Network News

X My Profile
View More Activity
Posted at 1:30 PM ET, 11/15/2010

New research confirms Iran's nuclear program was target of Stuxnet worm

By Glenn Kessler

The Stuxnet computer worm that infiltrated industrial systems in Iran this fall may have been specifically designed to attack the country's nuclear program, potentially crippling centrifuges used to enrich uranium gas, according to new research.

In a blog post Friday, a Stuxnet researcher at Symantec wrote that the software firm had concluded that the worm targets industrial systems with high frequency "converter drives" from two specific vendors, including one in Iran.

Independently, Langner Communications of Germany, on Sunday also discovered that another part of the worm's attack code is configured in a way that would match the structure of a turbine control system for steam turbines used in power plants, such as those installed at the Bushehr nuclear power plant in Iran. Langner also confirmed that the worm appears to attack key components of centrifuges.

Ivanka Barzashka, a research associate at the Federation of American Scientists, said the Symantec findings, "if true, are very significant."

In an e-mail, Barzashka wrote that the targeted frequency range, from 807 megahertz to 1210 megahertz, "is consistent with the operational frequencies of gas centrifuges used for uranium enrichment. Centrifuges are delicate pieces of equipment. There is a huge incentive for pushing the machines to operate at the maximum speed allowed by the materials they are made of. In addition, before they reach their maximum operating speeds, centrifuges have to traverse certain 'critical frequencies' at which they encounter resonance and can fly apart."

"Rigging the speed control is a very clever way of causing the machines to fly apart," she added. "If Symantec's analysis is true, then Stuxnet likely aimed to destroy Iran's gas centrifuges, which could produce enriched uranium for both nuclear fuel and nuclear bombs."

Following the discovery of the Stuxnet virus, analysts said it was likely the creation of a sophisticated entity, namely a government agency. Speculation centered on the United States or Israel as the most likely originators of the worm.

By Glenn Kessler  | November 15, 2010; 1:30 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Pentagon investigates leak on gays in military
Next: Chinese Internet diversion was worrisome, report says


Considering what Israel has done to the nuclear reactors of other enemies in the past, Iran should thank their lucky stars this is the worst that's happened so far.

Posted by: futbolclif | November 15, 2010 3:04 PM | Report abuse

Somebody is playing a very dangerous game with Iran.

If it turns out that the USA is behind the Stuxnet worm, the Iranians would be well within their rights to retaliate and unleash their own worms into the American infrastructure.

Imagine trains being rerouted to collide head on with each other at high speed?

Imagine the floodgates of the Hoover Dam suddenly opening and inundating half of Nevada and Colorado and killing thousands of people?

Imagine Wall Street coming down with a crash, costing hundreds of billions of dollars?

Imagine air traffic control at Dulles International Airport reprogramming the ILS approach system to lower the glideslope so that aircraft plough into buildings on the approach?

Imagine an American nuclear power station suddenly going into an uncontrolled meltdown under the control of a worm in the computerised control systems?

And when the Americans accuse the Iranians of doing this, the Iranians can merely point at Stuxnet and say - well, you started it.

The bottom line is that Americans are not the only hackers in the world and what the Americans do to other nations, those other nations can do to the Americans.

Posted by: ziggyzap | November 15, 2010 3:21 PM | Report abuse

This is even more interesting given that last week the Post ran a story indicating that the military's cyber command was seeking authority/clarification for more offensive computer hacking in the name of national security. Stuxnet was mentioned in the article; but the request for permission to attack essentially appears to be somewhat after the fact in light of this. CYA to the max perhaps.

Posted by: faithfulservant3 | November 15, 2010 3:30 PM | Report abuse

I suppose that all the terible things posted by ziggyzap might be true. Who knows, maybe someday, our enemies will fly large airplanes into our landmark buildings. War is war.

Posted by: stevevan1 | November 15, 2010 4:07 PM | Report abuse

Excellent work, Israel! (At least, I hope it was Israel.) That was a cunning way to interfere with the Iranians' bomb. The next time I hope the virus causes their pile to go critical and send Bushehr and Natanz to Allah on a mushroom cloud. Well done and a big attaboy to whoever came up with Stuxnet.

Posted by: 7891 | November 15, 2010 4:10 PM | Report abuse

"I suppose that all the terible things posted by ziggyzap might be true. Who knows, maybe someday, our enemies will fly large airplanes into our landmark buildings. War is war."

Our "enemies"? You mean everyone who has a grudge against us was involved in 9/11? So now we're entitled to go after anyone and everyone WE have a grudge against, because of 9/11? Kindly show how Iran was involved before lumping them in with the actual perpetrators.

This is important, you see, because we really should limit our retaliation for 9/11 only to those who had am actual hand in 9/11.

From that perspective, Iran perhaps has been the more compliant party. After all, they didn't attack us after we shot down their own Airbus full of civilians in their own back yard, even though we were directly responsible. They showed the greater restraint.

Whereas we are diligently looking for any excuse, nay, pretext to attack them. Attack them in particularly insidious ways whose outcomes are particularly unpredictable. Why? I suppose because we're the USA and nobody can stop us. Or Israel can, because we're always happy to turn a blind eye (or blind an unturned eye).

