The malicious software which came to be known as Stuxnet was not only the most sophisticated piece of malware ever invented, but it also had a specific target: computers produced by Germany’s Siemens company that are used by Iran’s nuclear facilities.
1 comment:
Stuxnet: How it seeks and destroys
Jonathan Eyal
12 February 2011
The malicious software which came to be known as Stuxnet was not only the most sophisticated piece of malware ever invented, but it also had a specific target: computers produced by Germany’s Siemens company that are used by Iran’s nuclear facilities.
The computer worm - which is believed to have wrecked up to a fifth of the centrifuges at Iran’s Natanz facility - was first identified last July, but probably lurked on computer systems for at least a year previously.
As a cyberweapon, it has shown considerable dexterity in overcoming security barriers.
As industrial computerised control systems are designed, for security purposes, not to have access to the internet, it is likely that Stuxnet entered Iranian computers through infected memory sticks. There is also evidence that it was remotely updated with newer, more deadly versions.
While ordinary hackers are content to discover just one unknown vulnerability in order to penetrate a computer system, those who designed Stuxnet exploited no fewer than four different vulnerabilities in the software operated by the Iranians, an indication that nothing was left to chance.
But the real genius of Stuxnet became evident in its operation. Uranium is enriched to weapon-grade levels by centrifuges, machines which cause more dense substances to separate by spinning at high speeds. The centrifuges used in nuclear processes are fragile and need to spin at constant high speeds.
Once Stuxnet identified such high speed drives, it increased the centrifuges’ spinning frequency for a short while, reverted to normal speeds for a period, and then dropped the centrifuges’ movement to a crawl, before raising it again.
Since this process took only about 50 minutes and was only repeated once every 27 days, most Iranian nuclear operators had no idea what was happening, until they noticed that some of the centrifuges went dead. And, perhaps in order to prevent a nuclear accident, the destruction of the centrifuges was gradual, rather than sudden.
If assertions from the outgoing head of Israel’s intelligence service are to be believed, the operation delayed Iran’s nuclear weapons quest by at least two years.
Nor is this the end of the saga. The Iranians will need at least another year to clean up their computers, and can never be sure that Stuxnet - which can hide in backup systems - may not be programmed to activate itself again.
The only safe course is to install a new computer system, but Iran lacks the technology and can no longer import it.
In an expose published last month, the New York Times claimed that Stuxnet was a joint US-Israeli venture. While the evidence remains circumstantial, it is clear that no civilian organisation could have had the technology to develop such a malware. The operation entailed a thorough study of German computers as well as equipment produced by other European countries.
The perpetrators would also have had to know a great deal about Iranian nuclear facilities. Finally, Stuxnet would have had to be tested on centrifuges outside Iran. The Dimona nuclear reactor in Israel has precisely such capabilities.
Post a Comment