Slashdot Mirror
Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment
ceswiedler writes "Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."
..is that you leave one hell of a forensic trail, and so lose the inevitable propaganda war that follows your activities....
Having said that, I still welcome our variable but rapidly spinning overlords...
There are only two nations with the resources, will, and motive to attack Iran's nuclear ambitions in this way: America and Israel.
It figures that hegemony would lead either state to such an antagonistic stance.
While I agree that they are teh most likely candidates, I think Russia and China would be quite capable of doing this too if they turned their mind to it. Probably the UK, France, Gremany and maybe India. All have both nuclear and computer technology
I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.
A simple case of cui bono?.
Rudolf Hess edited Mein Kampf. He was the very first grammar nazi.
This story made my head spin. Slowly at first, but then faster, than slower again.
Is there any proof that the virus indeed runs on the facility? Is there any proof that the nuclear incident really did take place? Is there any proof that the number of operational centrifuges really went down (as opposed to e.g. bringing the "defect" centrifuges to a secret place, so even if the original place was physically attacked, they could continue with enrichment)?
Maybe it was the Iranian intelligence which created StuxNet (and in that case probably also a special protection system making sure it never hits its "target") in order to make everyone in the world think they are far behind in their nuclear program (and to have a plausible explanation for the reduction of operational centrifuges, so no one gets the idea to look for them elsewhere)?
The Tao of math: The numbers you can count are not the real numbers.
i would rule out russia - because russians were involved in building Busher's nuclear power plant, and they'd have no interest sabotaging something they are responsible to complete by the contract terms...
But according to TFA, the target wasn't Bushehr's nuclear power plant, but the Natanz nuclear facilities. Unless Russia was involved there, too, that makes your argument moot.
The Tao of math: The numbers you can count are not the real numbers.
What do these frequency converter drives actually do in relation to uranium enrichment?
Budget cuts in Britain would put a stop to that sort of thing. We can't even get a James Bond film off the ground with American money!
Can't wait for the movie adaptation. I heard they got a book in the works too???
My page.
But the specificity means you need a lot of information about your target. You must know what the targeted facility looks like, and what can be used to distinguish it from other facilities. So the question is: Who did have that information at the time Stuxnet was written?
The Tao of math: The numbers you can count are not the real numbers.
They're ideologically opposed to enrichment.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
[Hypothetical Russian Contractor]:"Well, this Stuxnet worm is nasty stuff, so obviously it's going to cost a lot of money for us to clean it up. Of course, an event like this was not covered in our contract so we will need additional funding to proceed."
Yeah, what motivation could Russia possibly have?
Random Thoughts From A Diseased Mind (Not For Dummies)
It's equally likely neither Russia nor China would be very happy to see a nuclear Iran, but not want to be visibly seen discouraging them on the international stage. Stuxnet, lets either of them slow Iran's nuclear program, test a new concept of warfare, and leave the US and Israel holding the bad as "most likely." For them it's a win-win-win. Beyond that, intelligence orgainizations in the West now have a small taste of what someone else can do. It's going to keep the West in knots for a few years, hardening against "the last threat," while they've got the next threat now, and are working on the one beyond that.
The living have better things to do than to continue hating the dead.
... the emergence of this type of worm or the fact that a consumer OS as security poor as Windows is being used in nuclear plants. And no, I don't think Linux or OS/X would be much of an improvement. OpenBSD maybe. But surely for operations such as this where a fault really could lead to numerous people dying in unpleasent ways a tested, secure real time OS from somewhere like Green Hills would be used? OK , in Iran I realise this wouldn't be possible but Windows isn't just used over there in important industrial applications.
You wouldn't want Windows (or Linux or OS/X) flying your Airbus so why the hell do people think its ok to run indistrial sites with it??
I doubt that you would really need that many resources to do something like this.
Aside from the problem that maxwell demon points out with the huge amount of secret internal information required, the attackers also obtained and used several zero-day vulnerabilities and driver signing certificates from two different hardware manufacturers. That's hardly trivial.
I concur,
Also note that whoever wrote the virus had very specific knowledge of the target.
It would only act if more than 33 devices of one of two manufacturers were linked to one controller.
It would act one way if the majority of the devices were from one manufacturer and do something else if there were from the other kind.
I would guess that someone that worked there or someone that supplied parts to the project had a major hand in this.
My guess would be that this is at least to some extent an inside job.
As of Postgres v6.2, time travel is no longer supported.
I would think that Iranians would have noticed their Nuclear chief's resignation (and the possible nuclear incident) themselves.
It is what it is.
I would not rule out Russia or China. Both have no interest in a strong Iran but every interest in an Iran that appears strong, since this ties and diverts US and Israeli attention and resources. It also sets a "benchmark" of aggression; as long as esp. China is less of a threat that Iran it can get away with quite a lot, barely noticed. A perceived Iranian nuclear threat can then also serve as justification for building missile defense systems and implementing other military measures that would previously have set off tensions with the Western nuclear powers.
