September 24, 2014 | 6 Comments

Stuxnet: Anatomy of a Computer Virus (Patrick Clair)

From the curators: Patrick Clair’s motion infographic Stuxnet: Anatomy of a Computer Virus thoughtfully unpacks, animates, and visualizes the inner workings of the elusive malware that has been dubbed “the first weapon made entirely of code.” This intricately constructed computer virus—consisting of a worm, file shortcut, and rootkit—was designed to disrupt specific programming instructions (Programmable Logic Controllers, or PLCs) run on Windows operating systems. These systems typically control automated manufacturing and monitoring—think assembly lines and industrial plants. The Stuxnet virus worked in two waves, with the first mapping a blueprint of the plant operating systems in order for the second to effectively disrupt it. By exploiting unknown security gaps, the virus was able to destroy 20% of Iran’s nuclear centrifuges, while simultaneously relaying normal readings to the plant operators. Delivered via a USB thumb drive, the attack—which was first detected in June 2010 but may have been circulating a year prior—was described in the journal Foreign Policy as one that “changed global military strategy in the 21st century.” The game-changing malware, which has been linked to a policy of covert warfare against Iran’s nuclear armament by the U.S. and Israel, is considered to be the world’s first weaponized piece of software. Its creators still remain at large.

My own first encounter with design and violence was at the age of 15. As a high school student in Moscow I had to take two years of mandatory classes in military education. We spent many months practicing taking apart and reassembling the masterpiece of the “design meets violence” genre: the legendary Kalashnikov rifle. Because it consists of only a handful of pieces, I was able to take it apart in something like 11 seconds, and put it back together in 16 (achieving this within a certain time was required for passing the course).

I suppose this background gives me some level of qualification to reflect on some projects in the Design and Violence initiative, like Patrick Clair’s video infographic on Stuxnet. Today weapons include viruses and various other techniques of cyberwarfare and cyber spying. If mid-20th-century non-networked weapons like the Kalashnikov could only operate within an immediate line of sight, computer viruses and worms such as Stuxnet can replicate, moving from computer to computer around the world. They can also attack hardware and other systems these computers control.

Discovered in 2010, Stuxnet is the first known computer worm to spy on and reprogram industrial systems. It hops across computers that run Windows and industrial software from Siemens used to control a variety of large-scale infrastructure systems, including plants. Stuxnet affected facilities in a number of countries, including Iran, Indonesia, India, and the U.S. Because of the unusual complexity of its code and its size, it has been speculated that it was developed by a nation-state. (According to a 2012 New York Times article, the U.S. and Israel collaborated on its design.)

Because Stuxnet has been in and out of the news for a few years now, there are a number of well-designed media presentations explaining its history, effects, and operations (besides dozens of articles). They include a nice diagram that accompanied this New York Times article, and a dynamic 2011 TED video from the key German scientist Ralph Langner, who worked on analysis of the worm. (The video has received over one million views to date.) As always, the most detailed single source is the Wikipedia page, which has been edited 1,469 times by 681 distinct authors, and received over 33,000 views in March of this year alone.

Knowing about all this coverage of the Stuxnet worm helps in thinking about Patrick Clair’s video, produced for an Australian TV program in 2012. In contrast to the more complete narrative of the worm history presented on Wikipedia, Clair’s video presents only one dramatic episode in this history: the discovery that Stuxnet affected Iranian nuclear reactors. The video uses the contemporary language of motion graphics, with plenty of animated 2-D and 3-D text, unexpected 90-degree camera turns, super-fast zooms, and vector 3-D graphics. As is typical, the movement never stops. Forms are transformed, added, and multiplied without pause. This constant movement is visually engaging but also troubling. The color wireframes and robotic camera moves look cool, but do we actually see “facts” or separate “events,” or only “stories”? The constantly flowing animation works differently than a typical news broadcast that contains breaks and discontinuities—between narration and interviews, between the voice and full-screen photos and video. These breaks and discontinuities may interrupt the viewer’s immersion in the story, but might leave space for the viewer to digest and make any ultimate understanding more nuanced. But in the motion graphics narrative, there are no such breaks or juxtapositions of media types. Instead the story literally “unfolds” in one continuous 200-second-long animation, further supported by the constant music beat in the background.

