Via Wired.com (Threat Level) -
A new report appears to add fuel to suspicions that the Stuxnet superworm was responsible for sabotaging centrifuges at a uranium-enrichment plant in Iran.
The report, released Thursday by the Institute for Science and International Security, or ISIS, indicates that commands in the Stuxnet code intended to increase the frequency of devices targeted by the malware exactly match several frequencies at which rotors in centrifuges at Iran’s Natanz enrichment plant are designed to operate optimally or are at risk of breaking down and flying apart.
The frequencies of the Natanz rotors were apparently not a secret and were disclosed to ISIS in mid-2008 — the earliest samples of Stuxnet code found so far date back to June 2009, a year after ISIS learned about the frequencies. They were disclosed to ISIS by "an official from a government that closely tracks Iran’s centrifuge program."
The unnamed government official told ISIS that the nominal frequency for the IR-1 centrifuges at Natanz was 1,064 Hz, but that Iran kept the actual frequency of the centrifuges lower to reduce breakage. According to another source, Iran often ran its centrifuges at 1,007 Hz.
The information would have been gold to someone looking to sabotage the centrifuges since, as ISIS notes, it provided both confirmation that Iran’s centrifuges were prone to an unusual amount of breakage and that they were subject to breakage at a specific frequency of rotation.
[...]
It’s known that Iran decommissioned and replaced about a thousand IR-1 centrifuges at its Natanz plant between November 2009 and February 2010. It’s not known if this was due to Stuxnet or due to a manufacturing defect or some other cause, but the ISIS report increases plausibility that Stuxnet could have played a role in their demise.
[...]
According to an examination of Stuxnet by security firm Symantec, once the code infects a system, it searches for the presence of two kinds of frequency converters made by the Iranian firm Fararo Paya and the Finnish company Vacon, making it clear that the code has a precise target in its sights. Once it finds itself on the targeted system, depending on how many frequency converters from each company are present on that system, Stuxnet undertakes two courses of action to alter the speed of rotors being controlled by the converters. In one of these courses of action, Stuxnet begins with a nominal frequency of 1,064 Hz — which matches the known nominal frequency at Natanz but is above the 1,007 Hz at which Natanz is said to operate — then reduces the frequency for a short while before returning it back to 1,064 Hz.
In another attack sequence, Stuxnet instructs the speed to increase to 1,410 Hz, which is "very close to the maximum speed the spinning aluminum IR-1 rotor can withstand mechanically," according to the ISIS report, which was written by ISIS president David Albright and colleagues.
"The rotor tube of the IR-1 centrifuge is made from high-strength aluminum and has a maximum tangential speed of about 440-450 meters per second, or 1,400-1,432 Hz, respectively," according to ISIS. "As a result, if the frequency of the rotor increased to 1,410 Hz, the rotor would likely fly apart when the tangential speed of the rotor reached that level."
[...]
ISIS notes that the Stuxnet commands don’t guarantee destruction of centrifuges. The length of the frequency changes may be designed simply to disrupt operations at the plant without breaking rotors outright, and the plant could conceivably have secondary control systems in place to protect centrifuges and that are not affected by Stuxnet’s malicious commands.
There are still a lot of unanswered questions about both Stuxnet and the Natanz facility.
[...]
If Stuxnet was indeed aimed at Natanz, and if its goal was to quickly destroy all of the centrifuges at Natanz, ISIS notes that it failed at this task.
"But if the goal was to destroy a more-limited number of centrifuges and set back Iran’s progress in operating the FEP, while making detection difficult, it may have succeeded, at least temporarily," according to the report.
The authors close their report with a warning to governments that using tools like Stuxnet "could open the door to future national security risks or adversely and unintentionally affect U.S. allies."
"Countries hostile to the United States may feel justified in launching their own attacks against U.S. facilities, perhaps even using a modified Stuxnet code,” they write. “Such an attack could shut down large portions of national power grids or other critical infrastructure using malware designed to target critical components inside a major system, causing a national emergency."
No comments:
Post a Comment