Cyber Warfare on the Net IV

Moshe Yaalon, Israeli Deputy Prime Minister with portfolio for Strategic affairs (whose portfolio includes Iran), said the following on Dec. 29, 2010: ""Iran does not currently have the ability to make a nuclear bomb on its own,"" and in fact, he said that ""technical difficulties"" of an unspecified nature and had set back their ability to complete a nuclear bomb for at least 3 years. What are these technical difficulties that Iran has encountered? How might he have known this? Updated information regarding the Stuxnet worm provides some fascinating insights.

As I've mentioned in previous articles in this series, the Stuxnet malware is sui generis-unique. It is not a virus that attaches itself to an existing program, but a worm, which is an authentic program in its own right and propagates itself surreptitiously on targeted machines. It was originally discovered on a computer by a digital security firm hired by the Iranians.

This worm, it was determined, had the capability of taking over real world facilities and altering the behavior of sophisticated machinery. It was an enormous piece of work for malware, coming in at half a megabyte, with Microsoft estimating that it took 30-50 programmers 10,000 man work days to complete.

Furthermore, it was designed to take over specific Siemen's manufactured controllers at the Iranian Bushehr nuclear power plant and at the Natanz centrifuge operation, where it attacked the steam turbine at the former and the centrifuges at the latter. Their purpose appears not to outright destroy these units, but to destabilize them, delay their introduction and corrupt the uranium being processed. Recent delays in the launch of the Bushehr reactor may be caused by the worm, and the inability of the Iranians to process their uranium to the required levels of purity and the breakdown of many of the centrifuges is definitely thought to be the consequence of the Stuxnet worm.

By taking over the Siemen's processors, the worm was able to induce tiny bursts of speed and rapid decelerations in the centrifuges, corrupting the uranium and insidiously damaging the centrifuges, all the while sending misleading data to the Iranian monitors at the plants that everything was working as it was supposed to. This went on for a year, and appears to have been extremely damaging.

Once the worm gained entry to a computer with internet access, it began communicating with command and control servers in Denmark and Malaysia, delivering information and requesting updated versions of itself. Refined versions of the virus have been isolated, whose purpose has yet to be determined.

Stuxnet wasted a year's worth of uranium production, created chaos in the whole Iranian nuclear program, spread fear throughout the scientific community as the source of this invasion was sought, and will take a year or more for them to disinfect their systems, which some think they lack completely the capability of doing.

They already may have given up, and there is evidence that the North Koreans may provide them with a nuclear weapon in addition to the technical help they have already provided, as Saudi Arabia is rumored to have done with the possible purchase of two nuclear weapons from Pakistan. One thing is certain, however. We have not heard the end of the Stuxnet worm.