Iran Admits Stuxnet Affected Their Nuclear Program

plover writes "According to this article in the Guardian, 'Ahmadinejad admitted the [Stuxnet] worm had affected Iran's uranium enrichment. "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," the president said. "They did a bad thing. Fortunately our experts discovered that, and today they are not able [to do that] anymore."'"

Re:Is Stuxnet a first?

[plover]

1. No, it's not the first. The 2010 Verizon Data Breach Report shows that 54% of successful attacks using malware used customized or custom-written malware, and that 97% of the data records stolen were done so with the use of custom malware.

2. Yes, we're going to see a lot of it. It's already begun, according the the engineer who dissected the industrial control code that stuxnet injected.

A Bad Thing

[Jah-Wren+Ryel]

Baby did a bad bad thing, baby did a bad bad thing.
Baby did a bad bad thing, baby did a bad bad thing.

You ever want a nuke so much you thought your little centrifuge was gonna break in two?
I didn't think so.
You ever tried with all your heart and soul to get your uranium back to you?
I wanna hope so.
You ever pray with all your heart and soul just to watch it spin away?

Baby did a bad bad thing, baby did a bad bad thing.
Baby did a bad bad thing, feel like crying, feel like crying.

You ever toss and turn your lying awake and thinking about the yellow cake you love?
I don't think so.
You ever close your eyes your making believe your holding the nuke your dreaming of?
Well if you say so.
I hurts so bad when you finally know just how low, low, low, low, low, Israel'll go.

Baby did a bad bad thing, baby did a bad bad thing.
Baby did a bad bad thing, feel like crying, feel like crying.

Ohh. Feel like crying, feel like crying.
Ohh, feel like crying, feel like crying.

Baby did a bad bad thing, baby did a bad bad thing.

Re:They did a bad thing.

[plover]

I was very surprised that he admitted it, at first. A rational leader would never confirm an attack like this that couldn't externally be proven.

But then I remembered this guy is from a different world, and isn't talking to us. He's a kleptocrat who stays in power by painting the image of a religious strongman, and talks to his ignorant power-base making it sound like his scientists gloriously smashed the meaningless virus as they would a Western fly.

So I don't know if this child-like line is a simplification made by the translator (who might have difficulty with technical language) or if this is how he normally talks to his people?

Re:Iran's plan

[the+Atomic+Rabbit]

Their PM accidentally admitted, back in 2006, that they did have nuclear weapons.

One thing has changed

[khallow]

Two weeks ago, people talked about the diplomatic problems this worm attack would cause for Israel. There was even a few people that didn't think Iran was trying to make a nuclear bomb. What a difference two weeks makes. It turns out (from the Wikileaks release a couple of days ago) that the entire Middle East (except for the usual suspects like Hamas and Hezbollah) thinks Iran's nuclear bomb program is far more worrisome than Israel. The King of Saudi Arabia asked the US in April 2008 for military strikes against Iran's nuclear program. The UAE stated in the beginning of 2010 that it is expecting some sort of war involving the US or Israel against Iran.

From an analysis of the Stuxnet worm, it turns out to target a frequency converter made by a Iranian company that the Iranians kept secret from the IAEA. That's the agency which is supposed to be inspecting Iran's nuclear facilities and which should have been informed of this technology.

Finally, we have assassinations of Iranian nuclear scientists. If you think putting a worm into a uranium enrichment plant is diplomatically upsetting how about killing people? Also, there's a lot more players who can kill people than who can write sophisticated worms that only target particular systems.

I think this is going beyond diplomacy. A lot of governments agree that Iran is working on a nuclear bomb. The clever finesse moves, such as fancy computer worms, are probably exhausted. Trade blockades probably won't work (especially with China having special deals with Iran). But what will still work is destruction of the facilities and killing of the staff who work there. To be blunt, I favor this approach.

My view however is that Obama won't do it. That means then that we'll have a nuclear Iran, then nuclear Saudi Arabia and Egypt. Even if you don't give a hoot about the Middle East, it'll worry Europe and Turkey. I see expansion of nuclear forces in the EU as a distinct possibility. Turkey is one of many tricky spots. Russia will freak out if Turkey gets nukes. But how will Turkey defend itself, if a major war with a nuclear armed Iran occurs?

