Forgot your password?
typodupeerror
Security The Military IT

Did Stuxnet Take Out 1,000 Centrifuges At Natanz? 189

Posted by timothy
from the down-for-routine-maintenance dept.
AffidavitDonda writes "In late 2009 or early 2010, Iran decommissioned and replaced about 1,000 IR-1 centrifuges in the Fuel Enrichment Plant (FEP) at Natanz, implying that these centrifuges broke. Iran's IR-1 centrifuges often break, yet this level of breakage exceeded expectations and occurred during an extended period of relatively poor centrifuge performance. Although Iran has not admitted that Stuxnet attacked the Natanz centrifuge plant, it has acknowledged that its nuclear sites were subject to cyber attacks."
This discussion has been archived. No new comments can be posted.

Did Stuxnet Take Out 1,000 Centrifuges At Natanz?

Comments Filter:
  • by Suki I (1546431) on Sunday December 26, 2010 @11:30PM (#34673810) Homepage Journal
    If this is for real, this targeting sounds like a big step in the cyber attack side of the world. I wonder how cyber defense will counter it.
    • by Yvanhoe (564877)
      By using systems they fully control ? They were using windows, which HAS backdoors that are acknowledged by microsoft to install security updates.
      People will manage to sell something like "cyber-defense" when all that is needed, really, is to use the good tool for the good job...
    • by arivanov (12034) on Monday December 27, 2010 @05:39AM (#34674934) Homepage

      Not really.

      It sounds like a much more professional attack than previously considered.

      Varying speed by itself should have just sent yield to hell. Varying speed properly with the full knowledge of the centrifuge design and construction allows to select resonating frequencies (which each centrifuge has) and keep it at those until it disintegrates. In my "previous life" doing biotech I have seen what happens when a rotor goes off balance at 50000 rpm. The effect is more or less similar to that of a hand grenade in a closed space.

      Add to that the fact that a broken uranium enrichment centrifuge will leak UF6 all over the place which is highly toxic and corrosive and you have your perfect sabotage method.

      There is one more question to be answered here which puts the final dots over Is and crosses the last Ts. The people who have analysed the source so far in AV companies were malware professionals, not chemists or industrial automation experts. So they left one question open - does it try to determine the frequencies or it knows them already. If it is the latter, this means that the attacker has managed to obtain the exact design of a centrifuge with the actual improvements used by Iran so Iran's nuclear programme is way leakier than we thought and everyone and their dog has that centrifuge design now (with the actual improvements done by Iran after they got it from our "allies" in Pakistan). If it is the former, the same attack can be applied to all kind's of industrial automation equipment and Siemens kit provides enough telemetry to run the attack. That is probably even scarier than the first possibility. Resonance is lovely stuff... Nothing can withstand it for a sufficiently long time.

      • by PatrickThomson (712694) on Monday December 27, 2010 @07:17AM (#34675194)

        I'm a chemist and I actually did some freelance investigation into UF6 centrifuges a while back - quite fascinating. They're tall thin cylinders, barely a handsbreadth wide, with maglev vacuum bearings and a rotation speed in excess of 100,000 RPM. The outer wall of the centrifuge experiences a million G's of acceleration, and a sweaty thumb-print can off-balance one enough to self-destruct. Also, one cylinder only enriches uranium by 1% or so, so you need to daisy-chain many hundreds together flawlessly to get pure 235 out the end.

        I imagine with a system that fragile, you don't need to find the precise resonant frequency. IIRC, all stuxnet did was blip the frequency down to 0 Hz for a short time - which I imagine would eventually throw the drive off-center and cause it to fail noisily.

      • by jbeaupre (752124)

        My guess is that you don't have to aim for a resonance. More likely the centrifuges run at the highest anti-resonance that still damps vibration below a critical threshold. A little variance in speed could send the centrifuge out of anti-resonance and reduce damping enough that bad things happen. Especially if it was done slowly.

        These suckers must be able to spin up fairly quickly in order to transition through resonance points before they can self destruct.

    • by vlm (69642)

      I wonder how cyber defense will counter it.

      Hmmm. I've got a stunning idea! How bout not plug your centrifuge into a PC based ethernet network?

      My doctors blood centrifuge does not have an ethernet port. Nor does my dentist's xray machine. Nor my doctors stethoscope, nor that hammer thingy they hit your knee with to test your reflexes.

      The argument used to be that the DSP based controller software required to balance the rotor required a rather high end server grade PC at least $3000 worth of pentium 75s, so we need to spread that PC cost across mu

      • by guruevi (827432)

        Most likely the blood centrifuge and the x-ray machine have ethernet ports these days. My dentist gets the X-Ray results from 1 machine right on the computer in one of the rooms. I am subscribed to an IT Support mailing list from a hospital and there are regularly 'system updates' for Windows XP systems running everything from fetal monitoring systems to sleep center monitors and these days bedside e-health systems.

