Schneier on Security: More Stuxnet News

← New Revelations in the Mahmoud al-Mabhouh Assassination Movie-Plot Threats at the U.S. Capitol →

More Stuxnet News

This long New York Times article includes some interesting revelations. The article claims that Stuxnet was a joint Israeli-American project, and that its effectiveness was tested on live equipment: "Behind Dimona's barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran's at Natanz, where Iranian scientists are struggling to enrich uranium."

The worm itself now appears to have included two major components. One was designed to send Iran's nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.

My two previous Stuxnet posts. And an alternate theory: The Chinese did it.

EDITED TO ADD (2/12): More opinions on Stuxnet.

Tags: China, cyberwar, ICS, Iran, Israel, malware, nuclear power, SCADA, Stuxnet

Posted on January 17, 2011 at 12:31 PM • 71 Comments

Comments

kashmarek • January 17, 2011 12:52 PM

Maybe Iran did it. Perhaps what they were doing was going to fail anyway and they needed someone to blame for their own failure. Spread the blame around. It is a common thread that the guilty point to others as being responsible. Most of the discussion simply keeps in doubt as to who is really guilty, but it all starts with the weapons creation.

BF Skinner • January 17, 2011 1:18 PM

I'd've just liked to have been at the conversation.

"We got this worm. We wanna see if it works. For some reason your system is identical to the Iranians"
"So you say you've got this worm and you want to see if it works in a real, really secret, really in production, really producing nuclear material for our secret atom bomb factory?"
"Yeah."
"What does this worm do?"
"Oh, if it works you mean?"
"Yes"
"It'll wreck the joint."

SC-29 Heterogeneity fail

Joxean • January 17, 2011 1:19 PM

@kashmarek: Sure. Everyone uses 4 0days as an excuse.

BF Skinner • January 17, 2011 1:19 PM

Now THERE's an additional development cost cybercriminals don't have to compete with.

moo • January 17, 2011 1:29 PM

High development cost indeed. But considering the stakes they are playing for, I guess its not surprising they wanted to test it on real centrifuges before deploying it.

Alex • January 17, 2011 1:37 PM

Here's more discussion about Stuxnet, but even six months later there's still no real proof about who did it. This certainly shows that cyber-sabotage is the new frontier for covert ops. In an age where even Mossad can be tracked every step of the way in a plot, malware seems to be the best way to do something malicious and not get caught.

RonK • January 17, 2011 1:57 PM

@ Alex

If you were referencing the Dubai affair, as far as I can see the perpetrators _didn't_ "get caught". They were photographed, yes.

Or did I miss something?

Andrew • January 17, 2011 2:56 PM

US and Israel are admitting to war crimes? Cutting off a nuclear power plant, so its citizens cannot power their homes and businesses.

Allegedly the power plants are being used to build a bomb.

Like the Iraq WMD's, there is no proof or evidence of this. All there is proof of is lies and fabrication by the west.

Again, this NYT blog post is likely to be another lie and fabrication by western superpowers.

It is known that many spy agencies have people working in newsrooms, to make sure certain lies and fabrication are published.

Dirk Praet • January 17, 2011 2:59 PM

Although I really like the Chinese theory, I'm also suspecting some shady guy around the corner here who stills owes me money and some TLA or Iranian operative really should pay him a visit.

Short of some disgruntled individual taking it to Julian Assange like the Swiss banker did today, I'd say we're still pretty much in the conjecture stage.

Nick P • January 17, 2011 3:04 PM

Ok, so this answers the question about which country built it: both. The American official's added comment almost sounded like a confession. Israeli's are more than willing to do something like this. So, the conclusion is logical and consistent with our previous analyses of Stuxnet. I guess now we can say it's the first truly successful instance of weaponized malware. It also illustrates the effectiveness of using traditional espionage to increase the potency of a software-based attack.

Clive Robinson • January 17, 2011 3:13 PM

The point the artical glosses over is that the US had both P1 and P2 centrfuges they had captured from various activities stoping the stuff getting to Libya etc.

The point is the US had no need to go to Israel and that's where the whole story falls flat on its face...

many questions • January 17, 2011 3:45 PM

The article raises many issues.

First of all, let's ASSUME that it's 24-carat true. Isn't it describing an act of war under international law? Wouldn't, e.g., Iran, be justified in withdrawing from the NPT (ignoring whether that might provoke a bombing war)? Wouldn't it be able to go to the Security Council (being naive).

Second, if the Americans and Israelis don't deny, and they don't seem to be over against a very established newspaper, aren't they opening themselves up to retaliation? Not blowback, blowback would be Langner's hypothesis--that the Stuxnet code is transferable on the cheap to criminal and 3rd-party-state sabotage of American installations. Would retaliation necessarily take a cyber form? Think not. The target country might think that it's of a piece with assassinations of their nuclear scientists.

Siemens is described as helping, perhaps unwittingly. Surely good business would suggest a denial.

Nothing is said about who came up with the 0-day vulnerabilities, the bypasses on 10 antivirus packages.

I'm not in a position to say whether they bought time with Stuxnet (how would I know?) but the fact that Symantec and Langner have published very complete analyses of this 'cyber-bomb' suggests that there were some serious mistakes. The covert op that works is the one no one knows happened: the murder that looks like suicide, like an accident, etc. It's not one where the private dick breaks the case wide open (Symantec).

many questions • January 17, 2011 3:51 PM

Add after second para:

Wouldn't one argument for withdrawal be that the IAEA cooperated with the perps to give them the necessary intel?

Also, there's also an article in the Telegraph that says that the Russian technicians at Bushehr are worried about Stuxnet. But Langner has dropped the claim advanced that Stuxnet targeted Bushehr. Now he believes Stuxnet was a two-pronged attack on Natanz and any unknown centrifuge installations. So what's with the Telly article?

Clive Robinson • January 17, 2011 4:56 PM

@ many questions,

"... says that the Russian technicians at Bushehr are worried about Stuxnet"

I suspect it's a little lost in translation. The Russian technicians should be rightly worried about a similar worm or virus affecting any PLC system they are using.

Nagering a few centrifuges will not cause an earth shatering issue. However most nuke reactors do not like a lack of cooling etc and can if fritzed such that various safeties and interlocks are removed could potentialy go bad and release radiological contamination in large quantities.

The question is "if" money were to be saved by cutting corners, one place to do it would be in safety systems. A system could be designed to be tolarant of two failures but not say three. However any one who controls the PLC's effectivly controls everything and can induce three faults simultaneously....

BF Skinner • January 17, 2011 5:18 PM

@Andrew "...war crimes..."
@many questions "act of war"

For a war crime to occur doesn't a state of war first have to exist?
War. Not a disagreement on policy aims or the regional hegemony ambitions of a nation-state.

