Stuxnet: the Trinity test of cyberwarfare

Russian technicians work at Bushehr nuclear power plant in Iran

On August 5, I reported on the strong evidence that Iran had become the target of a state-sponsored cyber attack.

At that point it was already understood that the Stuxnet computer worm was almost certainly targeting Iran since that was the location of 60% of the computer systems affected. Moreover, since the worm targets Siemens SCADA (supervisory control and data acquisition) management systems that control energy utilities, and since its design strongly suggested that it had been created for sabotage, it seemed likely that the specific target was Iran’s nuclear program.

A German team of industrial cyber security experts who have analyzed the way the worm operates now claim that it may have been designed to attack the newly operational Bushehr nuclear reactor.

Ralph Langner envisages that the highly sophisticated attack would have required a preparation team that included “intel, covert ops, exploit writers, process engineers, control system engineers, product specialists, military liaison.”

The Christian Science Monitor reports:

Since reverse engineering chunks of Stuxnet’s massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown.

“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” says Langner, who last week became the first to publicly detail Stuxnet’s destructive purpose and its authors’ malicious intent. “This is not about espionage, as some have said. This is a 100 percent sabotage attack.”

On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.

“His technical analysis is good,” says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. “We’re also tearing [Stuxnet] apart and are seeing some of the same things.”

Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner’s analysis.

“What we’re seeing with Stuxnet is the first view of something new that doesn’t need outside guidance by a human – but can still take control of your infrastructure,” says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy’s Idaho National Laboratory. “This is the first direct example of weaponized software, highly customized and designed to find a particular target.”

“I’d agree with the classification of this as a weapon,” Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.

Langner’s research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls “fingerprinting,” qualifies Stuxnet as a targeted weapon, he says.

Langner zeroes in on Stuxnet’s ability to “fingerprint” the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.

Langer speculates that Iran’s Bushehr nuclear power plant may have been the Stuxnet target. He also writes: “The forensics that we are getting will ultimately point clearly to the attacked process — and to the attackers. The attackers must know this. My conclusion is, they don’t care. They don’t fear going to jail.”

If Bushehr was indeed the target, it may have presented itself first and foremost as a target of opportunity. From the point of view of governments with an interest in sabotaging Iran’s nuclear program, Bushehr would not be the most attractive target, but access provided to Russian contractors may have made it the easiest target.

Last September, Reuters reported: “Israel has been developing ‘cyber-war’ capabilities that could disrupt Iranian industrial and military control systems.”

So let’s assume that using Stuxnet, Israel has indeed launched the world’s first precision, military-grade cyber missile. What are the implications?

1. Iran has been served notice that not only its nuclear facilities but its whole industrial infrastructure is vulnerable to attack. As Trevor Butterworth noted: “By demonstrating how Iran could so very easily experience a Chernobyl-like catastrophe, or the entire destruction of its conventional energy grid, the first round of the ‘war’ may have already been won.”

2. The perception that it has both developed capabilities and shown its willingness to engage in cyberwarfare, will serve Israel as a strategic asset even if it never admits to having launched Stuxnet.

3. When it comes to cyberwarfare, Israel ranks as a major global power. It’s own tiny infrastructure makes it much less vulnerable to attack than is the sprawling infrastructure of the United States. It’s highly developed military IT industry means that it not only has great domestic human resources but that Israeli IT specialists, through research and employment, have the best possible access to most of the leading development facilities and vendors around the world.

4. As a cyber arms race takes off, we should not imagine that it will be like other arms races where power resides more in capabilities than in the use of those capabilities. “Whereas nuclear weapons have been used twice in human history, cyber weapons are employed daily and there is therefore an existential need to create some form of regulatory system that allows more than implicit deterrence,” says Robert Fry.

5. If AQ Khan demonstrated the ease with which a nuclear proliferation network can operate, the fact that the raw material upon which cyberwarfare is based is arguably the most easily transferable object on the planet — computer code — means that in certain ways the era of cyberwarfare may prove to be more dangerous than the nuclear era.

6. In the strategic landscape of cyberwarfare the most dangerous player may turn out to be a small but highly developed fortress-state that feels threatened by much of the rest of the world; that neither trusts nor is trusted by any of its allies; that sees its own stability enhanced by regional instability; that has seen its own economic fortunes rise while the global economy suffers; and that views with contempt the notion of an international community.

Facebooktwittermail

15 thoughts on “Stuxnet: the Trinity test of cyberwarfare

  1. blowback

    To introduce such a worm requires access to the network on which the devices under attack reside. All the Iranians have to do is make the network for Bushehr’s control systems private and then make sure that there is no unauthorized access to that private network. This is not exactly rocket science. Like the so-called cyber attacks on Syrian radar systems just prior to the attack on the alleged Syrian reactor on the Euphrates, I suspect that this whole episode is a Israeli bullshit black op. A cyber attack on Syrian radar is likely not to be effective because the systems are too primitive – the reason the Syrians didn’t launch any air defence missiles that night is they didn’t want to waste them on defending a target that really was of no significance.

