Slashdot Mirror
Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment
ceswiedler writes "Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."
AC motors require these drives to get their speed. 60Hz would be about 1800 or 3600 rpm, depending how its wound. Most industrial drives can be programmed for 400Hz, which will spin the armature quite fast. Enrichment is like spinning glassware on a dentist's drill. Those frequencies at that high of voltage (480 volts typical) has a very high switching rate that requires exotic transistor designs. Given that these controllers aren't very common, say for a juice mixer, they can be tracked and sabotaged by the distributor quite easily.
Stuxnet targets specific frequency converter drives — power supplies that are used to control the speed of a device, such as a motor.
[...] the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium. If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges . . . and the final grade of uranium you would get out would be a lower quality.
I doubt that you would really need that many resources to do something like this.
Aside from the problem that maxwell demon points out with the huge amount of secret internal information required, the attackers also obtained and used several zero-day vulnerabilities and driver signing certificates from two different hardware manufacturers. That's hardly trivial.
I concur,
Also note that whoever wrote the virus had very specific knowledge of the target.
It would only act if more than 33 devices of one of two manufacturers were linked to one controller.
It would act one way if the majority of the devices were from one manufacturer and do something else if there were from the other kind.
I would guess that someone that worked there or someone that supplied parts to the project had a major hand in this.
My guess would be that this is at least to some extent an inside job.
As of Postgres v6.2, time travel is no longer supported.
There's a lot more detail in the symantec virus "dossier". A very interesting and detailed read.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)
It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"
If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?
// MD_Update(&m,buf,j);