And for the sake of argument doesn't an affect have to be felt? Iran claims no "no effect"

Was the compromise of the Russian gas lines management software that purportedly resulted in an explosion in in 1982 at the Urengoy - Surgut - Chelyabinsk pipeline a war crime or an act of war? Assume that the CIA knowingly tampered with the software and the Soviets happily consumed it. Do Cold Wars even HAVE war crimes.

I think it sometimes benefits both sides that when an act occurs no war breaks out. 'Gentlemen don't bomb other gentlemen's cities.' Probably the deciding factor is a belief (call it a risk assessment) by either side that one side has the strong strategic advantage, the act was deniable (plausably not for the papers but for either sides IC.) and other, equally deniable, acts can be perpetrated upon the agressor.

Brian W • January 17, 2011 6:17 PM

The only real "proof" there is of who could be behind Stuxnet would be to ask the question of who else had access to the same enrichment setup as Iran.

Given that Stuxnet was so specifically targeted at one single setup (which included a certain number of a certain type of centrifuge controlled by a certain SCADA system), that means whomever designed Stuxnet almost certainly had to have a similar system to design and test it. Especially if it was intended to have a real effect.

Muhammad N Khurshid • January 17, 2011 6:33 PM

Lets talk on this topic openly. Imagine, Iran do not remove this problem and work on that embedded technology with flaw. In that case all future Iran missile will have same problem. Lets assume one more thing, Iran somehow develop inter ballistic missiles which can reach thousand miles, say, it can reach USA.

Now, in the presence of this flaw, there is a possibility that missile may be fired to hit Washington D.C but will may hit New York. Who is responsible for that flaw? Iran? Israel? or USA?

This flaw should be removed as early as possible until it is too late.

There are some ethics of war. History told us that all war ended up in peace with the help of mutual talk.

I hope you understand my point of view. All the best.

RH • January 17, 2011 7:27 PM

@Muhammad: I think I see a little of what you are trying to say, but I think the metaphor is stretching it a bit. The enrichment facilities have little to do with the missiles.

I also hate to burst your bubble (I do like when people talk peace.. more people need to), but all wars did not end up in peace with the help of mutual talk. Unless you count the victor issuing surrender documents as talking, quite a few wars end without mutal talk. And that doesn't include some of the more ancient wars where the goal was simple genocide (or rather, the shortest path to the intended goal was genocide).

To challenge your particular image: what if Iran could not fly the missile without the information disclosed by disclosing the flaw. What if it only reached the USA because we told them how to do it?

Andrew • January 17, 2011 7:43 PM

"Russia's nuclear agency Rosatom has rejected media reports that the computer virus Stuxnet has impacted Iran's nuclear power plant in the southern city of Bushehr."

"There are no viruses in the power plant's computer network, especially in units responsible for security, because this network is totally autonomous and isolated from external sources," Xinhua quoted Rosatom spokesman Sergei Novikov as saying on Monday."

"His remarks came after Western media outlets claimed on January 17 that the computer bug had caused "enormous damage" to the Bushehr reactor."

http://www.presstv.ir/detail/160651.html

Nick P • January 17, 2011 8:48 PM

The thing i dont get is the goal of adding to the clock. It merely delays the inevitable because the options that that end the threat are never used and time wont change the enemies mind. So futile...

Jtaylor • January 17, 2011 8:53 PM

What I don't get is that part about siemens approaching the us DOE about the Iran program. If they were all that concerned about the issue, couldn't they have just decided to not supply the hardware to Iran in the first place? Or, after discovery, couldn't they have not helped the Iranians track and fix the problem? It just doesn't add up here.

Jtaylor • January 17, 2011 9:01 PM

Also, there is no way Israel or the US cares whatsoever about retaliation from Iran. They are already doing everything within their power to destroy both of our countries. We couldn't possibly piss them off any worse than they already are. The only thing Iran can do is keep escalating the situation until we have to take out their facilities and govt. Iran is playing with fire here. It's not like the US hasn't already done this to 2 other countries the the past decade.

Richard Steven Hack • January 17, 2011 9:39 PM

"there is no way Israel or the US cares whatsoever about retaliation from Iran. They are already doing everything within their power to destroy both of our countries."

While the first sentence is true, the second confuses me. In what way is Iran doing anything to destroy either the US or Israel?

Answer: Nothing. Whereas the US and Israel has been trying since the fall of the Shah to destroy Iran.

To get back to the main point, this is really a confession by the US and Israel that they were behind Stuxnet. Really, there are ZERO other suspects, despite all the disingenuous speculation about China (China, give me a break!) But the fact that this international Internet terrorism afflicted several other countries clearly shows the US and Israel as "rogue terrorist states".

And no one cares.

The US and Israel are engaging in the following aggressive acts in another sovereign nation:

1) Terrorist attacks involving explosions and civilian casualties.

2) Assassination of civilian and government personnel, especially nuclear scientists unconnected with any "nuclear weapons development".

3) Sanctions intended to damage the economy and well-being of the civilian population - exactly as in the case of Iraq, imposed despite the illegality of the demands imposed on Iran by the UNSC under the NPT.

4) Continual threats about military attacks, up to and including nuclear attacks, in violation of the UN regulations which prohibit such threats between member states.

All of this is illegal under international law, the UN Charter, the NPT, and IAEA regulations.

All of this is "justified" in the exact same way as the invasion of Iraq: non-existent "WMDs", "connection with terrorism", "mad Arabs", yada, yada, yada.

If you want the FACTS about this, go to :www.raceforiran.com.

And for a nice recap, watch this video:

PANEL: IS IRAN A NUCLEAR THREAT
Speakers: Nima Shirazi, Brian Becker and Ray McGovern
:http://politube.org/show/3133

Special Sunglasses Found inside a fake church • January 17, 2011 10:16 PM

Why not SOLAR power? Why nuclear?

It's not like Iran is anywhere near Santa's house.

Muhammad Naveed Khurshid • January 17, 2011 11:26 PM

Russia is denying that there was no cyber attack on Iran's nuclear facility. Why? because Russia had helped Iran in nuclear enrichment. They do not want their engineers or scientists to be named for their blind eyes...

@RH My apology, I missed the point. Nuclear facility has nothing to do with missile programme. But in someway, they are linked.

What I do know is inter ballistic missile require satellites. Iran's enemies already knows how to destroy satellites so Iran is not spending money on satellite programme. They are looking for alternatives. There may be some alternatives which are not known to Iran enemies.

Clive Robinson • January 18, 2011 12:39 AM

@ Brian W,

"Given that Stuxnet was so specifically targeted at one single setup (which included a certain number of a certain type of centrifuge controlled by a certain SCADA system), that means whomever designed Stuxnet almost certainly had to have a similar system to design and test it. Especially if i was intended to have a real effect"

And this is the nub of the question that the whole article fails on...