A simple case of cui bono?.
Ugh.. This assumes that
I am just at a loss.. It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it.
I fully expect to scroll down and see some justification for why it's internal industrial sabotage of one Siemens subdivision versus another, or Iran launching it against themselves to get international sympathy.
// MD_Update(&m,buf,j);
There's a lot more detail in the symantec virus "dossier". A very interesting and detailed read.
Just my $0.55 (US inflation, 1774-2008, for $0.02)
The sad thing is just about every country has the resources to do this. Siemens is based in Belgium too, so why couldn't it be Belgium ? I wonder what kinds of problems even a country like Luxenbourg would encounter in doing this. All it takes is budget, hiring a few capable Siemens engineers and throwing a few millions at it. Hell, a lot of publicly traded companies could do this by themselves.
So at the very least, every single country could do it. It would probably be the easiest to do for Iran itself, having obviously maximum access to the systems to be sabotaged, and then they'd blame the enemy "du jour", mostly America, protestors, or Israel, or women, gays (I forgot: gays don't exist in Iran, except of course on pictures of their execution), or ...
At the very least, add it to your list of likely candidates : America, Israel, Iran, and all other nations permanently on the security council : China, Russia, France, UK. These countries all have policy that military intervention (even if very low-level at the moment) is justified to prevent Iran from acquiring nuclear weapons. And Iran itself, is genocidally insane and obsessed with their, equally genocidal, religion. Additionally Iran's government is very, very afraid of losing power. So afraid, that they marched several hundred thousand children into minefields to prevent it (google "plastic key to heaven"), just 20 years ago.
Frankly, more people should sabotage countries like Iran, or all muslim countries in general, for the simple reason that their handling of minorities can only be described as "genocidal". If we are to have any pretense of actually opposing racism, attacking countries with racist laws, and even attacking religions with racist laws, should be standard policy. Of course, for American politicians "racism" is just a meaningless 6-letter word that you shout at whatever political opponents you have to get special treatment for "special" racial groups.
Say, special treatment depending on race, wasn't that the definition of racism just 10 years back ? It still is, of course, the definition of racism, but now democrats and republicans claim words have no meaning and we should help the "poor victims". Apparently, we should help "them" through becoming more racist.
"It really is like each response after the next is competing to think of a more convoluted, absurd way that someone you don't suspect could be involved in it."
It was Boris in the library with a commodore 64.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)
It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"
If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?
// MD_Update(&m,buf,j);
So, are we talking Stuxnet, or Iocane powder?
Contentment is the greatest wealth
- Sukhavagga Dhammapada
Contentment is the goal behind all goals.
"economic wars by China over a prisoner taken by Japan from a disputed island, etc"
If you mean Senkaku, they are firmly in Japanese control China can dispute it all they want, but they don't own the islands in any sense.
I didn't say they owned the islands in any sense, I said they are disputed.
I do not think for one second that China is capable of something so robust and intricate.
That leaves pretty much the US or Russia. As Russia is the hacker capital of the world, I would put my money on them. Even the US government is too bumbling to ever get something like this right.
Yes the Chinese aren't robust or intricate, and the US is bumbling, but don't Russians drink vodka?
And the UK are too gentlemanly, and Africans don't have computers, so that's them out of the equation.
Damn, who in this world of stereotypes and ignorance could have done it?
// MD_Update(&m,buf,j);
That is in no way antisemitism. It is a simple statement of fact. It does not say 'all Jews.' It does not ascribe any evil motives to them: they wish to protect their ancestral homeland, nothing wrong with that. It does not claim they control or dominate American politics, or spread any other false and malicious rumors about Jews. Who wouldn't want someone else to pay for their safety? If you can convince someone in an open and free society to pay for your defense, more power to you.
Just as an interesting aside, do you know why a lot of Christians want to protect Israel? The Jews have to be there on Judgment day. No Jews, no Jesus. And the Jews die. Evangelicals want them there to die and ensure the return of their savior.
Me, I wish them the Jews the best of luck protecting their country from the assholes surrounding them that wish them nothing but death. The kind of "Oh my God they're coming to get us!" thinking that is ridiculous bullshit when we Americans do it is absolutely true over there.
But I am DONE paying for it. I am done paying for the world's police force. The world doesn't need that many cops, and someone else can take a turn anyway.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
You fell victim to one of the classic blunders - The most famous of which is "never get involved in a land war in Asia" - Rizzini
And you fell victim to one of the classic blunders - the most famous of which is incorrectly attributing this quote to someone besides "Vizzini."
What one fool can do, another can. (Ancient Simian Proverb)