Evolving understanding of Stuxnet

Reporting on the latest findings on the design of the Stuxnet malware which targeted Iran’s nuclear program, the New York Times says that Ralph Langner — a German software engineer who has been one of the leading investigators — has identified two forms of attack directed at different targets.

In a statement Friday on his Web site, he described two different attack modules that are designed to run on different industrial controllers made by Siemens, the German industrial equipment maker. “It appears that warhead one and warhead two were deployed in combination as an all-out cyberstrike against the Iranian nuclear program,” he wrote.

In testimony before the Senate on Wednesday, federal and private industry officials said that the Iranian nuclear program was a probable target, but they stopped short of saying they had confirming evidence. Mr. Langner said, however, that he had found enough evidence within the programs to pinpoint the intended targets. He described his research process as being akin to being at a crime scene and examining a weapon but lacking a body.

The second code module — aimed at the [Bushehr] nuclear power plant — was written with remarkable sophistication, he said. The worm moves from personal computers to Siemens computers that control industrial processes. It then inserts fake data, fooling the computers into thinking that the system is running normally while the sabotage of the frequency converters is taking place. “It is obvious that several years of preparation went into the design of this attack,” he wrote.

In a separate report, the New York Times said:

The paternity of the worm is still in dispute, but in recent weeks officials from Israel have broken into wide smiles when asked whether Israel was behind the attack, or knew who was.

Langner says: “Stuxnet is like the arrival of an F-35 fighter jet on a World War I battlefield.”

Why would Israel target a civilian nuclear facility that is generally understood to pose no proliferation threat?

In line with its practice of paying selective attention to international opinion, Israel’s public position has been that Iran should not be “rewarded” for its defiance of the international community by being allowed to operate Bushehr. Moreover, there could also be a political motive for trying to prevent Bushehr from operating successfully, that being, to undermine the credibility of the nuclear program in the eyes of the otherwise widely supportive Iranian public.

Langner says that a cyber attack targeting a nuclear reactor is virtually impossible but that Bushehr’s steam turbine (located outside the containment facility) could be hit and that “Stuxnet can destroy the turbine as effectively as an air strike.”

Like everyone else, the Israelis understand that the most critical part of the infrastructure in Iran’s nuclear program is not made of steel or concrete — it is the expertise of Iran’s nuclear scientists and engineers. (For that reason, Israel’s covert war against Iran apparently includes a “decapitation” program aimed at eliminating the top figures in Iran’s nuclear operations.)

Since many of the skills required to run a civilian nuclear power program are presumably transferable to a military program, sabotage on any of Iran’s nuclear facilities will have the net effect of becoming a drain on the human resources available to advance the program as a whole.

The fact is, after decades of nuclear development, Iran still has precious little to show for its efforts. Keep in mind, the construction of Bushehr began 35 years ago and Iran’s nuclear program was launched in the 1950s!

Print Friendly, PDF & Email

One thought on “Evolving understanding of Stuxnet

  1. Andrew

    Great, so all we now need is for some script kiddie to modify it to target any Siemens controller or other plant.

Comments are closed.