Wednesday, December 1, 2010

Computer Worm Shuts Down Iranian Centrifuge Plant

By Ken Timmerman

The secretary general of the International Atomic Energy Agency stunned Iran watchers on Nov. 23, 2010, when he announced officially that Iran had been forced to shut down its main uranium enrichment plant at Natanz for seven days earlier this month.

The revelation was buried in a footnote of the latest report from the IAEA on Iran’s nuclear program, and was immediately interpreted by computer security analysts and others as an indication that Iran’s uranium enrichment program was the main intended target of the Stuxnet computer worm attack.

The report by IAEA Director General Yukiya Amano revealed that Iran slowed down enrichment operations in the beginning of November then brought them to a total halt by Nov. 16 and kept the entire facility offline for six days.

The effect of the Stuxnet attack was like as “digital warhead,” the CEO of the National Board of Information Security Examiners of the United States, Inc., Michael J. Assante, told a Senate Governmental Affairs hearing last week.

Experts from the virus protection firm Symantec believe that Stuxnet was specifically designed to attack systems at Iran’s Natanz uranium enrichment plant that control the speed at which the enrichment centrifuges spin.

“We speculate that the ultimate goal of Stuxnet is to sabotage that facility by reprogramming programmable logic controllers to operate as the attackers intend them to, most likely out of their specified boundaries, and to hide those changes from the operator of the equipment,” Dean Turner, director of Symantec’s Global Intelligence Network, told a Senate Governmental Affairs committee hearing last week.

The worm causes the centrifuges to speed up beyond their normal tolerance, and then jams on the brakes to bring them to a screeching halt, before returning them to their normal operating speed.

If the centrifuges spin too fast, they can explode. If they survive the first speed-up, then the abrupt braking and subsequent re-acceleration can throw them off balance, also causing them to crash.

If such a crash occurs when the centrifuges are loaded with hot uranium hexafluoride gas, the accident could have catastrophic results.

“Stuxnet sabotages the system,” a white paper by chief Symantec analyst Eric Chien found.

Symantec also found that Stuxnet was designed to attack only frequency converter drives manufactured by two companies: Fararo Paya in Tehran, and Vacon based in Finland. Because these devices are used in uranium enrichment plants, the Nuclear Suppliers Group forbids their export to Iran.

So whoever designed Stuxnet intended it to attack Iran’s nuclear enrichment program, Symantec concluded.

German computer security analyst Ralph Langner believes Stuxnet actually contains two separate digital warheads, each aimed at different targets and possibly even developed by different teams.

Taken together, the two digital bombs “were deployed in combination as an all-out cyberstrike against the Iranian nuclear program,” he said. The first warhead attacked the centrifuge controllers, and “would very likely be able to attack and destroy centrifuge facilities that are unknown to IAEA inspectors and the world.”

The ability to cripple secret nuclear facilities in Iran “was a major strategic aspect in developing warhead one,” he believes.

The second digital warhead was targeted at non-nuclear control systems at the Bushehr nuclear power plant, which was hit by Stuxnet over the summer.

Langner believes Stuxnet was designed to attack the gigantic steam turbine used to generate electric power at Bushehr. “Manipulating this controller by malware as we see it in Stuxnet can destroy the turbine as effectively as an air strike,” Langner says.


Editor's note: Disregard the author's claim that this worm is a danger to U.S. systems. STUXNET is like a precision guided bomb - targeting certain frequency converter drives on centrifuges built by Finland and Iranian manufacturers and ONLY if there are a certain number (33) of them connected to a nuclear manufacturing network. Very precise.

No comments:


Blog Widget by LinkWithin