Stuxnet Worm Used By Israel On Iranian Centrifuges

Great Debates
1

According to this NY Times article: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html the Stuxnet worm was developed by a joint US and Israeli classified program to assume command of the controllers made by Siemens that run the centrifuges that Iran has in its Nanantz plant to enrich uranium, causing the centrifuges to destroy themselves.

This article is very, very interesting on many fronts, but I suppose the debate for me (and its a little scary) is that these types of controllers are used throughout the world and I fear that we may have helped usher in an era of global computer sabotage on a new scale. This is something all industrialized nations are vulnerable to.

Thoughts?

2

Good.

(Ahem)

If conflict in the future is fought by cyber-battle rather than real flesh and blood destruction, then it’s a change for the better.

3

I agree with that sentiment, however I am concerned about the law of unintended consequences. If this cyber weapon can be used by other countries against the USA, that wouldn’t be so good. Maybe I’m overstating our vulnerability, I don’t know. An attack on our power grid or against some of our industrial resources could have a crippling effect.

4

I’m certain that there will be a period of vulnerability and, as in any arms race, this will change how the game is played. But as recent facts have shown, there were a hell of a lot of countries, including Arab ones, who wanted us to bomb Iran’s nuclear program to splinters. This was a far better option and, I’d wager, in the future it will allow for similar bloodless operations.

Hell, if we can keep creating new worms and fucking with Iran’s nuclear program, that’s all for the good.

5

I dont think that’s the main problem. The main problem is that technology eventually ending up in private hands; I’d fear that far more than any government scheme, whatever the country.

6

I think it is safe to suppose that when the US made this worm it occurred to them that someone could do the same thing back to us. As such I expect they’d think about how to protect us from the same thing.

That said there are different things out there with different vulnerabilities. The US may well be protecting the hell out of our centrifuges but protecting the power grid is a different kettle of fish.

Of course, I am pretty sure anyone directing such an attack at the US would be deemed an act of war as surely as if the other country sent bombers over. The other country will have to consider that before attacking.

In Iran’s case, according to them, they have no nuclear program so technically no one attacked anything.

7

Well, this kind of tech has been in private hands for awhile now. I deal with crackers/worms/script kiddies every day at work. As far as I know, they’re all caused by private individuals. It’s not that new for this kind of espionage to be employed by countries, either. Remember, China was accused of performing a hack against Google recently.

8

Would the centrifuges in question be the ones Iran is using to get uranium to around 3% purity, the level needed for power generation or are they only for taking the purity up to 90%, weapons grade?

Also, knowing nothing about worms, how adaptable would the virus be to have it attack anything other than centrifuges? Is it the specific code or the code’s structure that’s of sabotage value?

9

Apparently the worm was hyper-specific. This ensured that it would not cause damage to anyone else using these centrifuges even if the worm got on their system. IIRC one thing the worm did was count the number of centrifuges. If it saw 984 (or whatever it was that we knew Iran was using) then it activated.

It also is very specific to the controllers (Siemens) which run those centrifuges. Not only did it cause the centrifuges to go haywire it reported bogus data back to the operators so no one knew something was amiss till it was too late and the damage was done.

For those in the know they consider it a work of art in hacker terms.

10

That’s an interesting point, but it isn’t “no nuclear program”, its more like “no nuclear weapons program”…right?

11

Yah, they deny having a weapons program, but admit having a nuclear enrichment program.

12

Yeah but is an enrichment program for civilian use indistinguishable from one for weapon use? Do you need a cascade of 900+ centrifuges to get power generating quality refinement? I am guessing no since what is needed for power generation is substantially less pure than that needed for weapons (so no need to put the fuel through more centrifuges unnecessarily which is an expensive and difficult process).

IANANuclearScientist but I suspect there are distinctions and since the worm attacked a very, very specific configuration it is hard for Iran to claim their “peaceful” generating capacity was attacked.

Admittedly I am guessing a lot here. Just the sense of it from what I have read but lacking both expertise in this field as well as a lot of info being guessed at even by the experts (since this is all secret stuff to begin with) I cannot say for sure.

