Basics Master - Part 0

From Abacus to Stuxnet

Knowing the history and evolution of the programming languages is essential for me to understand how and why there was a necessity for creating new programming languages. What actually are programming languages and why should even someone invent it? Well, for mathematical and computational reasons, it should be possible for us to say, there must be a way to program a computer to do what it is told, via simple instructions - the programming languages serve as a bridge between human and a machine.

#c #introduction

The Full Story: From Abacus to Stuxnet

PART I — Before Electricity: The Age of Manual Computation

The Abacus (~2700 BCE)

The Sumerian abacus appeared between 2700 and 2300 BC. It held a table of successive columns which delimited the successive orders of magnitude of their sexagesimal (base 60) number system. Wikipedia

This is the first computing device humans ever built. No electricity. No transistors. Just beads on rods. But the idea it embedded was revolutionary: numbers can be physically represented and manipulated by a system. That single idea is the seed of everything — including Stuxnet.

The abacus appeared independently across different cultures — the Sumerian abacus used in Mesopotamia based on the base-60 number system, the Greek Salamis Tablet (~300 BC) which is the oldest surviving counting board, the Roman abacus using pebbles on grooved boards, the Chinese Suanpan (~2nd century BC) with a two-deck bead design, and the Japanese Soroban (14th century), a simplified version still taught in Japanese schools today. The key idea wasn’t the device itself but the concept: numbers could be physically represented and manipulated. This principle underlies all computing today. Acme Collins School

Mechanical Calculators — The 17th Century

Blaise Pascal invented the Pascaline, which could add and subtract directly by turning dials connected to a series of gears. Though limited in function, it marked an important step toward automated calculation. Gottfried Wilhelm Leibniz advanced this further, introducing multiplication and division via a stepped drum mechanism. Leibniz’s work also laid the theoretical foundation for binary computation, which modern computers use today. Exploretoday

Binary. Leibniz in the 1600s. The same binary that every modern CPU runs on. The same binary that Stuxnet’s shellcode is encoded in.

Charles Babbage and Ada Lovelace — The 1800s

Charles Babbage invented the Analytical Engine, a mechanical computer that could execute a variety of calculations, in 1837. It was never constructed during Babbage’s lifetime, but because it used punched cards for input and output, it is regarded as a forerunner to current computers. Cointelegraph

During 1842–1849, Ada Lovelace translated the memoir of Italian mathematician Luigi Menabrea about Charles Babbage’s newest proposed machine — the Analytical Engine. She supplemented the memoir with notes that specified in detail a method for calculating Bernoulli numbers with the engine, recognized by most historians as the world’s first published computer program. Wikipedia

Ada Lovelace wrote the first algorithm. Not for a computer that existed. For a machine that was purely theoretical. She saw what Babbage himself didn’t fully grasp — that a machine that manipulates symbols can compute anything, not just numbers.

PART II — Electricity Arrives: The Electronic Era

Vacuum Tubes and ENIAC — 1940s

In 1945, the Electronic Numerical Integrator and Computer (ENIAC) emerged as the first general-purpose electronic digital computer. It used 17,000 vacuum tubes, filled an entire room, consumed enormous electricity, yet could perform thousands of calculations per second. It was programmable, though it required manual rewiring. Acme Collins School

ENIAC was programmed by physically rewiring the machine. There was no language. There were no files. You were the instruction set. You moved cables to change what the machine did.

This is the zero point of programming. Below Assembly. Below machine code. Pure hardware logic.

Transistors — 1947

John Bardeen, Walter Brattain, and William Shockley’s 1947 creation of the transistor at Bell Laboratories revolutionized computers. Smaller, faster computers were created as a result of the replacement of cumbersome vacuum tubes by smaller, more dependable electrical components known as transistors. Cointelegraph

The transistor is the atom of modern computing. A switch. On or off. 1 or 0. Every program ever written — including Stuxnet — ultimately runs as billions of transistors switching states per second.

PART III — The Birth of Programming Languages

Machine Code and Assembly — 1940s–1950s

After ENIAC, the next step was machine code — raw binary instructions fed directly to the CPU. Then came Assembly language.

The first computer to use assembly language was the Electronic Delay Storage Automatic Calculator in 1949. Assembly language is a low-level programming language designed to simplify the machine code for writing instructions for processors. Praxent

Assembly is a thin human-readable layer over machine code. Instead of writing 10110000 01100001, you write MOV AL, 61h. Each Assembly instruction maps directly to one CPU instruction. There is no abstraction. You control every register, every memory address, every clock cycle.

Stuxnet’s inner payload — the part that actually attacked the Siemens PLCs — was written partly in Assembly. Because at that level of precision, you need to.