First of the P1 centrifuge developed by AQ Khan from the plans he had stolen was a very unreliable system. It was fraught with many problems one of which was stability in use.

How do we know this?

Because AQ Khan set up his own "sell the atom secrets" company out of Switzerland (Khan Laboratories) to make money. It is said that something like 24 countries bought Khan Labs technology blue prints. We certainly knew that Libya did because it was impounded prior to delivery.

Thus the US actually had working units plus design documents etc to characterize the P1 centrifuge.

We also know that Khan had partialy solved some of the P1 issues in the P2 design.

Now the Israelis developed (supposadly on their own) a cascade system to perform enrichment a long time prior to the Khan P1, the US and others likewise (South Africa supposadly had a vortex design without moving parts that used about 50 times the energy of other more conventional designs).

So getting back to the NY Times article the question arises,

"Why would Israel have a working P1 cascade?"

They didn't need it, they wouldn"t want it in a production system and it would have taken a fair few resources to set up and quite a bit of time

Now we know the Khan P1 centrifuge system was effectivly sold to "Axis of Evil" countries, the US would have the spare resources Israel would ordinarily have lacked to setup a P1 centrifug cascade to test and evaluate it.

The important question that has not been answered is "why would Israel have a working P1 cascade and the US not?".

Unless a rational explanation comes forward the story will fall flat on it's face just like most conspiracy stories.

The apparently most rational explanation is that Israel wanted to build the cascade to identify weaknesses in the system Iran was supposadly using.

But it is both a very expensive and lengthy process, so you have to ask why? what advantage does it give them? to build it as opposed to simulate it?

One answer is that the US paid Israel to do it (possible but unlikely).

Another is Israel had a long term plan to develop a method by which the vulnerabilities of the P1 system could be exploited via either the manufacturing chain or via an info weapon.

But you have to ask why, with Iraq they simply bombed the plant (an act of war), so why not do the same again with Iran?

So is Iran tacticaly to far away from Israel to carry out such an attack? (possibly). Or perhaps Israel lacks the technology to carry out such an attack? (unlikley). Or perhaps is it not politicaly viable to carry out such an attack any longer? (quite likley).

But all that aside why would Israel admit the existance of such a set up to the US what advantage does it give them?

The answers to that are possibly not something either the US or Israel want known.

For instance it raises the possibility of Israel actually being in the driving seat not the US.

Also the fact that the US has effectivly been spying for Israel. That is Siemens prorpriatary information was obtained from Siemens in confidence and the US just handed it over to Israel.

The implications of that are quiet large in that Israel would inherited the title of "knock off capital of the world" from Taiwan except that China threw their weight around to wrest the title from Taiwan.

The effect is that EU companies will increasingly ask themselves should we cooperate with the US if all the US are going to do is hand our trade secrets over to our competitors?

Nick P • January 18, 2011 1:07 AM

@ Richard Steven Hack

Nice posts. I'd like to add that any aggression on Iran's part isn't unprovoked. There's plenty of evidence to suggest the CIA was involved in the coup that overthrew their elected president Mossadegh, replacing him with a brutal dictator that supported British and American oil interests. After over a decade of oppression, the movement led by Khomeni got the popular support it needed to overthrow The Shah and take over. Then, we impose sanctions that mainly hurt innocent civilians. This just further reinforced their distrust of the US and support for the new Iranian regime.

I mean, if they did that to us, I'd want to take them out too. So, we have to deal with threats to us, but some diplomacy or better judgment on the CIA's part might have prevented this situation from being what it is. I think it's entirely their fault and any still living should be held responsible for their corrupt, reckless actions. And yet most Americans still don't know about these things. Or coup in Guatemala. Or direct action in Chile. Or (repeat 50+ times). Call me a pessimist, but I don't see our situation getting better.

RobertT • January 18, 2011 1:55 AM

"the Chinese did it!"
That's about the lamest excuse for investigative research I've ever seen. About the equivalent of concluding that Intel and Cisco were involved because they both have offices in the Valley.

Realtek is a Taiwanese design-house so they naturally have chip design facilities in Shanghai area, along with EVERY other Taiwan chip design company. Within Shanghai the two most likely "suburbs" are Suzhou and Zhang Jiang, I'm not certain but I believe Realtek also has a ZJ office.

BTW Taiwan design houses do not do ANY work for PRC military, it's completely silly to suggest they do.

The claim that Vacon must be involved because they have a China office is equally absurd. I'd be more impressed if he found a single larger European electrical manufacturing operation that does not have production in China.

bottom line : what a crock!

Marc • January 18, 2011 1:55 AM

If you strip Iran entirely from this equation it doesn't really get any better. *IF* the story is true and Siemens did not knowingly take part in this venture, which they likely didn't, this pretty much renders certain audits rather useless as you can never be sure that a clean record actually means a clean record...or just a clean record except for this handy little bug that might come in handy if we have to take down on of your customers sometime later.

I don't really see a problem with the CIA potentially getting a hold on a vulnerability to exploit it. But the plot the NYT suggests is somewhat screwed.

Davi Ottenheimer • January 18, 2011 3:07 AM

@ Nick P

"plenty of evidence to suggest the CIA was involved in the coup"

I'd say that's putting it mildly. Not just suggested, it's a documented and accepted point in history, as I wrote here in 2005

http://www.schneier.com/blog/archives/2005/12/the_security_th_1.html#c31708

SteveJ also mentioned it here in 2007

http://www.schneier.com/blog/archives/2007/01/the_christianiz.html#c141883

Looks like we're overdue for a comment, so thanks for bringing it up again.

Operation Ajax was the 1953 CIA-sponsored coup to overthrow Iran's elected leader (Mossadegh) and place the Shah in power.

The overthrow is related to British terms of operation setup with Iranian monarchs in the 1930s, when the Anglo-Iranian Oil Company (now BP) was formed. They were very profitable terms for the British for the usual reasons -- British control over profits, protection from labor disputes, protection from audits and no Iranian executive authority.

Perhaps most notable of all, the British managed to negotiate terms that said Iran surrendered the right to annul the agreement. Iran had been left no means to negotiate or enforce the terms (e.g. labor conditions). Resentment grew and then really took off when America reported a Saudi deal that sounded more fair.

Americans under Truman were sympathetic with Iran's nationalism as a way to keep out Communism. Iran probably thought they were just fighting Britain when their parliament nationalized oil in 1951. However, the US needed Britain's support in other regions (e.g. Korea) so they did not intervene when Britain retaliated by boycotting Iranian oil.

Mossadegh was elected to be Prime Minister during this time -- by a popular movement at political odds with the British policy.

Iran quickly faced pressures from the boycott, but they still took a hard line in the dispute. Then Eisenhower became President in 1952 and the situation changed rapidly. The British reformulated their message (nothing to do with colonial or imperial interests here, nope, not here, we're just anti-communists) to the new President's staff. They found an eager audience in the Secretary of State (Dulles) and CIA Director (his brother Dulles).

