Stuxnet and the Future of Zero Day Exploits

Neil Jain
March 21, 2017

Submitted as coursework for PH241, Stanford University, Winter 2017


Fig. 1: Image of the Natanz nuclear facility, the main target of the Stuxnet attack (Source: Wikimedia Commons).

Stuxnet is the name of a computer virus used to attack Iranian Nuclear Facilities. The virus was first detected in 2010 but was suspected to have been uploaded during the early days of the Natanz nuclear facility (Fig. 1) by a contractor with a thumb drive. The attack is suspected to have been led by the US and Israeli governments in an effort to prevent Iran from enriching Uranium to create nuclear weapons. This attack was one of the first documented attacks of targeted cyber aggression by foreign governments. The operation was mostly successful and was reported to have destroyed almost a fifth of Iran's nuclear centrifuges. [1]

Zero Day Exploits

Stuxnet is a form of virus known as a zero day exploit. These types of exploits are called this because they give the users "zero days" notice before becoming active and implementing their attack. These type of exploits can lie dormant without detection for long periods of time and are hypothesized to be able to crack almost any form of device. While Stuxnet was the beginning, it started and unsettling trend yet to be addressed related to the future of cyber security. [1]

CIA Leak

These fears, while originally hypothetical, became real recently when notable leaking organization, WikiLeaks announced they had acquired a trove of CIA hacking tools, which contained many zero-day exploits. These exploits are believed to be able to hack into a multitude of devices including network routers, mobile phones, and smart TV's. Wikileaks has yet to release the tools themselves but many are currently fearing the dangerous potential if the wrong people are able to get their hands on these tools. [2]

Moving Forward

Clearly these tools pose a danger to cyber security as we know it. If any number of groups had access, they could use these to target data of millions, with few knowing what they would do with it. Moving forward, I believe it is on the responsibility of organizations like Wikileaks who possess these tools to work with tech companies to help them patch their exploits. Hopefully, this will allow many unsuspecting users to keep their private information safe

© Neil Jain. The author grants permission to copy, distribute and display this work in unaltered form, with attribution to the author, for noncommercial purposes only. All other rights, including commercial rights, are reserved to the author.


[1] K. Zetter, Countdown to Zero Day (Broadway Books, 2015).

[2] L. H. Newman, "WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets," Wired Magazine, 7 Mar 17.