FORTRAN — 1957

John Backus, a mathematician at IBM, realized that a new language was needed that would be both fast and more like mathematics than assembly language. After three years of work, Backus and his team introduced FORTRAN (FORmula TRANslation). It came with a manual, the first programming language to do so. It also allowed comments in the program — lines in the code that were not commands to be executed but that could contain annotations about what the program did. Britannica

FORTRAN was the first moment programmers could think in problems instead of hardware. Instead of managing registers, you wrote equations. The compiler handled the translation.

COBOL — 1959

In 1959, Mary Hawes identified the need for a programming language designed for businesses that could do things like monthly payrolls and record inventory. The U.S. Department of Defense was asked to sponsor a conference that would develop such a language. The result was COBOL, COmmon Business-Oriented Language. COBOL was designed to be written more like the English language than FORTRAN and ALGOL. It had a record data structure in which data of different types (such as a customer’s name, address, phone number, and age) were clustered together. Britannica

COBOL introduced the record — structured data. The direct ancestor of C’s struct. The same struct you will write when you analyze how Stuxnet packaged its PLC configuration data.

COBOL became widespread through businesses and government, and in 2017 it was estimated that 95 percent of card transactions at ATMs still used the language. Britannica

It still runs the world’s financial infrastructure. Right now. Invisibly.

ALGOL — 1958

The ALGOL 60 Report consolidated many ideas circulating at the time and featured three key language innovations: nested block structure, where code sequences and associated declarations could be grouped into blocks; lexical scoping, where a block could have its own private variables invisible to code outside that block; and a mathematically exact notation, Backus–Naur form (BNF), used to describe the language’s syntax. Wikipedia

ALGOL served as a starting point in the development of languages such as Pascal, C, C++, and Java. Online College Plan

ALGOL is the common ancestor. The tree that C grew from. When you write a block { } in C, you’re using a concept born in ALGOL.

B Language — 1969

Bell Labs, MIT, and General Electric collaborated on Multics, a project to create an operating system for a time-sharing computer. Bell Labs saw the Multics project as too complex to ever be successful and withdrew in 1969. However, from the ruins of Multics came Unix. For Unix, programmer Ken Thompson created a stripped-down programming language called B. However, B did not distinguish between different types of data, such as integer numbers and characters. Britannica

B was C’s direct parent. Lean. No types. Built for one purpose — to write Unix.

C Language — 1972

In 1971, Dennis Ritchie added a character type to B and created a new language that he briefly called “new B” and later called C. By the time C was basically finished in 1972, the language was so powerful and flexible that much of the UNIX operating system was written in it. Britannica

C uses pointers extensively and was built to be fast and powerful at the expense of being hard to read. Unix gives C such advanced features as dynamic variables, multitasking, interrupt handling, forking, and strong, low-level, input-output. Brown University

C is the language closest to the machine while still being human-writable. It gives you direct memory access, pointer arithmetic, manual allocation — the same tools that malware authors use. Stuxnet’s Windows-side dropper was written in C and C++. To understand it means understanding exactly what C lets you do with memory and files.

C++ — 1983

Bjarne Stroustrup modified the C language at Bell Labs. The result was C++, which had augmentations such as classes, templates, and virtual functions. C++ is now used in MS Office, Adobe Photoshop, and various types of high-performance software. IEEE Computer Society

Stuxnet’s Windows-side components used C++. The object-oriented layer allowed the authors to build modular, hidden, self-updating code with clean separation between the dropper, the rootkit, and the payload.

PART IV — The World Stuxnet Was Born Into

By 2007, the computing world looked like this:

  • Windows XP and Windows 7 dominated industrial environments
  • Siemens Step7 software ran on Windows and programmed PLCs
  • Industrial control networks (SCADA) were assumed to be air-gapped and therefore safe
  • USB autorun was enabled by default on Windows
  • Digital certificate signing was trusted by the OS without deep verification
  • Four previously unknown (zero-day) vulnerabilities in Windows existed, unpatched

These were the conditions Stuxnet was engineered to exploit.

PART V — Stuxnet: The World’s First Cyberweapon

Origin and Purpose

Stuxnet was a highly complex digital malware that targeted and physically damaged Iran’s clandestine nuclear program from 2007 until its cover was blown in 2010 by computer security researchers. Reports following its discovery attributed the creation and deployment of Stuxnet to the United States and Israel. FSI

The first version of Stuxnet was built and unleashed by the Bush administration in 2007. Iran accelerated its enrichment process in 2008, leading to fears it would have enough uranium to build a bomb by 2010. President Barack Obama inherited the program, and not only continued it but accelerated it. Another, more aggressive version of Stuxnet was unleashed in June 2009 and again in 2010. FSI

The Target

Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. Wikipedia

It only attacks those PLC systems with variable-frequency drives from two specific vendors: Vacon based in Finland and Fararo Paya based in Iran. Furthermore, it monitors the frequency of the attached motors, and only attacks systems that spin between 807 Hz and 1,210 Hz. This is a much higher frequency than motors typically operate at in most industrial applications, with the notable exception of gas centrifuges. Wikipedia

This is surgical precision in software. It wasn’t just targeting Iran. It was targeting one specific room in one specific building running one specific hardware configuration. If your system didn’t match — it did nothing.