Thus began a CIA operation with the British objective to defeat Iran's nationalism and restore control over oil. It did this by forcing rapid destabilization of the political environment to undermine Mossadegh's popularity.

When I say destabilize, I mean the objective was to get many political factions to give up working together and instead fight against each other at every level to force a state crisis (e.g. the CIA paid the media, mobs, politicians, etc. to riot openly both for and against Mossadegh).

"most Americans still don't know about these things"

Agreed. I have yet to meet one that even knows the name Mossadegh. However, to be fair, most Americans also aren't sure who Eisenhower was. I'm sure you have found also that Iranians know the story very well.

I'd say this is all well documented history, but I also agree it is worth keeping in mind when we consider today why anyone would bother to destabilize Iran's nuclear projects.

...and when I say destabilize, I mean trying to kill scientists, professors and their spouses. Stuxnet is a nice side-story to build a cyberwar budget, but I think in the big scheme of risk to international relations the five recent assassinations (and Ali Reza Asgari's disappearance in 2007) should be getting far more attention.

https://www.washingtonpost.com/wp-dyn/content/article/2010/11/29/AR2010112901560.html

"each car was approached by a group of men on motorcycles, who attached explosives to the vehicles and detonated them seconds later"

Paeniteo • January 18, 2011 3:40 AM

@Marc: "this pretty much renders certain audits rather useless as you can never be sure that a clean record actually means a clean record..."

Basically, this is an issue of trust(-worthiness) which is inherent in things like audits.
You always have to wonder whether the auditor has a hidden agenda.

Davi Ottenheimer • January 18, 2011 4:25 AM

@ Joxean

"Sure. Everyone uses 4 0days as an excuse"

I know it's uber sexy to talk 0-day, but is that really what makes Stuxnet dangerous? Looks like a symptom to me, but not the problem.

First of all, the Windows Print Spooler exploit was from 2009, so there were three 0-day at best.

See "Print Your Shell" in this issue

http://hakin9.org/magazine/885-my-erp-got-hacked

That is how Stuxnet spread, using a flaw from 2009. Microsoft claimed it only heard about it in late 2010 and fixed it 13 days later.

http://www.securityfocus.com/bid/43073

I'll spare you the rant, but guess who argues the case to call things a 0-day.

Second, Stuxnet made use of more than just four vulnerabilities. The RPC vulnerability for example was from 2008.

http://www.securityfocus.com/bid/31874

Third, even on a perfect day we expect malware detection to get less than 80%. So that begs the question of what role a 0-day serves.

We have all messed with the 0-day attacks for ages (depending on your definition, of course), but more to the point we have had non-0-day at the same time that have a very high probability of working.

What this means is Stuxnet knew an awful lot about the environment. We can talk all day about the 0-day angle, but I do not believe that is what defines a Stuxnet type attack as dangerous.

The danger is that the attack was targeted with very specific knowledge of an environment...trusted access and detailed insider information. The defensive posture, therefore, should have detailed information to work from at least as good as an attacker, as I tried to explain in my presentation at RSA 2010 in London.

It might seem like a tangent, but the TED presentations by Hans Rosling make an insightful and powerful observation on this topic. He went to fix the equivalent of 0-day health risks in Africa using modern medicine, but realized that the study and prevention of common malnutrition is more effective to improve child survival rates.

http://www.flyingpenguin.com/?p=8654

Danny Moules • January 18, 2011 5:08 AM

@bfskinner In international politics terms, this would be a 'casus belli': http://en.wikipedia.org/wiki/Casus_Belli Effect or not.

Bernd Berndsson • January 18, 2011 6:52 AM

The journalist "forgot" to mention that Vacon also has manucfacturing plants in Chattanooga (USA) and Naturns (Italy). So the US-Israel theory still holds valid, and according to his logic it may now also have been a finnish-italian cooperation!

BF Skinner • January 18, 2011 7:13 AM

@NickP "dont get is the goal of adding to the clock. It merely delays the inevitable "

The Mulla Nasrudin was thrown into prison by the Sultan to be executed the next day.
"Wait," He cried. "If you let me live. I can teach your horse to fly."
"Bull," said the Sultan "but I lose little. You have a year to teach my horse to fly."

One of Narudin's students came to him wailing,
"Oh Mullah what ever will you do? The Sultan will execute you in a year instead of tomorrow."

"Nonsense." Said Nasrudin. "A year is a long time. Perhaps the Sultan will have a change of heart and free me or there maybe a revolution and he'll be deposed any thing may happen. And you know I may just be able to teach that damned horse to fly!"

Pushing back their clock does the same thing for us. It opens possibilities. Letting Iran keep it's time line reduces our freedom of choice and actions.

BF Skinner • January 18, 2011 7:15 AM

@Danny Moules 'casus belli'

Really. Is that how it's spelled?
I'd always heard it pronounce provocative hegemonic ambition.

BF Skinner • January 18, 2011 7:35 AM

@Richard Steven Hack "In what way is Iran doing anything to destroy either the US or Israel?"

The US? Nothing now, maybe nothing ever. Had they wanted they could have tied us down in Iraq and drained us.

Israel? Who do you imagine is pulling the strings on Hezbollah? It ain't refugee Palestinians holding fundraisers.

"shows the US and Israel as "rogue terrorist states".

You imply order where only anarchy exists. Nations do what they want or can because there is no world governing body or supernation to appeal to. There are only the treaties and contracts that nations have aggreed to abide by and those treaties include the use of coercion.

Iran is no innocent. It is ambitious and has a deep sense of it's history. (While very aware of our history of intervening in it's internal affairs their historical sense goes back thousands of years). Iran wants regional, not global dominion. They want the Persian empire back.

With missles and nukes they likely wouldn't pose a threat to Western Europe no matter what Chaney says. Like the Soviets the Iranian leadership ain't maniacs. They understand the uses of power, subterfuge, and sabatoge. But Iranian nukes would certainly act as a deterrent to prevent further western interference in their plans. And they've got a long planning horizon. We've given them Iraq for all intents and purposes. They've taken Lebannon and just brought down it's government, via Hezbollah, Syria is a proxy puppet. And much of the disenfranchised in the gulf states? They are Shia. Once we're backed out of the Gulf? Iran won't have much trouble mopping up the other kingdoms and emerites.

Clive Robinson • January 18, 2011 7:44 AM

@ Davi,

"I'm sure you have found also that Iranians know the story very well."

Not just Iranians, mot in the middle east know about it. Many blaim the fear that the same will happen to their country if the do not aquiesce.

One of the reasons that a number of forward thinking middle east countries are in their current financial crisis is due to knowing the oil is going to run out and when it does they will be just one more asset stripped third world nation.

Iran many be developing nuclear weapons then again it may not, it is currently a viewpoint issue.