      • Probably the centrifuges weren't connected to the ethernet. What was connected to the net was the computers where people developped the software that they put on the controllers. That is what the virus infect, and your PIC based solution would have the same problem.

        That said, connecting the centrifuges to the net seems to be a great solution to contain the damage of such attacks (and of random bugs).

  • Somewhere, some guy working for the CIA/NSA/TLA just shat himself laughing.

  • What antivirus software would have protected the victims of this virus? Kaspersky? AVG? Windows Security Essentials? ClamAV?

    While on the one hand, it is important to prevent infections from becoming a massive swarm with the ability to hammer away at particular locations in a DDOS, in this particular case it seems like specific machines were infected with the goal of harming them directly. Since these machines are running on specialized hardware, it doesn't really make sense to consider StuxNet a "swarm" vir

    • by afidel (530433) on Monday December 27, 2010 @12:12AM (#34674010)
      No, AV software would not have protected those systems from infection because the virus didn't attack the OS or any 'normal' program that an AV vendor would be used to protecting, it attacked a very specific installation of an industrial control package. Better computer hygine like not taking media from lower security systems to higher security ones would have prevented the infection of the vulnerable machines but even the NSA has admitted that they do not have 100% control over such procedures.
      • Better computer hygine like not taking media from lower security systems to higher security ones would have prevented the infection of the vulnerable machines but even the NSA has admitted that they do not have 100% control over such procedures.

        No kidding [wikipedia.org]

    • None. No AV kit can protect you from a single target attack.

    • by thegarbz (1787294)
      None. This attack was quite targeted. I would imagine the person writing this virus didn't just unleash it to the general public with the hope that one day maybe it would make it to intended target. Antivirus software needs a sample or otherwise needs a virus to match some kind of heuristic signature. Just to put this into perspective we actually got this virus where I work (industrial plant at the other side of the world but no Siemens controllers). The .lnk exploit wreaked havoc on the commercial network
    • One lesson of Stuxnet is clear:

      If you are going to run thousands of centrifuges, you need to migrate from Windows to a Linux distro.

  • Dupes are one thing, but, wow, this is new territory.

    Iran Admits Stuxnet Affected Their Nuclear Program [slashdot.org]

    If the submitter had gone straight to the Google [google.com] none of this ever would have happened.

  • by Animats (122034) on Monday December 27, 2010 @01:36AM (#34674302) Homepage

    The IR-1 is an older model centrifuge. It's basically a copy of an old URENCO design. Iran has an IR-2 and an IR-3 model, which use carbon fibre rotors, and new installations use those. Iran has at least three enrichment plants, incidentally, and they're all different. Various reports indicate replacement of the older models by newer ones, so some of this might be a routine phase-out.

  • Is that even 10% of their entire production capacity?

  • and based on their reckless oppression of people there is a lot more concern about forcing israel to get rid of their nukes.
  • by Alex Belits (437) *

    The answer is no.

    Because even if it was true (what is extremely unlikely), any confirmation of this would encourage idiots at Pentagon and similar places to write idiotic viruses and trojan horses that will end up doing nothing but creating massive epidemies among completely unrelated Windows computers.

    So no it is.

    Oh, and to Iranian nuclear engineers: keep all information about your facilities secret. What kind of kindergarten are you runnung there?

  • by seyyah (986027) on Monday December 27, 2010 @02:45AM (#34674480)

    I think Iran -- or any other country -- would be pleased to have these kind of rumors about the damage done circulating. Disinformation or uncertainty as to the present condition of their activities can only benefit them, especially if it causes the enemy to underestimate their power. This assumes that Stux wasn't feeding back information about its activity or that another good source doesn't exist.

    • by mangu (126918)

      Disinformation or uncertainty as to the present condition of their activities can only benefit them, especially if it causes the enemy to underestimate their power.

      More importantly, it causes people to doubt their capabilities. If there existed a consensus that the Iranian nuclear project poses a danger to the whole world, there would be pressure to stop that project at any cost. If they are perceived as incompetent bunglers no one will take them seriously and the nuclear program will continue.

    • by m50d (797211)

      Not for nuclear weapons. The whole point of nukes is to let other people know you have them; no-one wants to have to actually use the things.

      • Not for nuclear weapons. The whole point of nukes is to let other people know you have them; no-one wants to have to actually use the things.

        Dr. Strangelove: Of course, the whole point of a Doomsday Machine is lost, if you *keep* it a *secret*! Why didn't you tell the world, EH?

