear power plants. He tells Kroft he would never have advised anyone to unleash such a weapon. "They opened the box. They demonstrated the capability...it's not something that can put back."
The creators of Stuxnet never intended their worm to be discovered says one of the people most responsible for deconstructing its code. Liam O Murchu, an operations manager for computer virus security company Symantec, thinks whoever launched it partially failed because the virus was discovered. "You don't want the code uncovered, you want it kept secret," says O Murchu. "You want it to just keep working, stay undercover, do its damage and disappear."
Creating such a cyberweapon, so sophisticated it could be hiding in any number of computers but only strikes the target it was intended to, probably cost many millions. Now, with the code out there, it can be replicated cheaply. "You just need a couple of millions," says Ralph Langner, an expert in industrial control systems who also was instrumental in analyzing Stuxnet. And it wouldn't take the resources of a government to find the right people he says; they are on the Internet. "If I would be tasked with assembling a cyberforce, yeah, I would know whom to approach. So that's not a real secret," says Langner.