iT News: Analysis: Stuxnet dissected

/Home/Internet Security: Articles/Internet Security: iT News/iT News: 2011

How one of the world's most complex cyber attacks crippled Iran's nuclear programme.

By Brett Winterford
Feb 24, 2011

The first clue something had gone horribly wrong would have been the noise.

Engineers working on Iran's nuclear enrichment program would have grown accustomed to the usual hum of the many hundreds of motors running its centrifuges, which spin at high speeds to enrich uranium gas.

Without warning, at some time in the middle of last year, those centrifuges were likely to have spun uncharacteristically faster for 15 minutes. The change in frequency would have been noticeable to the layman - to the engineers, it would have been deafening.

They no doubt would have stared at their screens and at each other - had someone made a mistake? There would be a scramble to upload new instructions to the system - to correct whatever error they thought they made earlier - only to find that the code running on the machine didn't match what they could see.

No matter what code they would upload, the machines wouldn't respond to their new commands.

It is highly likely the centrifuges - spinning well beyond their usual limits - would have shredded, with shards of metal piercing the soft aluminium sheaths that surround the cascades.

Engineers may have panicked and flicked a kill switch to dump the uranium before worse damage could be done.

The extent of the damage will probably never be known to those outside the enrichment program. The Iranian Government has admitted to its nuclear enrichment program being set back by the Stuxnet virus - but has not gone into a great amount of detail.

Thankfully, there is a great deal we do know - based on an excruciatingly detailed analysis of the Stuxnet worm by the Symantec Security Response team.

Stuxnet was - for a number of reasons - one of the most fascinating and sophisticated computer hacks in history.

Kevin Hogan, senior director at Symantec Security Response, devoted some of his best resources over the latter part of 2010 and early 2011 to reverse-engineering the threat to understand what precisely happened.

Click the URL above to read the full article