The New York Times delved into that topic today in a long story that examines the evidence and reveals new details about the computer worm, which is among the most sophisticated ever created. The story includes some interesting technology details that show just how clever it was and how much damage it may have done to Iran’s centrifuges, the critical equipment that is used to make fuel for the nuclear facilities in Natanz, Iran. Iranian officials acknowledged that the start-up of the country’s Bushehr Nuclear Power Plant has been delayed in part because of Stuxnet.
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":237962,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']While it may have done damage to Iran’s nuclear program, Stuxnet is also like a genie out of the bottle. Now that it exists, other cybercriminals will seek to take advantage of its techniques in attacking other targets.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
One of the purposes of Stuxnet was to send Iran’s nuclear centrifuges “spinning wildly out of control,” causing irreparable damage. Another clever feature was to record what normal operations at the plant sounded like and then to play the readings back to the plant operators, like a pre-recorded security tape in a bank robbery, so that it would appear “that everything was operating normally while the centrifuges were actually tearing themselves apart.” The ruse prevented a safety system from shutting down the machines.
The attacks were only partially successful, but it is possible the worm contains the seeds for more attacks. Stuxnet also faked digital security certificates, something that suggested a sophisticated creator. Digital signatures are certificates for web sites that verify that they are who they say they are and are malware free. Antivirus software tends to give a free pass to any software that shows it has a digital signature certificate
The worm was also evidently transmitted through shared universal serial bus (USB) memory modules, since the centrifuge machines are not connected to the internet.
The story suggests that the U.S. government had a hand in identifying the weaknesses of the Siemens software. In 2008, the German company worked with the U.S. Idaho National Library, part of the Energy Department, to identify the holes in Siemens systems. Those holes were exploited by Stuxnet. American and Israeli officials have declined comment on whether they collaborated in creating Stuxnet.
The Department of Homeland Security teamed up with the Idaho National Laboratory to study a widely used Siemens industrial controller, known as Process Control System 7, which can control lots of instruments, machines and sensors at the same time. The lab acknowledges it created a report on the cyber-vulnerabilities but did not detail specific flaws.
[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":237962,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']
A German security researcher, Ralph Langner, discovered that the worm kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. One piece of the code sent commands to 984 linked machines, Langner found. And nuclear inspectors visiting Natanz in late 2009 found that the Iranians had taken out of service exactly 984 machines that were running the previous summer.
The New York Times said that Israel likely tested Stuxnet on rows of centrifuge machines running at the secret Dimona complex where Israel makes its fuel for nuclear weapons, in the midst of the Negev desert. In November, Iranian president Mahmoud Ahmadinejad said a cyberattack had “caused minor problems with some of our centrifuges.” Two Iranian scientists believed to be part of the nuclear program were hit with car bombs in Iran in late November, which killed one of them and seriously injured the other.
The whole point of the Stuxnet worm was to disrupt the Iranian program, setting it back a few years, without triggering a war between Israel and Iran. But McAfee said that “Stuxnet has infected thousands of computers of unintended victims from all over the globe.”
[stuxnet map: UMBC ebiquity]
[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":237962,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More