Posted by: laboo | November 15, 2010 4:56 PM | Report abuse

I wonder if the US government will have any interest in pursuing these cyber-terrorists? Or does the definition of terrorism depend on the perpetrators and/or the target?

Posted by: crete | November 15, 2010 5:00 PM | Report abuse

If you are unaware of Iran's participation against us in the war in Iraq, then you are not following the situation closely enough.

Posted by: stevevan1 | November 15, 2010 5:02 PM | Report abuse

Israel has nuclear weapons.

Israel has declared Iran to be public enemy number 1.

Israel has unleashed a cyber attack on Iran.

At this point, Iran is fully justified in developing nuclear weapons to deter further Israeli aggression.

Posted by: Thoughtful-Ted | November 15, 2010 5:29 PM | Report abuse

who gave these muslim lunatics all the technology?

Posted by: pofinpa | November 15, 2010 6:39 PM | Report abuse

Nov 4, 1979, Tehran, American Embassy, Iranian students and militants storm the embassy grounds and capture 66 Americans. 52 of which were held "hostage" 444 days. Count them, 444 days. If that's not a declaration of war, I don't know what is.

Posted by: edball | November 15, 2010 7:16 PM | Report abuse

Israel has nuclear weapons.

Israel has declared Iran to be public enemy number 1.

Israel has unleashed a cyber attack on Iran.

At this point, Iran is fully justified in developing nuclear weapons to deter further Israeli aggression.

Posted by: Thoughtful-Ted | November 15, 2010 5:29 PM
Boy it sure is a good thing Thoughtful-Ted is in full possession of all the facts.

Hey Ted why not just authorize a nuclear assault - after all the case certainly appears ironclad against the Israelis?

Posted by: krankyman | November 15, 2010 8:39 PM | Report abuse

THE CAT IS OUT OF THE BAG - is how the article should have been headed.

Does anyone remember the F.B.I. coming out with a new piece of spyware called "Magic Lantern"? At the time there was a big kerfuffle about whether anti-virus companies would create a remedy for it. Symantec and McAfee said they wouldn't, along with everyone else - except for Sophos. Sophos's argument was that by releasing this code into cyberspace malicious code-makers would use it to rip-off anyone they could. Sure enough, key-logging malware is now just part of ever more sophisticated ways for script-kiddies to scam... everyone.

This most recent application, for the first time, specifically targets industrial software, and you can bet there are tens-of-thousands of very interested nasties out there pulling it apart for all manner of future nefarious doings. As well as foreign nations who might like to shut down U.S. puplic, private and military systems. Denial-of-serveice attacks will will become minor problems if there's a sudden shutdown of critical national infrastructure.

It doesnt matter who wrote it, or, for whom it was intended. The world just became even more threatening to everyone.

Posted by: icurhuman2 | November 16, 2010 12:40 AM | Report abuse

I agree with icurhuman2 - things are going to get a lot more interesting over the next several years. Anyone working in IT security will also tell you that it's much more difficult to prevent or contain attacks than it is to perpetrate them.

Posted by: apn3206 | November 16, 2010 2:31 AM | Report abuse

Edball 15th November 2010: Iran 1979:American hostages:

You must review the historic background to these events. In 1953 Iran held its first Democratic elections and Dr. Mossadeque was returned as Prime Minister. Although democratically elected America did not approve of his election so the CIA effected regime change that installed the Shah.

This plan was carried out from American consular and other buildings in Iran that enjoyed diplomatic immunity in accordance with protocols that have been established over centuries. One of these protocols was that thou shalt not plot the overthrow of the government in which country you enjoy diplomatic immunity in.

The Shah used his secret police SAVAK that was MOSSAD trained to imprison anyone in Iran who was suspected of harbouring dissent.

Thousands of Iranians dissapeared and were tortrured. Iranians like most folk turned to their religion to free them from this American installed and compliant tyrant.
Turning to their religion made them victims of the mad Mullahs.

Iran is another made in America problem resulting from regime change. Somalian Piracy is another.

So when you review the background you can see why the Iranians have the special hatred for America, the hostages taken was payback (in their minds) for America violating diplomatic protocols of immunity by formenting a coup funded and plotted by the CIA operating from American diplomatic sites in Iran with the express purpose of replacing a legitimate, democratically elected Iranian head of government.

This is why American buildings were attacked and hostages taken. The Iranians suffered a great deal and figured it was payback time.

Posted by: tuatha-de-dannan | November 16, 2010 6:23 AM | Report abuse

hello everyone,im wholesale supplier online

Welcome to our website

===== =======

accept paypal and free shipping

We need your support and trust!!!

Dear friends, please temporarily stop your footsteps

To our website Walk around A look at

Maybe you'll find happiness in your sight shopping heaven and earth

You'll find our price is more suitable for you.

And we shall be offer you free gift about MP4 if you more order.

===== ========

Posted by: fsafs07 | November 16, 2010 7:08 AM | Report abuse

@ Tuatha -- so then - contrary to laboo - Iran IS the problem?

This is becoming confusing...

Posted by: majorbuzzkill | November 16, 2010 10:12 AM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.

characters remaining

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company