Cyber investigators looking at the Stuxnet code determined that on June 24th the sophisticated cyber weapon would stop operating and remove itself from the systems it had infiltrated.
This function was identified long ago and cyber researchers have patiently waited to see what if any implications this will have on the tens of thousands of computers in more than 155 countries the sophisticated cyber weapon had infected. By all accounts this is a self-destruction, an unusual function not often seen embedded within malicious code. The inclusion of this function is a strong indicator that those behind this cyber attack did not believe that Iran would discover the malicious code.
This event has many pondering the rational that led to the inclusion of this function. Last week I was teaching a cyber intelligence program and was asked to comment on this. Three things immediately came to mind. First of all this could have been a design requirement in efforts to mitigate the collateral damage from unwanted infections that occurred in most (over 154) countries. The second potential reason for this could be an estimate of when the strategy of negotiations coupled with harsh sanctions would actually impact Iran to a point where they would agree to halt their nuclear enrichment program. The third possibility is this was the “drop-dead-date” which would signal the end of diplomatic and cyber sabotage efforts to bring their program to an end.
Once the drop-dead-date was reached with no resolution, a kinetic response would soon follow. My bet it is a combination of all three!