Anyone know more? I am curious.

13

Yes and no. Iran is already at the point where they could build a nuclear weapon, it’s just a bit more difficult.

14

I’ve said it before, but when I was working with interesting things, the #1 security threat IT-wise was the Chinese.

15

The Chinese guy on the second floor? Yeah, never trusted him neither.

16

That article was full of inaccuracies. I’m shocked the Times would print something that got essential details so wrong.

For example, Stuxnet did not ‘destroy’ the centrifuges. It was much more clever than that. What it did was subtly alter the speed at which the centrifuges operated, speeding them up and slowing them down at various short intervals - just enough to prevent the uranium from being enriched. It then substituted the frequency feedback from the Siemens SCADA system with false data, so that the Iranians didn’t know the centrifuge speeds were changing. All they knew was that their enrichment process wasn’t delivering results, but they had no idea why. That caused them to spend a lot of valuable time trying to figure out what was wrong.

The worm would then go dormant for periods as long as three weeks to make sure it remained undetected for as long as possible. So even if the Iranians decided to do real-time monitoring sweep of their control system data with external hardware and software, they’d see nothing unless they just happened to be monitoring during one of Stuxnet’s active periods.

The worm was so sophisticated it even injected fake code into the design-time SCADA authoring software so that when software engineers in Iran downloaded and looked at what they thought was the code, what they saw was the original, untouched code, and not the malicious code that was actually running.

The article mentioned the worm targeting only facilities that had exactly 984 centrifuges running. That’s not correct, and would be far too crude. Centrifuges can go online and offline. A facility could add new ones or take old ones out of service. In fact, Stuxnet looked for a very specific type of motor speed controller operating at a frequency profile that would only be used or uranium enrichment. It also required that there be at least 33 identical controllers of this type. The type of controllers it was looking for are only made in Iran and Finland, and aren’t widely distributed. The worm was so specific it even required that Iranian speed controllers outnumber the Finnish ones, to make sure that only an Iranian facility would be affected.

As for the uranium being used for domestic nuclear power, Stuxnet appears to have specifically targeted the enrichment facility at Natanz, which we believe to be enriching far past the requirement for nuclear power fuel. The enrichment facility at Bushehr which can only enrich to the 3% level for uranium fuel, was apparently untouched.

It’s also not certain that America and/or Israel was behind this, although I consider it a good possibility. China had more information about the exact construction of that facility. So unless they passed the information on to the Americans or Israelis, they have to be considered possible suspects. It actually wouldn’t surprise me if this was a joint operation of a number of nations, actually. It beats the hell out of war, and from China’s perspective it also beat the hell out of sanctions that would affect their very lucrative exports to Iran. There are also fingerprints that point to Russia, as the original security breach that got the worm into Natanz in the first place seems to have originated in Russia. The article doesn’t mention that.

The article makes much out of the U.S. government working with Siemens to identify vulnerabilities in their SCADA hardware. What it doesn’t say is that the U.S. government does the same thing with most other SCADA manufacturers. The article says that the Siemens ‘cooperated’ with the government in early 2008. The first Stuxnet sighting was in January of 2009. For a worm of this complexity, and with the amount of testing that would be required, that seems like a pretty short timeframe. But of course, the project could already have been underway for some time before that, and Siemens might only have been called in because some problem held the project up and they needed more info from Siemens.

17

That’s a slick piece of work - for the first time in my life, I am proud of people who write malware.

Next time, see if they can hijack their browsers to go to Russian donkey porn websites. Cripple their scientists with carpal tunnel syndrome.

Regards,
Shodan

18

I wouldn’t worry too much about the law of unintended consequences. Unless a treaty has been signed, refusal to use a weapon, tactic, or method of espionage is no guarantee that it will not be used against you.

19

Wow…interesting stuff, Sam. How do you know about these inaccuracies in the article for certain?

20

So they’re not actually out of commission? So what was gained here? It left them guessing for a while and slowed them down a bit.