28 November 2010

"Stuxnet Can't Hurt Us," Says Iranian Government

According to a report by the International Atomic Energy Agency, Iran has been forced to suspend activity on enriching uranium because of “technical problems” that are bedeviling thousands of centrifuges at its Natanz nuclear reactor. _TNA

Fueling of the reactor was delayed in recent months by what Iran called a small leak in a storage pool and not by the Stuxnet computer worm, allegedly designed to sabatoge Iran's nuclear power program, as is widely believed. _jta
Iran has adamantly stated that its nuclear program has not been hit by the bug. But in doing so it has backhandedly confirmed that its nuclear facilities were compromised. _FoxNews

Map: Ebequity
The sophisticated Stuxnet computer worm has the uncanny ability to "worm" its way into sensitive computer systems, then interferes with commands to motor controllers for centrifuges involved in uranium enrichment. Iran denies that its nuclear enrichment operations were negatively impacted by Stuxnet, but:
Experts dissecting the computer worm suspected of being aimed at Iran’s nuclear program have determined that it was precisely calibrated in a way that could send nuclear centrifuges wildly out of control.

Their conclusion, while not definitive, begins to clear some of the fog around the Stuxnet worm, a malicious program detected earlier this year on computers, primarily in Iran but also India, Indonesia and other countries. _NYT

Experts have examined the worm's code and come to some interesting conclusions about how the intruder works:
Here's how it worked, according to experts who have examined the worm:

--The nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran's Natanz nuclear power plant -- just how may never be known -- to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant.

--Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)

--Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.

--After penetrating the Windows 7 operating system, the code then targeted the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.

--The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.

--Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.

Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated.

During this time the worms reported back to two servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms and were shut down once the worm had infiltrated Natanz. Efforts to find those servers since then have yielded no results.

This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. _FoxNews
It is apparent to Al Fin security analysts, that Stuxnet is the work of agencies within the Israeli government. It is extremely likely that the Iranians are lying through their teeth in regard to the damage that the worm did to their nuclear enrichment programs.

Imagine that instead of computer worms, the Stuxnet ensemble had been a set of nanotechnological infiltrators, capable of imitating desert dust, bunker concrete, or pipeline insulation. Propelled by blowing winds, flowing water, on the soles of shoes, or inside the lungs of workers -- essentially unstoppable by most modern security systems. Such a suite of nanotech infiltrators could not only install computer worms into virtually any system, they could insert targeted explosive devices to disrupt communications, convey poisonous substances into ventilation or water systems, or travel in a target's circulatory system to cerebral arterioles, where they do whatever damage they are programmed to do.

We see that deep underground bunkers are essentially naked to the newer and more clever tools of saboutage. How much more exposed are government and industrial centers on the surface.

The world is entering a new age of advanced espionage and covert destruction. Stuxnet can be seen as an early warning of the type of destructive tools which are coming soon, out of the djinn's bottle. Once released from their container, they cannot be returned safely.

Update 29 Nov 2010: Someone was unwilling to wait for advances in nanotechnological espionage and saboutage. Bombers-on-motorcycles used magnetic-attachable bombs on automobiles to attack two Iranian nuclear scientists (killing one and injuring the other) in Tehran. One of the scientists, at least may have been involved in trying to counter the effects of the Stuxnet worm on Iran's nuclear facilities (see comments).

Labels: , ,

Bookmark and Share


Blogger 1.0 said...

Small typo in the update: i take it was supposed to read attack, not attach, though it makes for a slightly amusing mental image.

Additionally it seems that Iran have admitted that the worm did some damage http://news.google.com/news/search?aq=f&pz=1&cf=all&ned=us&hl=en&q=stuxnet

Tuesday, 30 November, 2010  
Blogger al fin said...

Thanks. Attach --> attack.

Yes, I suppose Ahmedinejad is somewhat sensitive to being a laughing stock, and felt forced to make a small concession to what everyone already knew.

It's a good thing for Israel that the mean IQ within its secret agencies is a lot higher than that of its enemies' counterpart agencies.

Tuesday, 30 November, 2010  

Post a Comment

“During times of universal deceit, telling the truth becomes a revolutionary act” _George Orwell

<< Home

Newer Posts Older Posts