This is the thing that people don't get about proliferation of nuclear weapons. The fewer countries that have nuclear weapons, the easier they are to control. Conversely, once a dangerous country like Iran gets them, then all of their neighbors are going to want them as well for self-defense. Israel has been nuclear armed for perhaps forty years, but the Middle East is worried about Iran.

Re:One thing has changed

[Dachannien]

It's quite absurd for you to call Iran dangerous; they haven't been at war for years.

Neither has North Korea, but I hope you'd agree that North Korea is extremely dangerous.

Yes, Iran hasn't been at war (overtly) since they were at war with Iraq. Likely the only reason there wasn't an encore performance is because Saddam went to great lengths to make the world believe that he still had WMDs even though he didn't. But Iran has been relentless in its funding of terrorist organizations throughout the region.

The danger inside Iraq and Afghanistan is completely internal. Neither country has the armed forces required to threaten their neighbors. In fact, Iran is a threat to both of these countries because of their funding of terrorists in both places.

Iran's worries about US invasion are not borne out by their actions. If they really wanted to guarantee their safety, they would abandon their WMD programs, allow full international inspections, and stop sponsoring terrorism abroad. Libya did this and was rewarded by the US despite its human rights problems, and it's reasonable to assume that the US would be willing to overlook quite a lot from Iran while still welcoming them back into the international community.

Instead, Iran is working on nuclear weapons, and it's quite likely that once they amass a sufficient stockpile, they will use that as leverage against the Arab nations, which is why the Arab nations are panicked by the thought. Iran's ties to Hamas and Hezbollah makes it reasonable to think that they would supply WMDs to one of those terrorist groups for use against Israel. The only way to prevent destabilization of the entire region and/or the deaths of possibly millions of people is to prevent Iran from creating a WMD arsenal, even if that requires military action.

Re:One thing has changed

[Clandestine_Blaze]

I have mixed feelings about this.

I honestly believe that a safeguard against preemptive aggression is a fundamental right that every sovereign nation should have. It's why any country has a standing military. The fact that Iran should even feel threatened by the US justifies this safeguard, not the other way around. Just like how America did not need permission to arm themselves with nuclear weapons, and actually used a couple when it felt necessary to win WWII, proves this. Do you honestly believe that any amount of UN treaties or protocols would actually prevent the United States from ever using a nuclear weapon if it ever felt the need to in the future? U.N. treaties certainly did not stop France from allegedly helping Israel develop their nuclear program.

America's invasion of Iraq and Afghanistan was a giant kick in Iran's butt. With US troops operating within two bordering countries, Iran felt it was necessary to hasten their nuclear ambitions. Why did the U.S. invade two nations that had virtually no real military, but continues to avoid North Korea, who even shelled South Korea? The biggest response that could be mustered by South Korea and the US were war games? Seriously? That's precisely why Iran feels the need to develop their nuclear program. Also, the fact that Iranian scientists are getting assassinated (a very disgusting, cowardly move) shows that this safeguard is necessary. I consider assassinating scientists and civilians as terrorism. I would be equally appalled if contractors for Northrop Grumman or Lockheed Martin were to be killed using that same logic.

I do agree with you though that Iran is not a democracy. Every election that they've had has been a sham. The last leader that they democratically elected was over 50 years ago, and he was overthrown and replaced with a dictator. Their government kills and maims more of their own citizens in political prisons than you could ever imagine. While I wholeheartedly agree that the world would be a better place if the current Iranian government was not in power, I do not agree with assassinating scientists, especially since many of them have no choice but to either work on government-sponsored projects or to try to defect, but risk getting their families that they leave behind killed if they manage to escape. Some of the scientists actually support opposition movements, and are stuck in a really bad situation.

I hope that you can understand my position. I dislike the government of Iran since it's my relatives over there that are always at risk of getting killed if they speak out, but am also disgusted by US aggression and double-standards, which I also see as a threat to my relatives over there. It was bad enough wondering if each missile lobbed by Iraq in the 1980s would actually hit one of my relatives' residence. Now I have to worry the same about an Israeli strike or a U.S. invasion.

