Evidence suggests Stuxnet worm set Iran's nuclear program back

Stuxnet, the computer worm that spread among industrial machinery, is commonly believed to have been created by Israeli and American intelligence forces to take down the nuclear weapons machinery in Iran.

The New York Times delved into that topic today in a long story that examines the evidence and reveals new details about the computer worm, which is among the most sophisticated ever created. The story includes some interesting technology details that show just how clever it was and how much damage it may have done to Iran’s centrifuges, the critical equipment that is used to make fuel for the nuclear facilities in Natanz, Iran. Iranian officials acknowledged that the start-up of the country’s Bushehr Nuclear Power Plant has been delayed in part because of Stuxnet.

While it may have done damage to Iran’s nuclear program, Stuxnet is also like a genie out of the bottle. Now that it exists, other cybercriminals will seek to take advantage of its techniques in attacking other targets.

Stuxnet is a Windows-based computer worm first described by security researchers in Belarus in June 2010. It was unusual in that it targeted industrial systems that use Siemens’ software. Russian security firm Kaspersky Labs said that Stuxnet is a “prototype of a cyber weapon that will lead to the creation of a new arms race in the world.” Kaspersky believes that the worm could only have been created with “nation-state support.”

One of the purposes of Stuxnet was to send Iran’s nuclear centrifuges “spinning wildly out of control,” causing irreparable damage. Another clever feature was to record what normal operations at the plant sounded like and then to play the readings back to the plant operators, like a pre-recorded security tape in a bank robbery, so that it would appear “that everything was operating normally while the centrifuges were actually tearing themselves apart.” The ruse prevented a safety system from shutting down the machines.

The attacks were only partially successful, but it is possible the worm contains the seeds for more attacks. Stuxnet also faked digital security certificates, something that suggested a sophisticated creator. Digital signatures are certificates for web sites that verify that they are who they say they are and are malware free. Antivirus software tends to give a free pass to any software that shows it has a digital signature certificate

The worm was also evidently transmitted through shared universal serial bus (USB) memory modules, since the centrifuge machines are not connected to the internet.

The story suggests that the U.S. government had a hand in identifying the weaknesses of the Siemens software. In 2008, the German company worked with the U.S. Idaho National Library, part of the Energy Department, to identify the holes in Siemens systems. Those holes were exploited by Stuxnet. American and Israeli officials have declined comment on whether they collaborated in creating Stuxnet.

The Department of Homeland Security teamed up with the Idaho National Laboratory to study a widely used Siemens industrial controller, known as Process Control System 7, which can control lots of instruments, machines and sensors at the same time. The lab acknowledges it created a report on the cyber-vulnerabilities but did not detail specific flaws.

According to WikiLeaks disclosures, the State Department described urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, from getting to Iran. The United Arab Emirates blocked the transfer of the Siemens computers. Shortly after that, Stuxnet struck. Symantec found it did a lot of damage in Iran but also struck in countries such as India and Indonesia. Symantec’s Kevin Hogan, a security expert, said that 60 percent of computers infected by Stuxnet at one point were in Iran.

A German security researcher, Ralph Langner, discovered that the worm kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. One piece of the code sent commands to 984 linked machines, Langner found. And nuclear inspectors visiting Natanz in late 2009 found that the Iranians had taken out of service exactly 984 machines that were running the previous summer.

The New York Times said that Israel likely tested Stuxnet on rows of centrifuge machines running at the secret Dimona complex where Israel makes its fuel for nuclear weapons, in the midst of the Negev desert. In November, Iranian president Mahmoud Ahmadinejad said a cyberattack had “caused minor problems with some of our centrifuges.” Two Iranian scientists believed to be part of the nuclear program were hit with car bombs in Iran in late November, which killed one of them and seriously injured the other.

The whole point of the Stuxnet worm was to disrupt the Iranian program, setting it back a few years, without triggering a war between Israel and Iran. But McAfee said that “Stuxnet has infected thousands of computers of unintended victims from all over the globe.”

[stuxnet map: UMBC ebiquity]

Trackbacks

  1. [...] the virus approach ensures plausible deniability that an air force cannot. The damage inflicted by Stuxnet on Iran’s nuclear facilities (an attack that many ascribe to the Israelis and/or our own military, but for which no one has [...]

  2. [...] the virus approach ensures plausible deniability that an air force cannot. The damage inflicted by Stuxnet on Iran’s nuclear facilities (an attack that many ascribe to the Israelis and/or our own military, but for which no one has [...]

  3. [...] the virus approach ensures plausible deniability that an air force cannot. The damage inflicted by Stuxnet on Iran’s nuclear facilities (an attack that many ascribe to the Israelis and/or our own military, but for which no one has [...]

  4. [...] Stuxnet has been called the most sophisticated computer worm ever created. We know there are siblings to the malware which took down Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may be up to four other worms in the family tree. [...]

  5. [...] Stuxnet has been called the most sophisticated computer worm ever created. We know there are siblings to the malware which took down Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may be up to four other worms in the family tree. [...]

  6. […] targets, like Iran’s nuclear enrichment plant at Natanz. (You may remember that attack as Stuxnet, the name of the computer worm used to damage Iran’s nuclear […]

  7. […] targets, like Iran’s nuclear enrichment plant at Natanz. (You may remember that attack as Stuxnet, the name of the computer worm used to damage Iran’s nuclear […]

  8. […] compromised. This is a new trend that’s started several years ago, since the appearance of the Stuxnet worm, which hit industrial control systems. That was an example of how a computer program can break […]

  9. […] This is a new and scary trend that started several years ago, since the appearance of the Stuxnet worm, which hit industrial control systems. It was an example of how a computer program can break things […]

  10. […] This is a new and scary trend that started several years ago, since the appearance of the Stuxnet worm, which hit industrial control systems. It was an example of how a computer program can break things […]

  11. […] una nueva y tenebrosa tendencia que comenzó hace algunos años atrás, luego de la aparición del Gusano Stuxnet, que ataca a los sistemas de control de las industrias. Este virus es un ejemplo de cómo un […]

  12. […] werden. Das ist ein neuer und zugleich der erschreckendste Trend der letzten Jahre, der mit dem Stuxnet-Wurm begann, der industrielle Kontrollsysteme angriff. Der Wurm und seine Nachfolger sind ein Beispiel […]

  13. […] nouvelle tendance effrayante qui est apparue il y a plusieurs années, depuis l’apparence du vers Stuxnet, et qui frappe les systèmes de contrôle industriels. Il s’agissait d’un exemple de […]

  14. […] la nuova e la più pericolosa delle ipotesi; è iniziata diversi anni fa, con l’apparizione del worm Stuxnet che all’epoca aveva attaccato i sistemi di controllo industriali. È un esempio di come un […]

  15. […] una nueva y aterradora tendencia que se inició hace varios años, desde la aparición del gusano Stuxnet, que afectó a los sistemas de control de las industrias. Es un ejemplo de cómo un programa de […]

  16. […] このゲームに登場するハッキングの大半は、自動制御システムへの侵入に関わっています。これは、産業用制御システムをターゲットとしたStuxnetと呼ばれるワームが数年前に登場して以来の流れを反映したものです。Stuxnetの例は、コンピュータープログラムが現実世界で何ができるのかを見せつけました。実際に、物理的な機器を破壊したのです。ゲームの中で起きているのは、まさにそれです。この脅威は、ますます現実味を帯びてきました。 […]