What is not at issue is they know that the oil is running out and if they don't have an alternative energy source they are in trouble.

They also know that if they don't also control the whole energy production process from begining to end then they are in the same position they where in 70 years ago.

By the way it is not just the politicians that know and feel this way it is the people as well. Many Iranians support the energy independant stance of the current crop of politicians even if they do not support them in any other way.

Stuxnet and the associated deaths are as far as the Iranians are concerned a direct attack on their sovereignty by Israel and also the US and other coalition incursions into what they see as their teritorial waters and airspace they see as provication on behalf of Israel.

But further they know that the only thing stoping Israel pushing the Palestinians and other nations of the face of the map (a policy started by David Ben Gurian and still seen clearly in Israleli political behaviour) is the fact that they have something the US want's and needs badly oil. And that the US will to a small extent put preasure on Israel.

They belive beyond what you and I would call faith that the US gave Israel the nuclear weapons they currently have which threaten the whole middle east and as far as many arabs are concerned their very existance.

They also know that possession of independent nuclear weapons gets "respect" from the US politicians. They have seen it over and over again (think Russia, China, India, South Africa, Pakistan and more recently North Korea).

If this is a shock to other readers then I suggest they think about things a little, and then realise that the cause of this is blatent consumerism that can only be sustained by access to raw resources at way below market rate.

Then realise what this requirment actually means in "real politiking".

If you are still in. doubt have a look at the history of India and Africa and the likes of "Clive of India" and "Cecil Rhodes".

Oh and then go and look at what the Chinese are currently upto in raw resource rich areas like Africa to see the old game being played in a new way.

Are China a threat to the western world and in particular the US? you can bet on it 100% the battle will be over the control of raw resources. And guess what we are already seeing it in "rare earth metals". The secondary battle will be on energy and the thrid on food and water.

Around about October this year the world population will reach 7billion human beings, we do not currently have the resources to sustain that sort of population and the US style over consumptive lifestyles people aspire to. The west need to pull their collective heads out of the sand and stop thinking "short term" in politics and other asspects of life. The Chinese in particular think not in years or in life times but in generations and plan accordingly. Unless we start thinking the same way then we are going to be in very very serious trouble before our current children become parents let alone grandparents.

The problem though is not knowing this (it's almost self evident today) but knowing what to do about it in a way that is not going to cause serious blowback etc.

many questions • January 18, 2011 7:53 AM

@BF Skinner:

Usually your contributions are very sound but in the casus belli remark you are being silly. What we have to understand in 'cyberwar' is that the 'cyber' is a method. Assassination is another method. Now no one really expects Iran to go to the Security Council, given the sanctions, but any analysis of what's going on can't ignore the fact that these actions are each of them a casus belli. They are, in terms of international law, very serious. That's not to say that Iran's hands are clean, I'm not in a position to say.

Moreover, there is an issue of overt and covert war. The poisoned code that the Russians stole for their gas network might be justified since they were stealing it; they can't very well complain 'the code that we stole had been doctored and caused our gas network to blow up'. 'Charlie Wilson's War' was a covert war against the Russians. The Russians and the Americans had an understanding that covert war would remain covert so as to avoid open war. How the Iranians are going to respond is not clear.

So you might think the Americans and Israelis are justified, but at least call a spade a spade.

jacob • January 18, 2011 8:57 AM

@muhammad. Sorry satellites have nothing to do with ICBMs. A missile doesn't use GPS (joke if you understand) or homing signal. A ICBM is not a blind scud, ever. Trust me on that one. Maybe the bombers use gps, turn left....lol

1. Did Israel make the cyberbomb? I suspect they did, however, they have a very valid reason to make the arabs fear what they did or could do in the future.
There is a long history of the arabs using a spitball and the Israelis using a cinder block.
2. US? maybe. It would be in their interests to kick the can further down the road.
3. The Iranians may not really want the bomb. It would raise hackles in the m.e. and open themselves up to attack from say egypt or the saudis. similiar to china and the japanese.

Just my thoughts.

jjjdavidson • January 18, 2011 9:30 AM

While I find the NYTimes' poliitical conclusions at least plausible, I'm not so sure of their conclusions about Stuxnet itself. For instance, "The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control."

The outstanding analysis published by Symantec indicates that Stuxnet searched for drives running at from 807Hz to 1210Hz, presumably a normal operating range. The malicious PLC code then--after several days--changed the drive speed to 1410Hz, only about 17% above the upper end of the assumed normal range. If I understand the analysis, it maintained this higher speed for only fifteen minutes, after which it returned the drives to normal operation and left them alone for several weeks. I'd hardly say they were "spinning wildly out of control."

The next stage of the malicious code lowered the drive speed to 2Hz, less than 1/400th of the normal speed, before returning to normal operation--again, for several weeks. This seems unlikely to damage the drives--a quick alternation between 1410Hz and 2Hz might well stress them, but that doesn't seem to be in the code. The aim appears to be to disrupt the uranium enrichment process itself by altering the centrifuge speeds, not to actually "wipe out" the centrifuges.

From a manufacturing viewpoint (mine, that is), an inexplicable quality-control issue would cause more long-term disruption to a development program than drives that overtly reduce themselves to spitzensparken. If Stuxnet hadn't come to light, the Iranians would probably still be tearing their hair out over their QC results.

Jay

paul • January 18, 2011 10:47 AM

If true, the part about messing with the reporting says quite a lot about the way that the Stuxnet perpetrators believed the enrichment facilities were run. Any substantial change in centrifuge operating frequency would cause a fairly serious audible change on the floor if anyone were there to hear it. And knowing that the logs didn't conform to the evidence of technicians' senses would be a fine starting point for debugging.

Andy • January 18, 2011 11:28 AM

"The biggest single factor in putting time on the nuclear clock appears to be Stuxnet..."

Possibly the biggest instance of BS I've seen for a while.

"...the most sophisticated cyberweapon ever deployed."

Though this may well still be true...

albatross • January 18, 2011 11:47 AM

This kind of attack must have been going on for years and years now, since most of the time, such attacks would not come out in public. (The outcome of the attack here is that a production process that's right at the edge of your resources and abilities gives you lousy results--how often has a similar outcome simply been attributed to unknown problems, incompetence, etc., and ignored?)

BF Skinner • January 18, 2011 12:11 PM

@many questions "you are being silly...you might think the Americans and Israelis are justified, but at least call a spade a spade."

Perfectly correct. I will always cop to being silly.

But are we talking what states 'should do' or what states 'are doing'?
The gap between deed and ideals. If so then self-Justification and rationalizations are, I believe, hardwired in.

In Causes of War, Blainy observed that wars happened when two states disagreed on their relative power. A weak power can't say much to stop a great power from doing what it wants. Two powers of relatively equal power have the ability to oppose each other. Once one side or the other is exhausted (Germany/Japan in WWII) then it's obvious who's the stronger.

