Little by little scientists are beginning to understand Stuxnet a computer worm developed with the sole purpose of doing what sanctions were not able to do, slow down the Iranian march to nuclear weapons. During the past year, Stuxnet the computer worm with a message from the biblical Queen Esther, not only crippled Iran's nuclear program but has caused a major rethinking of computer security around the globe (if you want to know how Stuxnet works click here).
According to a report in the Sunday NY Times, Stuxnet was tested in the Dimona facility in Israel's Negev desert. Dimona is the (officially non-existent)plant where Israel runs its (officially non-existent) nuclear weapons program
Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.
Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.
“To check out the worm, you have to know the machines,” said an American expert on nuclear intelligence. “The reason the worm has been effective is that the Israelis tried it out.”Officially US and Israeli officials will not discuss what has been going in the middle of the Negev, but new clues point to the fact that thevirus was designed as an American-Israeli project to sabotage the Iranian program.
In recent days, the retiring chief of Israel’s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran’s efforts had been set back by several years. Clinton cited the "weak" sanctions, which have supposedly damaged Iran’s ability to buy components. Dagan, told the Israeli Knesset in recent days that Iran had run into technological difficulties (Stuxnet) that could delay a bomb until 2015.
As the virus continues to infect Iranian computers computer experts across the world are trying to figure out where Stuxnet came from. There is nothing but circumstantial evidence and it all points to the US and Israel). For example
In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities. Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.There is also the fact that computer scientists who are analyzing the computer worm have found a file name that seemingly refers to the Biblical Queen Esther. Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament narrative in which the Jewish Queen Esther pre-empts a Persian plot to kill all the Jews. One of the key files in Stuxnet was named “Myrtus” (myrtle) by the unknown designer. The biblical Esther's original name was Hadassah, which is Hebrew for myrtle.
Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it.One interesting part of the program is that it was put in motion by President Bush. Yes liberals, this time you can say it, Bush did it.
But Israeli officials grin widely when asked about its effects. Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: “I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.”
The project’s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration’s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran’s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007.The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Langner, who runs a small computer security company in a suburb of Hamburg, had his five employees focus on picking apart the code and running it on the series of Siemens controllers neatly stacked in racks, their lights blinking.
He quickly discovered that the worm only kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. “The attackers took great care to make sure that only their designated targets were hit,” he said. “It was a marksman’s job.”Interesting coincidence?
For example, one small section of the code appears designed to send commands to 984 machines linked together.
Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.
But as Mr. Langner kept peeling back the layers, he found more — what he calls the “dual warhead.” One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a “man in the middle” in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct.
“Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,” Mr. Langner later wrote. “It is about destroying its targets with utmost determination in military style.”The reason why Stuxnet had knowledge of the workings of the Iranian centrifuges may have to do with the fact that those same type of centrifuges showed up in Dimona.
This was not the work of hackers, he quickly concluded. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had an intimate understanding of exactly how the Iranians had designed their enrichment operations.
The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan.
The resulting machine, known as the P-1, for Pakistan’s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1’s to Iran, Libya, and North Korea.
The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs.
How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges.
“They’ve long been an important part of the complex,” said Avner Cohen, author of “The Worst-Kept Secret” (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program.
“I have no specific knowledge,” Dr. Cohen said of Israel and the Stuxnet worm. “But I see a strong Israeli signature and think that the centrifuge knowledge was critical.”One thing can't be denied, the Stuxnet worm has been a major obstacle to Iran's desire to obtain nuclear weapons, saving Israel from having to attack Iran at least for a while. Who ever developed the virus lets hope they are working on a follow-up because 2015 is not that far away.
...Dr. Cohen said his sources told him that Israel succeeded — with great difficulty — in mastering the centrifuge technology. And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet.
The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for “plausible deniability.”
1 comment:
Hi Jeff,
I am a long time reader of the lid and was recently inspired to open a blog. I am hoping it will shape up in terms of content and appearance over the next couple of weeks :)
So far I have just a couple of posts...
would love to receive feedback/suggestions from a veteran.
Shavua Tov,
- R
Post a Comment