Focus on Cybersecurity: Iran and Stuxnet
By Madison Feser
It is highly sophisticated. It causes physical damage to industrial machines. It spreads via USB memory ports. It destroys Iranian centrifuges. Moreover, it is ushering in a new era of cyber warfare.
This is the Stuxnet worm. Described as a “cyber-missile” by The Economist, this computer worm is capable of targeting specific equipment designs while leaving nontargeted pieces of technology unharmed.
Despite the worm’s discovery in 2009, little is known about its origins or its implications for the future of cyber-attacks, says The Economist.
Over a six-month period in late 2009, Iran dismantled more than 10 percent of its 9,000 uranium enriching centrifuge machines in the city of Natanz, according to a report by the Institute for Science and International Security (ISIS).
Iran has not openly acknowledged a Stuxnet attack, but experts at ISIS say the crashing of 1,000 centrifuges in a relatively short period can only be the result of a targeted cyber attack. Almost as astounding as the new cybertechnology is the speed at which Iran was able to recover.
Despite international sanctions preventing Iran from purchasing nuclear equipment, UN video footage from Natanz shows workers replacing malfunctioned machines with hundreds of new centrifuges, reports The Washington Post.
“They [Iran] have been able to quickly replace broken machines,” a Western diplomat speaking on the condition of anonymity told the Washington Post. “The Iranians appeared to be working hard to maintain a constant, stable output [of enriched uranium]”.
Although Iran seemingly recovered very quickly, with Natanz production rates of uranium resuming pre-Stuxnet levels, the ISIS report implies that the mysterious worm had deep effects, says the Washington Post. More difficult to account for were the psychological effects on Iranian officials — the centrifuges may have been replaced this time, but with finite resources, could another attack decimate the nuclear program?
The following June, a Belarus security firm identified and named the worm. According to The Economist, the worm spreads via infected USB memory sticks. Once the memory stick gets plugged into a computer, the worm immediately begins searching for the Microsoft program WinCC. If the program is running, the worm installs a backdoor program to Malaysia and begins searching for its target, that is, a specific industrial control system made by Siemens. If WinCC cannot be found, the worm searches for other programs in which it can lie dormant, such as USB drives, shared folders, and print spoolers, says the Economist.
Ralph Langner is CEO of Langer Communications, the German consulting company that analyzed the worm’s structure. Langner told IEEE Spectrum that Stuxnet is the first true weapon of cyberwarfare.
According to Lagner, Stuxnet can infect thousands of computers. It is also sophisticated enough to leave everything except its target unharmed and cause physical damage to the external machine while deployed against a military target. Stuxnet’s potency cements the theory that it is the work of highly trained experts.
Langer is not the only person to question who created Stuxnet. Having eliminated common hackers and coders, the blame, or credit, for Stuxnet falls to government operatives. These operatives most likely have insider knowledge about the Siemens’ machines and Iran’s enrichment facility.
Unsurprisingly, the United States and Israel are the prime suspects. While neither country has admitted to creating Stuxnet, former U.S. Secretary of State Hillary Clinton and former chief of the Israeli Mossad Meir Dagan praised the potential setbacks Stuxnet caused to Iranian nuclear capabilities, reports The New York Times.
With so many countries and private companies analyzing Stuxnet, Langer warns The New York Times that soon the worm will “read like a playbook.” Potential replication may normalize a new form of cyber warfare to which every country is vulnerable.