Stuxnet
A worm built to slip across air gaps, count centrifuges, and rewrite the rules of warfare without firing a shot.
For most of 2010, Iranian engineers at the Natanz enrichment plant kept replacing centrifuges that should not have been failing. The machines, suspended in cascade halls and spinning at tens of thousands of revolutions per minute, were shaking themselves apart faster than the program could replenish them.
A worm that knew where it was
The cause turned out to be a piece of software unlike anything the antivirus industry had ever seen. It carried four separate zero-day exploits — already an unprecedented expense — and it propagated by USB stick, jumping the air gap that was supposed to isolate the plant from the wider internet.
Once inside an industrial controller, Stuxnet looked around. It only attacked very specific Siemens PLCs wired to a very specific configuration of variable-frequency drives. If the system did not match the fingerprint of Natanz, the worm sat quiet.
Politics by other means
Investigators eventually attributed the operation to a joint American–Israeli program known internally as Olympic Games. Reporters traced the chain back to two successive administrations and to a strategic calculation: a covert sabotage campaign was preferable to either an Israeli airstrike or a nuclear-armed Iran.
What the chronicle remembers
Stuxnet was the moment cyber operations stopped being theoretical and started being kinetic. Every government with a budget started studying its code. The era of the nation-state cyberweapon began the day someone first plugged in the wrong USB stick.