Slashdot Mirror
Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment
ceswiedler writes "Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."
First Post! Stuxnet ain't messing with meeeee.
..is that you leave one hell of a forensic trail, and so lose the inevitable propaganda war that follows your activities....
Having said that, I still welcome our variable but rapidly spinning overlords...
There are only two nations with the resources, will, and motive to attack Iran's nuclear ambitions in this way: America and Israel.
It figures that hegemony would lead either state to such an antagonistic stance.
Yes, we all believe it, western and/or israeli intelligence are so advanced and subtle to make a virus that reduces the quality of the enrichment. Wow, what an achievement!!
Looks like these intelligence services are so desperate to have some 'success' stories and coverage of their awesomeness in the press that they are inventing stories about a malware.
Really, everyone in Iran is worried about sneaky malwares now.
Well that just leaves one question: Was it the Jews or the Yanks?
Why not? They know they'll never get the blame.
Lies, damn lies and speculation.
I disagree. It is obvious that America and Israel have the motive, so I think others are taking advantage of this situation.It could be the Russians trying to trigger another arms race in the area... They do have a good track record with malware right?
This story made my head spin. Slowly at first, but then faster, than slower again.
Their experimental uranium enrichment wasn't working as expected, so the scientists invented this virus in order to shift the blame.
What do these frequency converter drives actually do in relation to uranium enrichment?
Can't wait for the movie adaptation. I heard they got a book in the works too???
My page.
I am with you on the will and motive part, but the "resources" it takes to make a virus like this and unleash it into the wild in the middle east is probably $20K-$100K tops.
Even if you wanted to TEST it, you don't need nuclear weapons to do so, all you need is access to enrichment equipment, which most countries that have nuclear plants have. Basically any country in the Western would could have done this, so could India, Japan, Pakistan, AU, Brazil, the list goes on and on.
But like you said, only Israel and the US would actually want to do this.
They're ideologically opposed to enrichment.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
... the emergence of this type of worm or the fact that a consumer OS as security poor as Windows is being used in nuclear plants. And no, I don't think Linux or OS/X would be much of an improvement. OpenBSD maybe. But surely for operations such as this where a fault really could lead to numerous people dying in unpleasent ways a tested, secure real time OS from somewhere like Green Hills would be used? OK , in Iran I realise this wouldn't be possible but Windows isn't just used over there in important industrial applications.
You wouldn't want Windows (or Linux or OS/X) flying your Airbus so why the hell do people think its ok to run indistrial sites with it??
....is how Shai Hulud was born.
Stuxnet might've worked if it wasn't for those stupid, selfish loudmouth losers at WikiLeaks.
In case these preening, self-aggrandizing tossers didn't notice -- we're in an ongoing conflict with some very nasty people. These arsehats just couldn't help themselves..
hey, it's better than an invasion right? I'm sure Symantec are happy with themselves discovering this, but I hope the realize that if Iran hadn't already figured it out, Symantec just informed them, and brought them a little closer to getting the shit bombed out of them by either the US or Israel.
There's a lot more detail in the symantec virus "dossier". A very interesting and detailed read.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
Can you tell the difference there days?
The sad thing is just about every country has the resources to do this. Siemens is based in Belgium too, so why couldn't it be Belgium ? I wonder what kinds of problems even a country like Luxenbourg would encounter in doing this. All it takes is budget, hiring a few capable Siemens engineers and throwing a few millions at it. Hell, a lot of publicly traded companies could do this by themselves.
So at the very least, every single country could do it. It would probably be the easiest to do for Iran itself, having obviously maximum access to the systems to be sabotaged, and then they'd blame the enemy "du jour", mostly America, protestors, or Israel, or women, gays (I forgot: gays don't exist in Iran, except of course on pictures of their execution), or ...
At the very least, add it to your list of likely candidates : America, Israel, Iran, and all other nations permanently on the security council : China, Russia, France, UK. These countries all have policy that military intervention (even if very low-level at the moment) is justified to prevent Iran from acquiring nuclear weapons. And Iran itself, is genocidally insane and obsessed with their, equally genocidal, religion. Additionally Iran's government is very, very afraid of losing power. So afraid, that they marched several hundred thousand children into minefields to prevent it (google "plastic key to heaven"), just 20 years ago.
