Photographs of computer screens within Iran's Natanz nuclear facility have revealed Stuxnet was a perfect match to the systems it crippled.
The revelations stemmed from a seemingly benign photograph of Iranian President 's Mahmoud Ahmadinejad's tour of the facility captured as a PR stunt and posted on website.
But the photo, still live on the site, captured a string of neon green lights on a SCADA controller that to the trained eye of Stuxnet expert Ralph Lagner revealed secretive information on the plant's schematics.
Specifically the lights revealed the cascade structure of the Natanz SCADA systems had matched perfectly with Stuxnet.
"And this is not only new information but also very surprising because Iran tried to keep such details secret," Lagner told SC Magazine Australia.
"Obviously the press folks didn’t realise what the screens were showing, and nobody in the nuclear community either."
When viewed closely, the photo reveals green dots distributed in columns of increasing length. Each column contains four dots that represent uranium centrifuges.
Multiplying these together produces a cascade structure sequence identical to that in Stuxnet.
Regarded as the most sophisticated malware ever found, Stuxnet had badly damaged Natanz' uranium enrichment program by causing up to 1000 centrifuge rotors to crash after the were forced to rapidly accelerate and decelerate. Damage lasted up to two years, Lagner said.
Langner will reveal more technical details about the significance of the Natanz' IR-1 uranium enrichment cascade find at an oral presentation at a US scientific SCADA event in January (pdf).
Clues dropped by Iranian politician Gholam-Reza Aghazadeh led to further research and a model design of the Natanz IR-1 cascades.
This was later used to link Stuxnet's 447 attack code to Natanz.