        Ambassador de Sadesky: It was to be announced at the Party Congress on Monday. As you know, the Premier loves surprises.

    • I sincerely doubt that the OIA, the CIA, the Mossad and the like will evaluate the success or failure of Stuxnet based on what anyone posts in Slashdot, or some journalist post (unless he is recognized to have expertise in the field and/or good contacts). So the ones understimating Iran would be, at the very maximum, the general public (and now we know/have confirmation from wikileaks how little are we informed/taken in account by our governments)...

  • by RubberDogBone (851604) on Monday December 27, 2010 @03:35AM (#34674622)

    My take on this story was that the Siemens controllers were the problem. The centrifuges quit working right because the controllers went nuts, and then the controllers were careful to hide their defect.

    So if Iran examined the controllers and centrifuges and figured (wrongly) that the centrifuges were the problem and replaced them, wouldn't the controllers just wreck the new ones as well? And if so, wouldn't that cause Iran to spend a lot of time replacing centrifuges again and again? It seems like that could account for some of the buying.

    And of course, once the actual problem is figured out, then you need to replace the controllers and probably the centrifuges that got broken the second or third time around, and of course figure out how to keep the whole thing from happening again. Sure, you can replace the rogue controllers but how did they go bad to start with? If you don't know, this could cause a lot of extreme paranoia.

    How Iran actually reacted is not clear to me, but I know what would happen if this occurred in a US factory.

    If a machine broke, you'd replace the machine. If it broke again, you'd replace it again and start getting mad. If it broke again, then maybe you'd look at the controller. If it tests OK -and why would it lie to you- then you replace the centrifuge again. Etc. It might take a relatively long time to figure out that the controller is actually the problem AND that it was deliberately being subtle about it to avoid detection. The assumption with machines is that they don't lie to you. If they are good or bad, generally they will be straightforward to sort out via testing or diags.

    So to start with, you have to accept the concept that yes, they can lie, before the source of the problem can begin to be understood much less dealt with.

    • Plus, since they are working with Uranium, everything gets hot and becomes rather hard to handle, repair and dispose of.
      • by AHuxley (892839)
        But whats too "hot" to a national security issue? France, the UK, the USA, Russia (http://simple.wikipedia.org/wiki/Mayak_accident), South Africa ect all worked very fast when rolling out their a bomb production lines.
        Iran seemed to think it could skip a few steps with off the shelf kit.
        All it did was expose MS junk to the outside world and invite bad things in. Dont mix any MS products and national security. You would think after the cryptography issues in that part of the world, their older local
      • by vlm (69642)

        Plus, since they are working with Uranium, everything gets hot and becomes rather hard to handle, repair and dispose of.

        Hex is not very impressively radioactive. Not pour it on your breakfast cereal harmless, but not very impressive at all. It is almost exactly fiestaware breakfast cereal bowl level of scary. It is however horrifically toxic and usually has some unreacted HF in the process stream.

        Its about a zillion times more likely a typical accident will chemically dissolve your flesh, rather than radiation burns.

        I think you are also describing neutron activation which is not relevant at a U fuel processing plant. A p

    • by vlm (69642)

      The assumption with machines is that they don't lie to you.

      Naaah what got them was every mechanical engineer whom spins stuff around, from steam turbines to windmills to centrifuges knows the likely failure modes are, in order:
      1) material failure / bad specs / bad material / bad machining / bad maintenance intervals
      2) Everything else in the freaking universe from earthquake tremors to houseflys in the process stream to electrical surges
      3) RPM / timing inaccuracy (failure is common, inaccuracy is incomprehensible)

      So they started with line item #1 and probably spent

    • An aspect of stuxnet's damage that has not yet been publicly recognized is that stuxnet's activities have created a drain on the pool of available centrifuge technicians.

      Someone has to clean up after one of the spinners breaks. And there is only so much UF6 that the human body can tolerate.

  • By USB thumb drive and then infected other PC's on private network. That means (if true) they had a spy or 20 inside this place and that simply taking these computers off the internet (which apparently they were) wouldn't have stopped it. (I'm not sure how hard it is to infect linux with a thumb drive to be honest so no idea if that would make a difference.)
  • Over the past year or more, Slashdot has been providing posts about the Stuxnet Worm. There have been several countries who have been accused of the creation of this worm, US being on the top of the list and I believe Israel being the second most accused. Just a week or two ago, China has been named as a possible suspect as well. I'm sure if you search upon Stuxnet you'll be able to find many links to many articles to find out a lot more information about the worm.

    It's rather an interesting story to follo

Save gas, don't use the shell.

Working...