The infamous Stuxnet worm continues to capture the imagination of the general public, with theories that it was written to target nuclear plants inside Iran.
One of the so-called clues that is frequently rolled out in articles about Stuxnet is the mysterious string of characters that the worm leaves inside the Registry on infected Windows computers:
Most commentators have decided to read this as a date – namely, 9th of May, 1979.
Clearly the date isn’t being used by the worm as a trigger for a payload, as it’s over thirty years ago in the past. Instead, it’s used by the Stuxnet malware to tell whether it has already infected a computer.
It feels like everyone is focusing on the fact that a Jewish Iranian businessman, Habib Elghanian, was executed by a firing squad in Tehran on May 9 1979, and like to link it with the marker inside the Stuxnet worm.
But should we be a little more cautious and look for something more than circumstantial evidence before treating the characters 19790509 like that?
After all, 9th May 1979 is also the birthday of actress Rosario Dawson.
Come on, you must know her – she was in Kids, Men in Black II and the recent Percy Jackson & The Lightning Thief movie.
With a pedigree like that surely she’s a prime candidate for some geek lust, and an obsessed fan might be tempted to embed her date of birth into a piece of malware?
Or maybe Stuxnet’s author is a huge fan of “The Grateful Dead”? Perhaps his favourite record is a bootleg of their 9th May 1979 concert at Broome County Arena, Binghamton, NY, where they sang “China Cat Sunflower”, “Friend of the Devil” and “Wharf Rat” amongst others?
Or could it be that the mysterious creator of Stuxnet is not commemorating the death of Habib Elghanian, but instead the passing of multi-millionaire Cyrus S Eaton, composer Lan Adomian, jazz vocalist Eddie Jefferson, and Australian politician Sir Charles Adermann? All of whom also died on 9th May 1979.
All this is assuming, of course, that 19790509 is a date in the form “yyyymmdd”.
It could equally have been the coder’s preferred Bingo numbers (19, 79, 05, 09).
Or, it could be that whoever wrote Stuxnet liked to use the date format “yyyyddmm” which would mean that we’re all focusing on the wrong date entirely.
(By the way, although rare, there are programs which appear to use the ‘yyyyddmm’ date format – just Google it)
If the coder had adopted the ‘yyyyddmm’ date format then that would mean we should be considering 5th September 1979 instead.
Which just happens to be the birthday of footballers John Carew (Norwegian), George O’Callaghan (Irish) and Salvatore Mastronunzio (Italian). Additionally, according to Wikipedia, it’s the date of birth of Stacey Dales (a Canadian basketball player and sportscaster) and English scrabble player Stewart Holden.
I imagine there are thousands of different interpretations we could give to the number 19790509, and maybe we should be a little more cautious of jumping to conclusions. After all, it could just as easily be the creator’s own date of birth, or his parent’s wedding day, or an entirely randomly chosen number.
Unless we find whoever is responsible for Stuxnet, my guess is that no-one will ever know for sure.
Got a theory about 19790509? Why not tell us by leaving a comment below.Follow @gcluley