But between US and the Soviets what changed was the quickly acquired ability to anhiliate the world. So MAD, so deniability and wars by proxy. Their conflict was the same and their strengths were roughly even. They just knew they couldn't fight the wars in the same old way. If they were going to continue to confront each other they would have to blink at 'acts of war' such as the destruction of a gas line, mined harbors. And we would too have to ignore Soviet 'advisors' commanding ground troups in SE Asia.

Do covert wars even have rules?
It's participants are usually disavowable/d.
Conventional wars do. At least to the extent you can prosecute the loser for war crimes.

Iran is a strong state, but it knows it can't yet, maybe never, afford a direct conflict with the US. But it also knows it can hurt us badly. If it acquires nukes it can do a lot more in it's area of interest without threat of direct intervention.

Or are we talking about Justice? Between states?

This imply's to my mind a supra-national order that can enforce it's will on subordinate nations.
Which I just don't see existing. That's not the UN (they have no power of their own) it's not the World Court (which the US refuses to sanction - probably under the belief that some people who green light wars may get charged as war criminals.)

I haven't thought Israel justified in any moral sense since they gave Phalangists uncontested access to Sabra and Shatila. But justified in that Israel has a right to exist, yeah, without question.

Does that justification to exist make right interference (and the interference was the same for the Soviet gas line) with the internal affairs and infrastructure of a sovereign nation?

Once existential threat argument is accepted as the sole baseline for chosing action then any enormity can be committed.

Q • January 18, 2011 12:25 PM

Actually, the issue at stake is patriotism.
You must return to your world and put an end to the communists.

All it takes is a few good men.

Dirk Praet • January 18, 2011 1:48 PM

@ Clive / Davi

To me the NYT article reads as one long enumeration of speculation and hearsay, with a lot of claims like "alledgedly ... blah ... some official confirms ... blah ... on condition of anonymity ... blah". No names, no functions, no nothing. I can easily make up a similar story and correlations to point the finger at the cyberops division of the resurrected knights templar engaged in a holy war against Iran. In addition I too have serious doubt about the US-Israeli link over the P1/P2 centrifuges.

For argument's sake however, and in absence of a better explanation, I am assuming that the US, Israel or both were behind Stuxnet. Both consider Iran a nuclear threat. Although some may argue that the repeated violent rhetoric against Israel by Mr. Ahmadinejad is just part of Persian political culture and an expression of passion, there are more than enough parties outside of Iran to take him up on his words. As said, the pursuit of nuclear weapons by Iran today still is a viewpoint rather than a proven fact, but cannot be precluded as such.

The assumption is just as plausible as suspecting Israel/the US of being behind Stux because of a number of circumstantial indicators: Iran's religious and political regional agenda - under a theocracy pretty much the same thing -, the alternate blowing hot and cold with the IAEA, the prospect of nukes as a a deterrent and a bargaining tool against Israel and the VS. Also, not all oil exporting countries I know off are actively pursuing a nuclear energy programme in the knowledge their reserves are finite and with practically their entire economy being based on oil.

There are several good reasons not to resort to military options today. First of all, and after the never substantiated Iraq WMD fiasco, neither the UN or any of its member states - even allies - will be very inclined to believe anything short of smoking gun like the Cuba missiles in 1962, in the process alienating the muslim world even more. Secondly, a military intervention would greatly damage growing domestic opposition against the mullah-regime that has lost much of its popularity due to a failing economy and especially after the disputed 2009 elections. It's a textbook example of a regime trying to keep its population in line through oppression and an external enemy, real or imaginary. Arguably, Persians are a proud people with a long history and culture that will not be denied their right to energy independence through a nuclear programme, and will not stand for any foreign incursion or invasion.

If the assumption that the US/Israel are behind Stuxnet, I suspect the idea was come up with by some Jack Ryan-type analyst under the argumentation such a plot would be entirely feasible and draw much less outrage from the international community and the Iranian people than a military strike. An added benefit would be to play the card of plausible deniability. Which for all practical purposes works both ways. No government official sofar has explicitly admitted being behind Stuxnet, whereas the Iranians deny it doing any harm on their installations. I think this is what cold war is really all about.

Clive Robinson • January 18, 2011 2:32 PM

@ Dirk,

Just to reiterate what I have said from the begining, my money is definitely on the US for Syxnet, without any real involvment from other nations. Based on the simple premise that Iran was not the only or even primary target for stuxnet (my money is still on North Korea for that).

However on the assumption that the NY Times article had even a slight amount of truth with respect to Israel then this actually put's Israel in the driving seat not the US (which is what a number of people believe and they do have a point to some extent if applying Occam's Razzor).

But... Israel has a history of dealing with technical issues either directly (bombing of Iraq) or by assasination of key personnel (which arguably they are continuing to do). So the question arises why the change to cyberwar especialy as common sense would tell anybody who thinks about it that the worm was going to be found and ripped apart publicly (which is what has happened to just about every major worm since the NSA's Chief Scientists son opened Pandora's box and let them slip.

Things in the article neither add up or balance which makes my "hinky detector" say case not proven which then makes me think "spin/cover up".

jacob • January 18, 2011 2:41 PM

@clive good points. However, lack of evidence, etc. Israel has more at stake than anyone, even the U.S. Israel has a very robust technology industry. I personally think that the us and israel were involved. But, I could be wrong. Maybe Steve Jobs and Bill Gates are doing another kind of philanthropy. ;)

Richard Steven Hack • January 18, 2011 2:52 PM

BF Skinner: "Israel? Who do you imagine is pulling the strings on Hezbollah? It ain't refugee Palestinians holding fundraisers."

Actually, regardless of how much support Iran gives Hizballah, the organization itself is a national resistance movement not terribly interested in "destroying Israel" per se, but interested in keeping Israel out of Lebanon (and no doubt takes the Palestinian side of that whole issue.)

"Nations do what they want or can because there is no world governing body or supernation to appeal to. There are only the treaties and contracts that nations have aggreed to abide by and those treaties include the use of coercion."

Well, the UN, of which the US and Israel are members, says differently: it says threats to attack Iran are illegal per se. It says conducting these sorts of operations against sovereign nations is illegal on the face of it. The fact that the US and Israel ignore the UN and international law is not a "feature", it's a bug.

"Iran wants regional, not global dominion. They want the Persian empire back."

They want influence because they can't have domination and they know it. It will be a long time before the Sunni-Shia divide gets healed, if ever. Iran merely wants to regional influence.

Whereas the US and Israel DO want regional hegemony (and the US wants GLOBAL hegemony). Read the PNAC document which proclaims that the US must not allow ANY nation to be even a regional power, let alone a superpower. This has been the US intention for the last century preceding that document. As you correctly state, it is in the nature of states to do this stuff - if they are able to.

