Computerworld - The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was jointly created by Israel and the U.S., the New York Times said Saturday.
Citing confidential sources, the U.S. newspaper claimed that Israel's covert nuclear facility at Dimona was used to test the worm's effectiveness on centrifuges like the ones Iran employs at its Natanz complex, which has been plagued by technical problems.
The Times also spelled out other clues it said "suggest[ed] that the virus was designed as an American-Israeli project to sabotage the Iranian program."
Stuxnet, which first came to light in June 2010 but may have been aimed at Iran as early as mid-2009, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH.
According to both Symantec and Langner, Stuxnet was most likely designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its facilities, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.
Symantec's analysis gained credence last November after the International Atomic Energy Agency (IAEA), the United Nations' nuclear watchdog, reported that Iran had stopped feeding uranium hexafluoride gas to its centrifuges at Natanz for about a week. Speculation quickly focused on Stuxnet as the reason for the shutdown.
On Nov. 29, Iran President Mahmoud Ahmadinejad admitted that a "limited" number of centrifuges had been affected by software he claimed had been installed by the country's enemies. It was the first time that an Iranian official had acknowledged the worm had struck its enrichment machinery.
Ahmadinejad has frequently blamed Israel and the U.S. for trying to destabilize his regime.
The New York Times' story amassed other circumstantial evidence that Stuxnet was a joint Israeli-U.S. creation.
According to the newspaper, Siemens -- the German maker of the SCADA systems purportedly used by Iran -- cooperated in 2008 with the Idaho National Laboratory (INL) to help experts there identify vulnerabilities in the control systems. The lab -- located about 30 miles east of Idaho Falls, Idaho -- is the U.S. Department of Energy's lead nuclear research facility.
Also in 2008, Siemens asked the Department of Homeland Security to conduct a security assessment on its popular PCS 7 control systems, a fact highlighted in a conference hosted by the IHL and Siemens that year in Chicago.
Stuxnet targeted Siemens' PCS 7 control systems and its Step 7 software.
Israel, meanwhile, set up an unknown number of gas centrifuges at its top-secret Dimona complex, then tested Stuxnet on the machines and their control systems, according to the New York Times. The centrifuges were virtually identical to the ones used by Iran.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