How It Got In

Iran’s nuclear facilities were air-gapped — meaning they weren’t connected to a network or the Internet. For a malware attack to occur on the air-gapped uranium enrichment plant, someone must have consciously or subconsciously added the malware physically, perhaps through an infected USB drive. Malwarebytes

The earliest samples dated back to June 2009. The first wave of Stuxnet attacks probably started at this time, consisting of 10 initial infections targeting five organisations inside Iran. CCDCOE

An air-gap is a physical isolation — the machine is never connected to the internet. The only way in is physical media. Someone carried it in. Whether a double agent or an unwitting engineer with an infected USB drive, we still don’t know for certain.

The Four Zero-Days

Stuxnet performed not just one but four zero-day exploits — hacks that take advantage of vulnerabilities previously unknown to the white-hat community. The LNK vulnerability is used to spread via USB sticks. The shared print-spooler vulnerability is used to spread in networks with shared printers, which is extremely common in networks. IEEE Spectrum

Using four simultaneous zero-days was unprecedented. Most sophisticated malware uses one. Nation-states hoard zero-days like weapons. Using four at once was a statement — this operation was more important than saving those vulnerabilities for future use.

The Attack Sequence

This worm attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment such as centrifuges. Finally, it compromised the programmable logic controllers. IEEE Spectrum

Once inside the PLCs:

Stuxnet installs malware into memory block DB890 of the PLC that monitors the Profibus messaging bus of the system. When certain criteria are met, it periodically modifies the frequency to 1,410 Hz and then to 2 Hz and then to 1,064 Hz, and thus affects the operation of the connected motors by changing their rotational speed. Wikipedia

The centrifuges spin at precise frequencies to separate uranium isotopes. Stuxnet would suddenly spin them too fast — then too slow — then normal again. The mechanical stress destroyed them from within. Metal fatigues. Bearings fail. The centrifuge tears itself apart.

The Lie — The PLC Rootkit

This is the most elegant and terrifying part.

After hijacking the sent commands, Stuxnet replays reassuring fake data to the operator (previously recorded), discarding the real data coming from the PLC’s sensors, so that everything on the HMI station looks to be in order. This is a PLC rootkit functionality, and so far seems to be the first of its kind. CCDCOE

The operators saw normal readings. The computers showed everything was fine. Meanwhile the centrifuges were being physically destroyed. The machines were lying to the humans watching them. That is the essence of a rootkit — intercept reality, replace it with a fabricated version.

Discovery

Stuxnet was discovered by Sergey Ulasen under the internet security company VirusBlokAda. While working on a customer complaint that their computer kept rebooting, he discovered that the Stuxnet malware was on the computer. Ucsc

In 2010, the International Atomic Energy Agency was touring a uranium enrichment center in Iran and was confused by the high rates of failure with the center’s centrifuges. A few months later, a computer security company in Belarus located malicious files on the Iranian computers. EBSCO

It was found by accident. A customer complaint about a rebooting PC in Belarus led to the unraveling of the most sophisticated cyberweapon ever built at that point. By the time it was found, it had already done its job.

The Damage

Stuxnet reportedly destroyed almost one-fifth of Iran’s nuclear centrifuges. Wikipedia

At least 1,000 centrifuges, of the 9,000 present at Natanz, were damaged beyond repair. AFCEA International

One software program. No bombs. No soldiers. 1,000 machines physically destroyed from the inside.

The Legacy

Stuxnet’s design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems, most of which are in Europe, Japan and the United States. Wikipedia

The weapon that was built to stop one country from getting a nuclear bomb also proved that every industrial system on Earth — power grids, water treatment, manufacturing plants, hospitals — is a potential target for the same class of attack.

The Line from Abacus to Stuxnet

2700 BCE  Abacus           → Physical representation of numbers
1600s     Binary/Leibniz   → The 1/0 foundation of all computing
1800s     Babbage/Lovelace → First algorithm. First program concept
1945      ENIAC            → First electronic general-purpose computer
1947      Transistor       → The atom of modern hardware
1949      Assembly         → First human-readable machine instructions
1957      FORTRAN          → First high-level language
1959      COBOL            → Structured data (ancestor of structs)
1958      ALGOL            → Block scope, syntax — ancestor of C
1969      B Language       → Direct parent of C. Built for Unix
1972      C                → Direct memory, pointers, file I/O
1983      C++              → Object orientation on top of C
2007–2010 Stuxnet          → C + C++ + Assembly + Windows internals
                              + Siemens PLC knowledge + four zero-days
                              = first cyberweapon that broke physical machines

Every layer built on the one before it. Stuxnet didn’t appear from nowhere. It is the logical endpoint of 4,700 years of humans building systems that manipulate symbols to control the physical world.