"Iranian nukes would certainly act as a deterrent to prevent further western interference in their plans."

I used to think so. But on further reflection, the fact is that a few nukes would be utterly useless to them. And in fact, evidence shows Iran is aware of this which is why their Supreme Leader has explicitly disavowed ever having nukes. And the same considerations have been stated several times by Iranian officials and Iranian observers.

Iran can never catch up to Israel, let alone the US, in nuclear weapons or the necessary delivery systems. And if had nuclear weapons, it would merely increase the fear and suspicion of their intentions among the states where they wish to build their influence.

"They've taken Lebannon and just brought down it's government, via Hezbollah, Syria is a proxy puppet. And much of the disenfranchised in the gulf states? They are Shia. Once we're backed out of the Gulf? Iran won't have much trouble mopping up the other kingdoms and emerites."

Iran has never projected force outside its borders and has no ability to do so today or in the foreseeable future. What Iran seeks is alliances with those countries who have Shia populations and which can be weaned away from being puppet clients of the US and Israel (i.e., unlike Egypt, the corrupt Arab monarchies, etc.) Iran wishes to go its own way and needs to build alliances in order to counter the US and Israeli plans to dominate the Middle East to its detriment.

Iran has no nuclear weapons program and there is little evidence it ever did have one. At worst it may have had a nuclear weapons research database to determine how to build one, something any reasonable military would do if threatened by nuclear armed neighbors in case the leadership might one day decide to deploy them. But there is ZERO evidence of any Iranian intent to develop and deploy nukes - in the past or the future..

People have been claiming Iran will have nukes "in the next 3 to 5 years" - or even that Iran actually HAS nukes - for the last thirty years. Nima Shirazi has a timeline for those predictions going back to 1984 and perhaps earlier. It hasn't happened and there is zero evidence it ever will - because nukes would do them no good and could do them considerable harm - if for no other reason than it "justify" an attack by Israel or the US.

"But justified in that Israel has a right to exist, yeah, without question.

Actually, there's a huge question there. In 1947 the UN commissioned a study to determine whether it had the legal authority to partition Palestine. The committee concluded it did not. The UN set that aside because they were under pressure to "do something" about the violence, since the Brits were washing their hands of the situation. This means that the partitioning of Palestine and the creation of Israel were illegal. Israel is an illegal state, conducting its affairs as a rogue, terrorist nation in defiance of international law, UN resolutions, and world opinion. Only the backing of the French (first) and then the US has allowed this to happen.

Ex-CIA agent Ray McGovern made a joke in that video I referenced above. He said the US once offered Israel to become the 51st US state, but Israel turned it down flat - because if they were a state, they'd only have TWO Senators in their pockets. Now they have at least 60-70.

The US and Israel are planning a war with Iran just as they planned one for Afghanistan BEFORE 9/11 and for Iraq using 9/11 as an excuse. In fact, after 9/11, both the neocons and the Israelis wanted the US to attack Iran, and Israel only got on board with attacking Iraq when they were assured in 2002 that Iran would be next after the "Iraq cakewalk" they were predicting. The only reason we haven't invaded Iran by now is that Iraq and Afghanistan proved not to be "cakewalks".

But the plans are still in the works to attack Iran. It will happen eventually. And just as in Iraq and Afghanistan, the US will lose - after another several million Iranian and Iraqi civilians are dead or displaced, and more thousands of US troops dead - and the military-industrial complex reaps its profits from the taxpayers' tax dollars.

Nick P • January 18, 2011 4:40 PM

@ Andy

"...the most sophisticated cyberweapon ever deployed."

"Though this may well still be true..."

That's incorrect. The most sophisticated and successful cyberweapon ever deployed is Microsoft Windows in the default configuration and with TCP/IP networking enabled.

This weapon enabled more data loss and sabotage than all other cyberweapons combined. In fact, this weapon is often used by other cyberweapons as a springboard for further attacks. That our enemies demand we deliver millions of these weapons to their sensitive facilities also makes it the greatest psyop ever undertaken. This cyberweapon is also largely unaffected by arms/export control and can be purchased without a permit in stores near you. Now go gear up!

EDIT: Intel and IBM complained just before press time that their x86/PC architecture is more effective at removing security than any operating system. If it wasn't for this, they claimed, the Windows Destructive Device might have been a dud. My lawyer advised me to have no further comments.

many questions • January 19, 2011 12:59 AM

@ BF Skinner et al.

The following article excerpted in full is by Gary Sick, ME and Iran expert:

Congratulations to the New York Times for an example of good, old-fashioned investigative reporting. Three reporters provide a persuasive account of how the United States and Israel collaborated on building a so-called worm that would attack Iran’s uranium enrichment facilities. Clearly this was a reporting project that was pursued quietly and imaginatively for months. It doesn’t tell us everything we would like to know, but it puts a lot of flesh on the bones of the Stuxnet story.

But now that it is out — and entirely credible — it is going to be accepted as the base line for analysis of this entire incident. What are the general conclusions one can draw?

1. The Stuxnet worm is likely to stand as the first publicly known case of targeted, state-sponsored international cyber warfare. If there have been others (and there probably have been) the authorship and motives were too ambiguous to draw any conclusions. Whether entirely true or not, the NYT story has identified both motive and means. What was previously shadow warfare has suddenly become entirely public. This is, in its own way, a much bigger story than WikiLeaks
2. The technical knowledge of the Iranian program as revealed by the regular and fairly frequent IAEA (International Atomic Energy Agency) inspections of Iran’s centrifuges was probably quite useful to those who created the worm. At least Iran is likely to believe that is true
3. The authors of the Stuxnet worm have almost certainly succeeded in their tactical objective of “putting time on the calendar” for Iran to develop its nuclear program. However, the long-term strategic goal of persuading Iran to abandon any pursuit of a nuclear weapon is far less clear.

Just put yourself in Iran’s shoes:

You have just been notified unequivocally that the United States and Israel have declared war on you and have successfully carried out a first strike. The debate in the United States and Israel about whether or not to launch a strike against Iran has been answered — just not in the way most people expected, with bombs.

This comes just a few days before you sit down to negotiate with Americans and others over your nuclear program. Will you be intimidated and therefore demonstrate more willingness to compromise? Or will you play either a stalling game or perhaps a more belligerent game until you can improve your negotiating position?

From this point on, will you be more or less likely to cooperate with the IAEA? Will the Non-proliferation Treaty (in which Iran agreed not to build a nuclear weapon in return for international protection against any nuclear powers) seem like a reassurance or a threat?

Will you retaliate by launching a cyber counter-attack against one or more large U.S. facilities (dams, power plants, refineries, public utilities, nuclear facilities, etc.) which, as the NYT story acknowledges, are known to be vulnerable to cyber attack. Although Iran’s capabilities are hugely overshadowed by those of the United States and Israel, cyber warfare may be an attractive way to level the playing field — the ultimate in asymmetric warfare. U.S. interests, of course, are not all located in the continental United States.

