New Stuxnet clues suggest sabotage of Iran's uranium enrichment program
Symantec says Stuxnet worm monkeys with electrical motor controls, like those used by gas centrifuges to enrich uranium
Computerworld - Researchers have uncovered new clues that the Stuxnet worm may have been created to sabotage Iranian attempts to turn uranium into atomic bomb-grade fuel.
According to Eric Chien, one of three Symantec researchers who have dug into Stuxnet, the worm targets industrial systems that control very high speed electrical motors, such as those used to spin gas centrifuges, one of the ways uranium can be enriched into fissionable material.
One expert called Symantec's discovery "very interesting indeed."
Chien reported Symantec's new findings in a blog post last Friday and in a revised paper first published in September.
Stuxnet, considered by many security researchers to be the most sophisticated malware ever, targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies. Those control systems, called SCADA, for "supervisory control and data acquisition," operate everything from power plants and factory machinery to oil pipelines and military installations.
Since the worm was first detected in June, researchers have come to believe that it was crafted by a state-sponsored team of programmers, and designed to cripple Iran's nuclear program.
In September, Iran officials confirmed that Stuxnet infected 30,000 PCs in the country, but have denied that the worm had caused any significant damage or infiltrated the SCADA systems at the Bushehr nuclear reactor.
Symantec's latest analysis indicates that the reactor was not the target. Instead, Stuxnet aimed to disrupt uranium enrichment efforts.
Stuxnet looks for devices called "frequency converter drives" connected to a SCADA system, said Chien. Such drives take electrical current from a power grid, then change the output to a much higher frequency, typically 600 Hz or higher.
"The high-frequency output from the frequency changer is fed to the high-speed gas centrifuge drive motors (the speed of an AC motor is proportional to the frequency of the supplied current)," states the Federation of American Scientists (FAS) in an explanation of uranium production on its Web site. "The centrifuge power supplies must operate at high efficiency, provide low harmonic distortion, and provide precise control of the output frequency."
Stuxnet, however, monkeys with the output frequency over a period of months, Symantec said in its revised paper (download PDF).
When it finds converter drives operating between 807 Hz and 1210 Hz, the worm resets the frequency to 1410 Hz, then after 27 days, drops the frequency to just 2 Hz and later bumps it up to 1064 Hz. It then repeats the process.
"Interfering with the speed of the motors sabotages the normal operation of the industrial control process," said Chien.
Sabotaging centrifuge motor speed will do more than that, said Ivanka Barzashka, a research assistant with the Strategic Security Program of FAS, and an expert on gas centrifuges. "A centrifuge is a delicate piece of equipment and operating a centrifuge at the right frequency is extremely important," Barzashka said in an e-mail Sunday. "Problems controlling the operating frequency can cause the machines to fly apart."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts