Stuxnet update

http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/?test=latestnews

 

mission: Infiltrate the highly advanced, securely guarded enemy headquarters where scientists in the clutches of an evil master are secretly building a weapon that can destroy the world. Then render that weapon harmless and escape undetected…job is handled by a suave and very sophisticated secret computer worm, a jumble of code called Stuxnet, which in the last year has not only crippled Iran’s nuclear program but has caused a major rethinking of computer security around the globe….have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they’ve all found, says Sean McGurk, the Homeland Security Department’s acting director of national cyber security and communications integration, is a “game changer.”… onstruction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,”… have called it the first “weaponized” computer virus…Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program…target was seemingly impenetrable; for security reasons, it lay several stories underground and was not connected to the World Wide Web. And that meant Stuxnet had to act as sort of a computer cruise missile: As it made its passage through a set of unconnected computers, it had to grow and adapt to security measures and other changes until it reached one that could bring it into the nuclear facility…When it ultimately found its target, it would have to secretly manipulate it until it was so compromised it ceased normal functions…after the job was done, the worm would have to destroy itself without leaving a trace…That is what we are learning happened at Iran’s nuclear facilities — both at Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to a lesser extent, at Bushehr, Iran’s nuclear power plant…At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component — the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges’ control panel…At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant’s massive steam turbine…nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran’s Natanz nuclear power plant — just how may never be known — to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant…Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)… Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner…After penetrating the Windows 7 operating system, the code then targeted the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters…worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system….Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system…worms reported back to two servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms and were shut down once the worm had infiltrated Natanz. Efforts to find those servers since then have yielded no results…“the lives of the scientists working in the facility have become a living hell because of counter-intelligence agents brought into the plant” to battle the breach. Ironically, even after its discovery, the worm has succeeded in slowing down Iran’s reputed effort to build an atomic weapon…

 

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: