Stuxnet Was Designed To Subtly Interfere With Uranium Enrichment

ceswiedler writes "Wired is reporting that the Stuxnet worm was apparently designed to subtly interfere with uranium enrichment by periodically speeding or slowing specific frequency converter drives spinning between 807Hz and 1210Hz. The goal was not to cause a major malfunction (which would be quickly noticed), but rather to degrade the quality of the enriched uranium to the point where much of it wouldn't be useful in atomic weapons. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 at around the time the worm was spreading in Iran."

Re:Resources, will, and motive

[Anne Honime]

Don't forget the Russian federation, which have a huge interest in selling enriched uranium they produce already.

Re:Resources, will, and motive

[Anonymous Coward]

i would rule out russia - because russians were involved in building Busher's nuclear power plant, and they'd have no interest sabotaging something they are responsible to complete by the contract terms...

Re:frequency converter drives ?

[dattaway]

AC motors require these drives to get their speed. 60Hz would be about 1800 or 3600 rpm, depending how its wound. Most industrial drives can be programmed for 400Hz, which will spin the armature quite fast. Enrichment is like spinning glassware on a dentist's drill. Those frequencies at that high of voltage (480 volts typical) has a very high switching rate that requires exotic transistor designs. Given that these controllers aren't very common, say for a juice mixer, they can be tracked and sabotaged by the distributor quite easily.

Re:frequency converter drives ?

[jeyk]

They control the speed of the centrifuges that extract the enriched uranium. From TFA:

Stuxnet targets specific frequency converter drives — power supplies that are used to control the speed of a device, such as a motor.

[...] the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium. If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges . . . and the final grade of uranium you would get out would be a lower quality.

Re:Resources, will, and motive

[makomk]

I doubt that you would really need that many resources to do something like this.

Aside from the problem that maxwell demon points out with the huge amount of secret internal information required, the attackers also obtained and used several zero-day vulnerabilities and driver signing certificates from two different hardware manufacturers. That's hardly trivial.

Re:Resources, will, and motive

[sigxcpu]

I concur,
Also note that whoever wrote the virus had very specific knowledge of the target.
It would only act if more than 33 devices of one of two manufacturers were linked to one controller.
It would act one way if the majority of the devices were from one manufacturer and do something else if there were from the other kind.
I would guess that someone that worked there or someone that supplied parts to the project had a major hand in this.
My guess would be that this is at least to some extent an inside job.

More details

[jimmyswimmy]

There's a lot more detail in the symantec virus "dossier" [symantec.com]. A very interesting and detailed read.

There are many (more interesting) questions left

[kestasjk]

• It contains code written in Visual Studio 2005 and 2008, compiled long times apart.
• It required the theft of two digital certificates from offices of electronics manufacturers in Korea.
• It would have needed a lot of expertise on a very particular type of industrial controller.
• It is found most widely in Iran, and has countdown timer to reduce the spread of infected machines, so was probably launched there (and I can't imagine it's easy to hop over on a plane from Israel to drop off a bunch of infected thumbdrives in Iranian offices)

On the other hand the project name was apparently "myrtus", an east-Mediterranean flower, and a hard-coded value for the disable-flag was the date of an atrocity Iranians perpetrated against some Jews (I can't remember the details off-hand, but it's all in Symantec's fascinating report)

It's all totally speculative of course, and probably the least technically interesting thing about this worm is the question of the author. But even besides that the effort and diverse skillsets that must have gone into this thing I feel somehow diminishes the importance of asking "was it country A or B?"


If you think the only question left is was it Yanks or Jews here's a couple that I would raise:
Is there a lesson here about putting too much faith in signed drivers? How about asking what SCADA systems closer to home might be vulnerable? If this thing hadn't been so picky about which controllers it altered what could it have done?

Re:frequency converter drives ?

[BZ]

In 1944 they used a three-stage process involving several very large facilities; the tail end of http://en.wikipedia.org/wiki/S-50_(Manhattan_Project) [wikipedia.org] has details and links.

The interesting part is that setting up that sort of process would make it very difficult to claim you're just interested in power generation... Reactor-grade uranium is a few percent (3-4 according to http://en.wikipedia.org/wiki/Enriched_uranium [wikipedia.org]) U-235; weapons-grade is closer to 80+% U-235 (85% for Little Boy according to the first link above; about 90% for modern weapons-grade according to the second link). Getting the latter by methods designed to look like you're just aiming for the former is a bit of a pain, I imagine.

All this assumes we can trust wikipedia on the subject. ;)

Re:More details

[tayhimself]

http://spectrum.ieee.org/podcast/telecom/security/how-stuxnet-is-rewriting-the-cyberterrorism-playbook [ieee.org] has a good overview published a month ago.

Re:Every country, and a lot of corps could do this

[chrb]

more people should sabotage countries like Iran, or all muslim countries in general, for the simple reason that their handling of minorities can only be described as "genocidal".

Iran's proud but discreet Jews: [bbc.co.uk] "the father of Iran's revolution, Imam Khomeini, recognised Jews as a religious minority that should be protected." "Imam Khomeini made a distinction between Jews and Zionists and he supported us," says [Jewish community leader] Mr Hammami."

Persian Jews: [wikipedia.org] "Jews are protected in the Iranian constitution."

Righteous Among the Nations: Muslims Who Saved Jews from Holocaust: [huffingtonpost.com] "The Righteous Among Nations are gentile rescuers who make up 'a small minority who mustered extraordinary courage to uphold human values,' according to Yad Vashem, Israel's Holocaust memorial museum...Gershman's story begins during the Holocaust and involves Albanian Muslims -- villagers, peasants and farmers -- who risked their lives and the lives of their families to shelter Jews fleeing Nazi Germany."

If you think that is genocide, I suggest you study the history of a real genocide [wikipedia.org], one that took place, unfortunately, at the heart of the Christian nations of Europe, who for centuries reviled Jews as the Christ Killer [wikipedia.org], and adorned churches and cathedrals with anti-Semitic imagery [wikipedia.org].

Re:I don't know whats more worrying...

[AJWM]

I seem to recall we have DOS flying space shuttles.

Then you recall wrongly. The Shuttle flight computers have their own OS (actually two of them; the fifth of the five parallel computers runs a totally different software set, as an emergency backup in case of a systemic software problem with the main four). The machine architecture isn't compatible with what most people think of as DOS. (It might be a DOS, but it sure isn't MS-DOS or DOS/360 or any of the other off-the-shelf disc operating systems that have been around.)

There might well be some experimental gear running DOS, and the astronauts bring laptops along, but not the flight control systems.