STUXNET: The Long Game
Once again, Stuxnet has bubbled up in the news cycle and this time more data seems to be evident that the malware was intended to potentially not “disrupt” production of the Uranium in Iran, but instead to perhaps “affect” the process and perhaps render it useless for use as fissile material. I mentioned this back when this all hit the news as something I could see the intelligence agencies doing to stymie the Iranians from having a working nuclear weapon AND to allow them to waste more time in the process thinking that they had indeed gotten the better of the rest of the world.
Of course some those who I proposed this idea to poo poo’d it, but.. Well here we are aren’t we? This was cited today, and the full article is linked below;
The new information confirmed that Stuxnet is looking for very specific types of industrial control systems to modify. More importantly it revealed that the code would very carefully check to see if it was on the right type of device and then alter speeds over an extended period by slightly changing output frequencies.
Once operation at those frequencies occurs for a period of time, Stuxnet then hijacks the PLC code and begins modifying the behavior of the frequency converter drives. In addition to other parameters, over a period of months, Stuxnet changes the output frequency for short periods of time to 1410Hz and then to 2Hz and then to 1064Hz. Modification of the output frequency essentially sabotages the automation system from operating properly. Other parameter changes may also cause unexpected effects.
This sounds very much like an attempt to cause quality control failures or even process disruption. Uranium enrichment is mentioned again. Given the effort to create Stuxnet the target would have to be something that would be seriously affected by minor changes over several months time.
Stuxnet Finally Cracked from Flyingpenguin
ESET Blog Post Stuxnet Unraveled
My previous posts: #Stuxnet retrospective: http://tinyurl.com/377vujshttp://tinyurl.com/2g7xjyg http://tinyurl.com/34ojqb6http://tinyurl.com/3276s5q in order
What the finding implies is that at the very least, the PLC code was set to make small changes to the frequency SLOWLY to cause fluctuations in the end product as I see it. Not so much to destroy outright the centrifuges on site as it was postulated before… Though, I am not an expert in the centrifuge technology and perhaps even these incremental attacks could have lasting damage to the systems.. But, would they be highly noticeable? Subtlety was the key to this whole attack and I think that that subtlety was there to lul the victim into their trap without them ever knowing any better.
Think about it.. So yeah, you brute their centrifuges and they will have to buy more and start over.. Game Set.. Then the game begins again shortly thereafter. Think though in terms of the “long con” You let them run along doing what they are doing, confident in their winning the game, and then you yank the rug out from under them. The long con usually means higher stakes and in this case I think if it worked, now all of their Uranium is susptect as well as all of their machinery.
WIN/WIN
The blog post begs the question on the likely process that the Iranian’s are using to enrich and from what I know, this process as noted in the post, is long, arduous and delicate. If you mess up the process enough and yet leave it looking like it was a success, the only real testing of the end product would be a test det… And a test det would be a long time away… Years of play here for the world intelligence agencies to work with as well as the world bodies that are trying to negotiate with Iran.
“Wha? where is big boom?” Heh.
So onward goes the story of Stuxnet. I am sure the information security community will start the usual posturing with all of the attendant back and forth over “cyberwar” blah blah blah “Attribution” blah blah blah… Pedantic. Look, the facts are that this thing was made by someone who took the time and forethought to aim it at whoever *cough IRAN* and send their infected USB sticks or infected distro/software to the right folks to place it in a position to do damage. If that isn’t a directed attack I certainly don’t know what is.
Who made it? We may never know
Why? Well, seems like that is coming together huh?
Did it do its job? Yes. At the very least the Iranians have been set back a bit and now they are gonna be even more freaked out about ANYTHING they buy on the black/grey markets as well as any software/hardware they get ANYWHERE for fear that it has been back doored.
And that is where I think I would like to see them.. Were I involved in any kind of negotiation or espionage game with them.
CoB
Krypt3ia 
(This version is actually the short and conservative version.)
The least nefarious option here is that a few Western powers and/or Israel orchestrated STUXNET as written above. However, think about some other options.. a few examples:
– STUXNET is an example of ECONOMIC espionage. Say you’re Russia or China with energy deals or you feel jilted by Iran and are hoping to find a way to leverage your way into some business, some information, some (more) regional power… plant a bit of STUXNET, wait and watch while Iran struggles and they come to you or swoop in immediately or do nothing and just wish for further instability?
– Say your Russia or China again but playing both sides of the table. Both of those two powers also have strong reasons to avoid a Nuclear Iran. Russia has Chechen Muslim extremists right at their front door, China has any number of groups, Muslims on some sides, and North Korea and Korean peninsula stability to worry about.
– What if it’s just, I don’t know, say some small French Nuclear companies which would suddenly be able to offer engineering assistance to clean up the fuel cycle and processing?
The point being that STUXNET and similar, umm, “attacks” have all sorts of angles that could be at play. Even at once.
Take your last two paragraphs… all of the scenarios above apply equally as well as a US scenario. Just for completely different reasons. 😉
-Pk
Packetknife
2010/11/14 at 01:40