Branding Stuxnet as “the first weapon made entirely out of code” (this may be true or not, depending on your definition), the video tries to convey the worm’s operation through visual forms and metaphors. For example, at 1:30 min., the familiar Kalashnikov rifle appears on the screen, presented as a wireframe model. The wireframe rifles multiply and become smaller to spell the word “code,” linking the physical and electronic forms of assault weaponry. (It reminds me of how, at the end of our course in my Moscow high school, we were taken to a real military range out of town to practice what we learned, and my fellow students and I, each with a heavy Kalashnikov in hand, made a long line across a white winter field and then shot at the targets.)

Like with many other design works today, the video’s true subject is the “stuff” our software society is made from—data (big and small), algorithms, distributed client-server systems, global networks, networked hardware. And, like these other works, it tries to give this stuff a visible form. And because this stuff largely exists outside of the scales of human body and perception—because it is too big, too fast, or too distributed—the task is quite hard.

I refer to such cultural projects using the term “info-aesthetics,” and they come not only from the data visualization field but also many others—from motion graphics and HCI (human-computer interaction) to architecture, music, and custom hardware. And I ask the same question of them now that I asked in 2000: “Can our information society be represented iconically, if all its most characteristic activities are dynamic processes? How can the superhuman scale of our information structures be translated to the scale of human perception and cognition?” Patrick Clair’s video dramatizes how challenging the info-aesthetics problem is for contemporary designers. If we take out the familiar objects from the video, such as the microscope, the schematic nuclear plant, rifles, and text, what will be left? Is it actually possible to represent visually the software “thing” that operates on scales radically different than old familiar Kalashnikov rifle? This is the question I’m left with.



Can malware ever be used for positive ends, or is it inherently a weapon for wrongdoing?

  1. January 8, 2015, 4:41 pm

    Jason Persse

    "Positive ends"?

    The notion of any weapon being used for “positive” outcomes is so problematic that it makes the question seem ludicrous. The better the weapon design, the more assuredly it will outstrip even the most noble of intentions and lead to widespread harm. Stuxnet and the AK-47 are both especially apt examples: When applied to weaponry, “user-friendly and supremely durable,” the one-two punch that every designer hopes to land, becomes a genie you can never push back into the bottle. All weapons are inherently intended for wrongdoing; designing them well just means more people can do more wrong to more people with greater reliability.

  2. January 9, 2015, 5:33 pm


    What about weapons used for protection to stop violence/wrongdoing? Shouldn’t it depend on who the weapon, and in this case the virus, is used on? I think malware can be an effective tool in stopping the digital dissemination of child pornography. That’s certainly a positive end.

  3. May 19, 2015, 9:04 pm

    […] This debate will center upon two data visualization designs featured in Design and Violence: Patrick Clair’s Stuxnet, a lens on the virus that initially targeted Iran’s nuclear program, and Google’s […]

  4. August 17, 2015, 1:48 am

    Choisir Adidas Running Noir Courir blanc Rouge Hommes Stan Smithéduits-Adidas-Running-Noir-Courir-blanc-Rouge-Hommes-Stan-Smith-t-4255_344.html

    I think one of your advertisements triggered my internet browser to resize, you may well want to put that on your blacklist.

  5. September 15, 2015, 9:35 am

    […] the underlying agencies behind assemblages of any sort is evident also in the recent case of the Stuxnet virus. A diagram in the NY Times makes evident the multiplicity of agencies, both material and […]

  6. August 23, 2016, 7:27 am

    Rejeev Singh

    Storm Worm is much worse than any malware ever created. Its just terrible. But it wouldnt happen again and Im glad that most AV developers has it covered now. AV softwares are much stronger now (like ESET Antivirus)