By James Ball
Deep in Iran’s nuclear facilities, gas centrifuges used to enrich uranium began spinning erratically: fast, then slow, then fast, until they failed. First dozens, then hundreds, then an estimated 1,000 centrifuges were disabled that way, delaying Iran’s nuclear program by up to 18 months.
The cause of the failures — first disclosed in 2010 — is now well known to have been Stuxnet, the computer worm developed by U.S. and Israeli intelligence agencies. The sophisticated tool relied on computer code to take advantage of then-undiscovered security flaws, open the way into the Iranians’ software and deliver a payload.
But the use of such tools, known as “zero-day exploits,” is not reserved exclusively for the intelligence community. Instead, through a little-known and barely regulated trade, researchers around the world are increasingly selling the exploits, sometimes for hundreds of thousands of dollars apiece.
It is a trade, analysts say, that is becoming more controversial, one that even some of those in the business think should be regulated.
Source: The Washington Post