Sunday, January 16, 2011

Real cyberwar

Details of the Stuxnet exploit against Iranian centrifuges in this Times article. The results are impressive on a number of levels. But the US and Israelis should keep in mind that what goes around comes around -- cyberwar is potentially 24/7, and it's very hard to know who your enemy is. Luckily the terrorist threat we face doesn't seem to be very technologically able.

NYTimes: ... The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults.

“It’s like a playbook,” said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. “Anyone who looks at it carefully can build something like it.” Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable.

... The most detailed portrait of the damage comes from the Institute for Science and International Security, a private group in Washington. Last month, it issued a lengthy Stuxnet report that said Iran’s P-1 machines at Natanz suffered a series of failures in mid- to late 2009 that culminated in technicians taking 984 machines out of action.

... Publicly, Israeli officials make no explicit ties between Stuxnet and Iran’s problems. But in recent weeks, they have given revised and surprisingly upbeat assessments of Tehran’s nuclear status.

“A number of technological challenges and difficulties” have beset Iran’s program, Moshe Yaalon, Israel’s minister of strategic affairs, told Israeli public radio late last month.

The troubles, he added, “have postponed the timetable.”


ben_g said...

Is it possible the computers aren't on an internet-connected network and a spy did it?

Mariano Chouza said...

Seems that Stuxnet also spread via USB drives and Windows LANs. It attacked the PCs that were used to program the PLCs.

Here is a nice video from Symantec: (though I don't know how accurate it is :-)

Blog Archive