Frankly, more people should sabotage countries like Iran, or all muslim countries in general, for the simple reason that their handling of minorities can only be described as "genocidal". If we are to have any pretense of actually opposing racism, attacking countries with racist laws, and even attacking religions with racist laws, should be standard policy. Of course, for American politicians "racism" is just a meaningless 6-letter word that you shout at whatever political opponents you have to get special treatment for "special" racial groups.
Say, special treatment depending on race, wasn't that the definition of racism just 10 years back ? It still is, of course, the definition of racism, but now democrats and republicans claim words have no meaning and we should help the "poor victims". Apparently, we should help "them" through becoming more racist.
had to mess up my new microwave nucleonic oven for baking granma cookies
On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)
It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"
If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?
// MD_Update(&m,buf,j);
U.S. citizens:
There are people who control the U.S. government who want to start a war with Iran. They want these things: 1) The easy money that comes from mostly secret war contracts. 2) They want to build an oil pipeline through Iran. That would be the easiest way to market oil from the inland -stan countries. 3) Jews in the U.S. want U.S. taxpayers to pay to make Israel secure.
Do you want to pay for all war, all the time? Do you want to become a killer of other humans again?
There's no question in my mind that the US is behind this (probably working in conjunction with the Western allies including Israle)
It's mind boggling in complexity- reminds me of the day the earth stood still. Would they have had to literally hack the voltage signals of devices for this or could they have got straight in through net/LAN's etc. I think the former..
It cost no lives, it significantly slowed down a fanatical dictators quest for the nuclear bomb and didnt require military action,
the sacrifice of american troops or billions of dollars spent.
Hey at least they still could get to Facebook and MySpace there.
Bryan
I say, expose, name, and applaud in this case. There have been no reports of anything but silent infections. The detailed writeups on this show so many checks and double checks that the system had to be exactly configured in one particular way, so that its at least six sigma out that it would interfere with other systems. Someone sabotaged a nuclear weapons plant in a non-violent way with no risk of doing anything but keeping what would have been weapons, fuel. In any other situation this would be widely praised. You are right about the exposing being important though, its good practice for next time when whoever it is does something really nasty, and they will.
refactor the law, its bloated, confusing and unmaintainable.
Well, this, and the attack on Estonia.
Best Slashdot Co
Yes, and it also speaks to the plans for a 'smart' grid in the United States. This sort of vulnerability isn't present in a system made up of hand-thrown switches and 1960's-era controllers. When EVERYTHING is controlled bu computers, the people who control the computers will control the world.
When EVERYTHING is controlled bu computers, the people who control the computers will control the world.
When everything is controlled by chestnuts the people who control the chestnuts will control the world.
But what if the chestnuts start controlling the people who are controlling the chestnuts? What then?
Troubled times.. troubled times..
// MD_Update(&m,buf,j);
Engineer: I need some centrifuges and computers to control them.
Manager: Ok. Here, here you go. The computers have Windows preloaded for your convenience.
CIA: Yay!!
Engineer: No thanks, I don't need to run DirectX11 games or read lolcat emails sent as MS Word attachments. These computers are for getting things done.
Manager: I said, convenience.
Engineer: No, it's ok, really, I can find some OS to--
Manager: Convenience. Or else. [Pulls out gun]
Engineer: *facepalm*
Microsoft: Good job, manager, here's your kickback.
CIA: I knew selling them guns would work out, in the end.
"Believe me!" -- Donald Trump
the least technically interesting thing about this worm is the question of the author
Considering that Stuxnet is a blatant act of war, I don't think the question of the author has to be "technically interesting" to rise to the top of the stack.
Sorry, Shrub wasn't affected. Or did you mean some OTHER fanatical dictator?
Obviously the same country who is dragging the whole towards a war with Iran is also responsible for the worm
Russia and China want to be allies with Iran. You are deluding yourself if you think there is any nation in the world that fears or wants war with Iran besides Israel/US.
In fact most nations in that region if not the world are moving away from the US which is obviously in some sort of suicidal death sprial. Just look at Turkey where they are turning down US military cooperation and seeking out deals with the Chinese. Nato is balwking on the endless wars the US has plans for the Middle East, no one contributes to it besides the US...just try and convince Europe that attacking Iran is a NATO, it won't happen.
Israel is behind this worm, and if they get what they want, they will get their war, and then frankly even if they win the battle, the war will be clear, the US/Israel vs the rest of the 'peaceful' world and in the long run we won't win that.
better get those Canadian Passports ready now.