  2. Jesse

    On yahoo it was reported that the attack was probably initiated using a pin drive by a knowing/unknowing contractor.

    @Vince J. perhaps you are implying that a government like Iran’s, who kills and beats its citizens for opposing Khamenei’s puppet president, ought to be trusted?

  3. Christopher Hoare

    As with the proliferation of Internet viruses, it is likely that the use of one will generate a large number of ‘experts’ and systems to prevent their success. This promises to be a fine milch cow for computer programmers, and less likely a weapon than a deterrent. Power grids are vulnerable because it has been cheaper to use the net than build a dedicated control network, but that’s open to revision. Take your computer off-line and no hacker can reach it.

    On the other hand, there is a threat that lunatic states whose leaders believe themselves above human morals and civilized standards can threaten everyone. If the threat was great enough, there would be no defence against such a cyber attack stronger than the nuclear option. The two will be complimentary.

  4. Lysander

    I tend to agree with blowback. That this is likely mostly a media operation intended to show how bad ass the Israelis are (or think they are.)

    But lets just say there was a real cyber attack on Iran. The Iranians would now know what they are dealing with. They are no slouches when it comes to the internet and have plenty of their own computer talent to draw upon for a defense in the future.

  5. Vince J.

    Christopher Hoare

    “there is a threat that lunatic states whose leaders believe themselves above human morals and civilized standards can threaten everyone”
    I respectfuly ask: Do you mean the USA?

  6. estebanfolsom

    did someone forget the saying
    pride comes before a fall
    you fools
    you don’t have the acreage
    no matter what you have planned

  7. basti

    this act is quite disgusting.
    if an attack on a nuclear power plant causes a meltdown, who will be held responsable for this? willfully causing such a disaster in another country, to me, is as awful as using a nuclear bomb, and is certainly a declaration of war.
    at least with a nuke you know who it comes from, with cyberwarfare you have deniability

  8. charlie

    Basti says this is disgusting and puts a lot of people at risk. I might refer him to the statements of the present leader of Iran saying they are going to destroy Israel. In fact, he has called for the destruction of Israel several times.
    Words have meaning… especially when you call for the destruction of a nation . Given the Jewish peoples history I am not surprised if this is how they answer the Iranian leader.
    Someone is going to get their ass kicked before its over.

  9. rosemerry

    Nothing surprises me about Israel or the USA, who are willing to destroy the world for their own “security” (or perhaps “global freedom”).

  10. charlie

    Liberal pacificsts have the luxury o f saying everyone is bad that defends their nation and way of life. Its those military and political leaders that protect the innocent and the naive.
    Israel cannot be expected to sit on its hands waiting for the enemy to finially have enough power to attack and destroy the israeli people. This is the sworn goal of many of their neighbors and its only through Israeli military strength and intelligance operatives does it exist now.

  11. RedPhillip

    The Hasbara Keyboard Brigade is out in force.

    ‘charlie’ (24 Sept 2010, 2:08pm above) refers to “statements of the present leader of Iran saying they are going to destroy Israel,” and says further, “In fact, he has called for the destruction of Israel several times.”

    This is outright lying. The Iranians, among others, have called for the ending of the Zionist regime. Perhaps charlie believes that without Zionist apartheid there will be no Israel. This may well be true, but if so it is no loss to humanity. If Israel cannot exist except as a racist state dependent on ethnic cleansing and military occupation, mass imprisonment and torture, then it should disappear from the pages of history.

  12. ROY

    MR RedPhillip ZION AND ISRAEL ARE THE SAME WORD IN HEBREW…THE TRAGIDY IS THAT BOTH PALESTINES AND ISRAELIES HAVE THIS COUNTRY IN THERE BEING. AND ABOUT YOUR CRITICISM ABOUT ISRAELS GOVERMENT…SOME PEOPLE BLOW THEMSELVES UP IN BUSSES BECAUSE THEY DONT WANT A PEACE AGREEMENT OF ANY KIND OR NATURE, BELIEVE IT OR NOT..THEY WANT US DEAD 🙂 OFCOURSE NOT ALL THE ARABS ARE LIKE THAT , MOST OF THEM ARE GOOD HONEST PEOPLE, UNDERSTAND THAT THOSE ARE NOT NORMAL CONDITIONS …AND BY THE WAY, AHMEDINEJAD IS ALSO A HOLOCAUST DENIER AND FOR THE LEAST NOT A HUMANIST AS YOU ARE HAVE YOU EVER HEARD HIM TALKING ABOUT THE OPPORTUNITY FOR BOTH PARTIES TO LIVE PEACFULLY SIDE BY SIDE.. TRY TO CHOOSE YOUR FRIENDS MORE CAREFULLY NEXT TIME
    PEACE SALAM SHALOM

Comments are closed.