An Irishman living in the US was the first to decipher the complex nature of Stuxnet, a computer worm that affected Iranian nuclear facilities in 2010. The worm is believed to have been the work of the CIA or Israeli security forces.
The Stuxnet worm was capable of seizing control of the nuclear plans by targeting systems made by the German company Siemens. It was believed to be the first known worm to target major nuclear infrastructure facilities.
Liam O’Murchu (33) works as a manager of operations for Symantec Security Response in Southern California. He reviews significant malware threats to determine if they warrant further analysis.
When he came across Stuxnet, he passed it onto a fellow engineer to help him get experience. But when he reviewed the code himself, he realized it was much more complex.
“Everything in it just made your hair stand up and go, this is something we need to look into,” he told Wired.com.
After examining the first 5,000 bytes of the 500,000 byte code, the Irishman was satisfied this was a major new piece of code, . At the end of his initial assessment of the code, he signed it off to the research team in Tokyo. The company has labs in Europe, the United States, and Japan, so as to enable researchers to follow up in different time zones.
The team in Tokyo spent the weekend researching the components of Stuxnet and O’Murchu picked up where they had left off. He was joined in his task by Eric Chien, technical director of Symantec Security Response, and Nicolas Falliere, a senior software engineer and code analyst in Symantec’s Paris office.
When Chien and O’Murchu mapped the location of the infections, it emerged that the majority were coming from Iran.
“For the longest time we were thinking, well, maybe it just spread in Iran because they didn’t have up-to-date security software, and that if this gets over to the United States, some water-treatment plant or some train-control system or anything could be affected,” Chien told Wired.com.
"It was a big, big project," O’Mhurcu told Computerworld.
"This threat was specifically targeting Iran," he continued. "It's unique in that it was able to control machinery in the real world."