DEADLY NINJA Stuxnet the first to attack Iran nuclear plant

By on
DEADLY NINJA Stuxnet the first to attack Iran nuclear plant

Copycat weapons not limited to nation-states, boffin says.

Never mind Stuxnet; as Iran's uranium enrichment plant was undergoing finishing touches, it was attacked by what may be the most powerful malware ever created.

It isn't known what damage was inflicted in late 2007 when the more powerful and stealthier version of what most people know as Stuxnet hit the Natanz uranium facility.

But the intent was clear: the weapon's authors designed what was described as a "nightmare" by Stuxnet boffin Ralph Langner in the world of industrial control systems to inflict massive damage to plant equipment.

The Stuxnet most of us know was noisy in design and effect. The malware, considered the handiwork of the United States under the secret Operation Olympic Games, spun up Iran's uranium enrichment centrifuges before winding them back, repeating the process until they snapped and ground to a halt.

It escaped and infected machines in Indonesia, India and ironically the United States.

In contrast, its predecessor was a slick piece of engineering designed to over pressurise the centrifuges by switching off safety systems, Langer says in a report dubbed To Kill a Centrifuge. (pdf)

The malware in short exploited weaknesses in Iran's patchwork of enrichment systems the nation used to keep its outdated industrial kit functioning. Natanz engineers were used to centrifuges failing and had designed means to keep the facility running, albeit at a drastically reduced output rate.

All the malware needed to do was keep those centrifuges failing at a rate that wasn't high enough to freak out the operators.

Differential pressure sensors inside Natanz

Engineers on drugs

The preceding cyber weapon was discovered by Symantec researchers in 2005 who later dubbed it Stuxnet 0.5. 

It attacked Siemens S7-417 controllers in a way industrial control system engineers had never conceived. It was so bizarre, so clever, that Langer wondered whether the malware's designers were on drugs.

Iran ran isolation valves to allow engineers to pluck failing centrifuges from its system without disrupting the enrichment process.

Stuxnet 0.5 shut off the first and last two of these valves to increase pressure across an entire set of centrifuges causing irreparable damage to the systems.

While the systems failed, the malware replayed to operators a scene of the centrifuges hum-drumming along. It was akin to the Hollywood flick Speed in which Keanu Reeves loops the CCTV so the bad guys don't know the bus has stopped.

When centrifuges burned, they gave off vibrations; the older, badder Stuxnet listened to this buzzing to decide when enough damage was done.

Centrifuge inventory at Natanz

Broken spirit

If the suspected Stuxnet creators at the US National Security Agency wanted to wipe out Iran's entire working fleet of centrifuges, they could have done so with ninja Stuxnet.

But Natanz had a standing fleet of centrifuges ready to go whenever the operating ones failed. Engineers could have ripped out the busted gear and got things up and running quickly, mitigating much of the two-year set back that the Stuxnets were said to have inflicted.

Because Stuxnet 0.5 was stealthy, Langer said, it meant the centrifuges simply continued to fail every month at a high but not overzealous rate.

It made the Natanz operators look incompetent. It frustrated them. Why, Langer suggested they asked themselves, could the Pakistanis achive full uranium enrichment production two years when they -- with more money and a head start using stolen technology -- couldn't do it in 10?

Standard targets

Stuxnet required the resources of a nation-state. It required testing on an epic scale carried out no less than on a working uranium enrichment test bed composed of Natanz's unique patchwork of systems.

But civilian infrastructure is a much softer target. Sydney's energy plants, Melbourne's transport network and Perth's mining complex might run on standard equipment that a smaller group could purchase to test their own malware weapons.

This, Langer contends, is a bigger risk than the threat of attackers breaking into industrial control systems via the internet which has largely yet to be realised.

Standard equipment means intelligence gathering is much easier. An engineer in one of Sydney's power plants for example may be familiar with infrastructure in place in other energy facilities.

It also means that, unlike the ultra customised Stuxnets, one payload could be deployed against multiple targets.

The cost too of such attacks would be much less than the investment in the Natanz malware weapons. Langer estimates that "well over" half the cost of Stuxnet’s development was due to their bid to hide the attack.

"Stuxnet-inspired attackers will not necessarily place the same emphasis on disguise; they may want the victim to know that they are under cyber attack, and perhaps even publicly claim credit for it."
Langer further points out that conventional security controls like anti virus, intrusion prevention and physical separation of industrial control systems from the internet by way of air gaps would be trivial to overcome.

Copyright © SC Magazine, Australia


Most Read Articles

Log In

|  Forgot your password?