You've been watching too much Battlestar Galactica.
What do you expect when you connect all your frequency converter drives to the internet?
I think it's a little short sighted when people give a choice between the yanks and the Israelis- is there any reason to think it couldn't equally have been a European intelligence agency? the British and the French (particularly the French over the last year or two) have been similarly critical of Iran. Is the use of Korean certificates coincidence? could South Korean intelligence have been involved given their own battle against a nuclear neighbour that has no doubt shared information and possibly resources with Iran to support each other's nuclear ambitions?
I think it's silly to speculate at all as to who was involved- we can't even discount Russia, who similarly have no interest in seeing Iran acquire nuclear weapons and possibly have them leak to extremists- many Westerners miss the fact that Russia has been battling an Islamic insurgency in it's own back yard for at least a couple of decades now, an insurgency which, as demonstrated by the Beslan hostage taking of hundreds of school children and wiring the room in which they were in with explosives, is equally as brutal as anything the West has seen. There's also the point that Iran's civilian nuclear programme depends on Russian expertise, so any failure on the civilian side by Iran's nuclear programme would surely mean more trade for Russian expertise on the civilian side of things.
There's just too many people in the world with a vested interest in seeing Iran's enrichment programme crippled, least of all the Israelis, who, as they demonstrated in the past with Syria and Iraq, would gladly just bomb the shit out of a nuclear complex if they perceive it to be a threat rather than waste time with likely ineffective sabotage. Some may say "but Iran is more of a threat so they wouldn't dare" but that completely discounts how strong Iraq's military was in the early 70s- it was certainly a bigger threat to Israel then, than Iran is now.
As well as the questions you pose, I'd argue there are other pressing political questions too - through which route did Iran acquire Western equipment for Uranium enrichment when there is supposed to be an embargo on such things? Is someone or some firm covertly supplying in contravention of the embargo?
By my calculations, Marty, we'll have to get the DeLorean up to 136 miles per hour with this poorly enriched uranium.
As well as the questions you pose, I'd argue there are other pressing political questions too - through which route did Iran acquire Western equipment for Uranium enrichment when there is supposed to be an embargo on such things? Is someone or some firm covertly supplying in contravention of the embargo?
There's a fascinating BBC documentary on this and other nuclear tech leaks called "Nuclear Secrets". It was mainly a guy called Khan, who previously worked for a European centrifuge firm, stole their designs and sold them to North Korea, Iran, and tried to sell to Libya (as well as developing Pakistan's program).
Unfortunately these days the tech isn't really a secret, the and embargoes can only go so far (especially when there are legitimate uses for some of these technologies).
Of the targeted frequency converters more of them were manufactured by an Iranian company than by a Finnish company.
No doubt there was a lot of theft and whatnot involved, and I wouldn't be surprised if they take a while to get it everything running at full capacity (especially with drawbacks like these), but I think it's telling that sanctions are no longer specifically targeting enrichment equipment but bank accounts, Iranian airplane fueling agreements, students studying abroad, etc, since trying to keep them from getting enrichment equipment is a losing battle.
// MD_Update(&m,buf,j);
"But I am DONE paying for it. I am done paying for the world's police force. The world doesn't need that many cops, and someone else can take a turn anyway." - by spun (1352) on Tuesday November 16, @11:19AM (#34243092)
Problem is, spun, that's just the "cover story": They're not interested in the least about promoting justice, & they're not really cops - they're the "enforcers" for the "powers that be" in reality. It was NEVER about "playing the police force of the world"... However, it IS really about power, & control.
(The world is ridiculous, it truly is. People can't live peacefully with one another because there is always some power hungry sick douchebag who knows how to "stir up the masses" so he & his can gain by their tax monies. Sound a wee bit like "KORPORATE AMERIKA"? Raytheon, Haliburton, Boeing, Lockheed Martin, Honeywell, Kellogg Brown & Root (KBR) & others make a killing (literally via weaponry, and figureatively via monies earned via war profiteering)).
It took me a long time to figure this one out, but in the past 10 yrs. or so, it's what I have concluded via observation from many sources. Follow who's getting rich & fat off these war machines from the "Eisenhower Military Industrial Complex", and you have the real villains. It keeps "THEM & THEIRS", fat & happy, so it takes no real brains to figure out who keeps the game going is all. Follow the money.