How Investigators Deciphered Stuxnet

suraj.sun tips a story at Wired that takes an in-depth look into how security researchers tracked down and worked to understand the infamous Stuxnet worm. The article begins: "It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran's enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months. The question was, why?"

Re:Possibly the coolest cyberwar article I've read

[EvanED]

If you had RTFA (or perhaps with a more critical eye) you'd know that they had no clue about that at that time. When they first went public with it, all they knew was that it was a quite sophisticated attack that went after Step7 controllers. And given that, I definitely agree with them that it was in everyone's best interest to release that information.

Re:Possibly the coolest cyberwar article I've read

[steelfood]

You're a troll.

You will note that according to TFA, the researchers didn't know it was targeted to sabotage an Iranian nuclear facility until the very end. And by the time anyone realized it was, the cat was out of the bag. Towards the end, it was only a matter of figuring out what specific facility was being targeted.

It is true these guys were suspicious the entire time that it was a government black ops operation. But that suspicion in and of itself says nothing. It could have been attacking anything, like Russian natural gas pipelines again, for all they knew. What they did know was that it was a virus designed to sabotage a controller used in industrial manufacturing. And as the Russian pipeline incident illustrates, that can have very serious consequences.

Imagine if someone sabotaged a manufacturing plant used to build commercial planes that would shorten its maintenance cycle or lifespan from the engineered specifications. Or one that sabotaged a vehicle tire manufacturing facility. Or high speed railway brakes. That would have been disastrous.

What their attitudes told me was that at the very real risk of personal health and safety, they did the entire civilized world a huge service by making their findings public. They revealed to the world the method by which a very real act of industrial sabotage happened, all the while knowing that it could land them dead. They put the duty of warning the entire world of such an attack vector before their own selves.

Sure, TFA says they were doing it for their customers. But that's a disingenuous way of looking at it. Because the customers who benefit the most from their disclosure are the same ones who manufacture physical equipment that must be within established guidelines, many of which are safety guidelines. And that means we, the people who operate the equipment or rely on such equipment to not fail unexpectedly are the ultimate beneficiaries.

To me, it puts them among the very few noble and honorable individuals left in the world. You may not care for such attributes in people, but I think there are still a few in the world who do. At the very least, I think most people wouldn't want to live in a world where everyone was petty and underhanded, as you seem to advocate by your comment. And I think they by their actions are greater believers of freedom than you by your weasel words.

My first-hand experience with this

[Thagg]

In 1993, I was working one Saturday at Pacific Data Images in Sunnyvale. (who later went on to make such classics as "Shrek", but that's another story.) At the time we were one of the leading CG advertising companies in the world.

Anyway, I wandered into the front lobby, and there was a guy there, the husband of the receptionist, that had this very long roll of paper, maybe 20 feet, with a undulating line drawn along it it. He was searching up and down along the line, for quite some time....well, I couldn't help but ask what it was.

He said that it was the fourier transform of the power line going into a plant. He and his company were examining the spectrum to see if they could deduce what was going on inside the plant -- if the machines inside the plant would leak substantial information back onto the power line. Anybody with any electrical engineering experience would know that of course this would be true. I said, OK, that's interesting. What do you see in this spectrum?

And he pointed to a little sinc() shaped (kind of sombrero shaped) area at a particular frequency. And then showed the aliases of that at higher frequencies. He said that these were clearly signatures of many six-pole electrical motors running all at almost exactly the same speed. I looked inquistitive, and he said, "you know, like if you had a bunch of uranium gas centrifuges running." I thought about this for a few minutes....and said, "uhm, OK, but we don't use centrifuges to separate uranium", and he said "no, we don't" and left it at that.

Soon, he was back to Iraq, using a ground-penetrating radar he developed to look for buried weapons. I never saw him again.