Re:Simple solution

[plover]

Just disconnect any sensitive nuclear facility from the freaking Internet. Are they so stupid?

No, they're not stupid. Of course the nuclear plant's control network is isolated from other networks. You just don't understand how this worm works.

Using one of four different previously unknown (0-day) Windows exploits, it finds its way onto new machines. Two of the exploits are network attacks (one print spooler, one RPC.) One of the exploits strikes using a bug in how Windows reads the AUTORUN.INF file, and will install the virus whenever infected removable media is inserted, such as USB sticks or CD-ROM discs. Stuxnet is written to all removable media on an infected machine. AUTORUN can be disabled, but the bug is such that it doesn't matter -- simply inserting the infected media spreads the infection.

It's stealthy, and hides itself using Windows rootkit methodology. It looks for specific 32-bit Windows operating systems and which antivirus software packages are installed, and will either fail to install if the antivirus can't be worked around, or it uses different exploits to elevate privileges depending on the security environment of the machine.

It contacts a set of command and control servers (that were taken offline) to download updates to the virus. The virus-infected machines periodically check in to those servers to see if there's new payload or software, update themselves, then spread it around to the other infected machines.

Once it finds its way onto a machine running "Step 7", a programming environment for programming Siemens industrial control systems, it modifies the code that is compiled for the control system. It uses another kind of hiding technology that acts like a rootkit here, telling the engineer that the deployed code is OK.

The engineers do their work on an infected machine connected to the regular networks. They then have to transfer their newly compiled control program data onto the isolated control network. They typically do so using USB sticks or CD-ROMs, which then infect the machine that is transmitting the code to the industrial control network.

The modifications to the data sent to the control network are subtle. Stuxnet has two payloads. The first tries to figure out that it's in an environment that matches the target by comparing frequency controller IDs with those of specific Iranian-made controllers, looks for an array of more than 32 of them, and then watches to see if they run at high speeds for a couple weeks. If so, it'll switch to a damage cycle where it over-revs the centrifuge motors, then suddenly slows them, then suddenly speeds them up again. It repeats this hour-long cycle once every 27 days or so. Even if the over-revving doesn't damage the centrifuges, the sudden slowdowns and speed-ups mixes the uranium up again, rendering the purity of the uranium inexplicably unrefined.

The other payload appears to be intended to cause more damage. It's believed to be designed to attack the control systems at the Buhesher nuclear reactor, opening and closing steam valves in order to over-stress the turbine, with the intent of destroying the 150 foot long shaft and its enclosure. It also pretends to be the reactor's environmental sensors, and reports false data back to the controller; all of this faked data makes the turbine look like everything's operating normally, but in reality a hellstorm is going on inside the turbine enclosure.

It's quite a sophisticated worm.

Re:Turkey is a NATO member

[WindBourne]

Obama sees Iran as a VERY real threat. That is why he is moving towards the umbrella. The problem is, that he inherited a nightmare from W.. He has been fighting against a nightmare economy, that had the jobs sucked out of for the previous 8 years, has 2 wars, created in the previous 8 years, has seen NK gotten the bomb and nothing done about it in the previous 8 years, is watching Burma building a secret nuke reactor in the previous 8 years, has a massive debt of just under 11 trillion (now just under 14 trillion) that was built up from 1980 on (though to Clinton's credit he did less than 1 trillion and left a balanced budget ), and massive failings in the economy far beyond what the global economy caused. Seeing as how you have been reading the wikileaks, you can see that the USA gov. recognizes that China views itself as being in a cold war with the USA.

So from Obama's POV, he had time to deal with Iran, while nearly everything else MUST BE DEALT WITH NOW.

OTH, Israel is working on how to stop Iran (consider today's actions), while developing a new MOAB and building missions for how and when to deliver it. You can bet that all of the middle east has given permission to Israel to flyover (including supplying fuel) to deliver these. My guess is that we will see this fireworks in about 1 year. A very real problem is that Iran is working on Chemical and biological bombs as well. Biological may be far far worse then a nuke, depending on what they use. I could see them inoculating their citizens and then hitting Israel and counting on it taking out the population EAST of them (iow, through the sunnis).