Will you (Iran) cut back your nuclear development or double down on your efforts? (Part of the answer to that question depends on resources. If Iran has been holding back, which is not impossible, then it has some capacity to actually speed up its efforts; if Iran has few or no intellectual, material and scientific reserves, its choices may be quite limited; that seems to be the working assumption of the authors of the worm.)

How does the Iranian leadership now deal with the faction that has been arguing in favor of going for a bomb (rather than just building a break out capacity)? Are the hardliners weakened by this or strengthened? Has the Green Movement and the reformist opposition been strengthened or weakened by this?

According to the NYT account, this cyber attack is largely the work of the Obama administration. Will that make the offer of engagement more appealing, or less?

The fact is, we don’t know the answers to these questions. The authors of the Stuxnet Worm were willing to risk some major escalatory consequences by firing this shot. There is no doubt that this collaboration reduced the likelihood of any Israeli unilateral action against Iran. It was, however, a significant gamble. Did they think it through? Did they consider the day after? Does Iran, in its somewhat chaotic political state, have the will, or more importantly the ability, to respond?

We should know before too long.

See: http://garysick.tumblr.com/post/2779081304/the-stuxnet-worm-and-iran-the-day-after

For the basics on who Gary Sick is,

http://en.wikipedia.org/wiki/Gary_Sick

rogerh • January 19, 2011 2:49 AM

Definitely an iffy story. No competent engineer will leave a uranium gas centrifuge totally under the control of a computer without some form of overspeed/vibration shutdown implemented in hardware.

Could be a test of competence tho....

AC2 • January 19, 2011 4:14 AM

@Nick P

"That's incorrect. The most sophisticated and successful cyberweapon ever deployed is Microsoft Windows in the default configuration and with TCP/IP networking enabled. "

Sir, I beg to disagree, the correct answer is IE 6. And I have the pleasure of continuing to operate said cyberweapon on my corporate desktop.

fbm • January 19, 2011 5:24 AM

@Jay

I think the spinning out of control remark was in reference to the centrifuges and not the drives inside the controllers.
Or did I misunderstand your meaning of drives...?

Clive Robinson • January 19, 2011 5:29 AM

@ rogerh,

"No competent engineer will leave... ...totally under the control of a computer without some form of... ...shutdown implemented in hardware."

I think you are making a couple of assumptions.

The first and biggie is "competent engineer" you tend not to find them on "black projects" which are run by scientists on behalf of the military or state.

There are two obvious reasons the first being keeping the number of people in the know to a minimum, the second is many senior scientists are not nor ever could be engineers due to their temprement. The result is the scientist employ other proto-scientists as technicians to do the menial side of their bidding and rather than the more open engineering approach where problems are brought to the table for group consideration / input a more fawning if not outright sucking up to get the equivalent of tenure.

The second assumption is about how you close the loop.

The problem with spinning a six foot long less than a foot wide aluminium tube well above it's first critical frequency is that you get a very complex control map. This is what held back US UK and French centrifuge design with the result they traded efficiency for reliability and "belt and braces" solutions in the early days.

The only way to get a more efficient design using less mechanicaly critical parts is to do the control loop with a computer of some form, be it from a microcontroler with a built in DSP function through to a full on PLC system. The issue then becomes one of reliability. A good design engineer would look at the issue and from their experiance in such matters and be able to design a system to do the job reliably with a microcontroller.

However a scientist or technician is not going to have the experiance to make a reliable system, thus they will buy in wherever they can as it almost imediatly removes the very thorny issue of designing a very high reliability drive system.

Also a PLC system gives them the ability to experiment and thus tune the system as they go.

Thus the PLC system is a rational solution for a project that is starting from scratch.

However these AQ Khan centrifuges where "bought in" technology. From the point of the seller (Khan Laboratory) they are selling information not physical product (except as production / test prototypes) thus they are not going to want the liability of manufacture and support of despoke control systems. So their best option is via reasonably well available PLC systems.

Thus I'm not saying your general point is incorrect, it's the atypical circumstances of such projects that makes such a solution impractical.

BF Skinner • January 19, 2011 7:35 AM

@many questions "now that it is out — and entirely credible"
Interesting article. Thanks.

Someone once told me one way to evaluate the credibility of a story involving the IC is to look for disavowles and denials.

Haz there been any denials from the US or Israel about ownership of the worm? I think I've heard nothing from official sources (which is a tell). (but the noise machine is quite loud here this time of year and I might have missed it.)

"...notified unequivocally that the United States and Israel have declared war on you and have successfully carried out a first strike"

Pretty cheesy first strike if no-one dies ain't it? Or really clever attackers demonstrating capability and care without creating a blood feud.

Nobody cares who started a dogfight.

So the CIA AND MI6/FO (credit where credit is due Clive's people deserve the recognition and attention we're getting too) overthrew a democratically elected government and replace it with a monarch. Iranians retaliate decades later and invade a US embassy (also an act of war), Operation Eagle Claw, followed by decades of provocation (Backing Iraq in Iran/Iraq war - maybe, arms to Palastians-definately, Called a member of the Axis of Evil-yeah, Help provided to US against the Taliban not acknowledged-definately, second Iraq war-definately, possible US support to Jundallah-maybe, two fully armed nuclear US carrier groups off-shore -definately, Stuxnet-probably) follow from either and both sides...tit for bloody tat.

A dogfight.

If a state of covert war exists, then it _has existed_ since at least the Iranian invasion of the Embassy. It would hardly be news to the Ayatollah and the Revolutionary Guard that another event/regretable incident/imperial aggression/deplorable circumstance/act of sabotage has occured.

If Sick is affirming this is the first shot in an state of open warfare we'll have to wait and see; though I personally doubt it. Power is too unequal between the two states and there are still battle groups in the gulf.

More likely is more deniable attacks, maybe Iran will find new proxies... provide clandestine support to some US insurgents--like the soverign citizens or tea party.

Nick P • January 19, 2011 1:33 PM

@ AC2

To be fair, IE6 is a nice cyberweapon. Windows only tops it because it is the cluster bomb that launches little bomblets like IE6. Thousands of them. IE6's problems would have posed little threat on SourceT, EROS or CapDesk. They enforced POLA well.

RobertT • January 19, 2011 7:52 PM

@Clive
"No competent engineer will leave... ...totally under the control of a computer without some form of... ...shutdown implemented in hardware."

I'm certainly not going to argue against this, having said more or less the same thing when I first looked at the problem. However having played around with simulations for a while now, it is clear that these are very temperamental devices. Gas Flow rate, temperature gradients, wall velocity, rotor thickness variation, non-laminar gas flow ..... can all cause imbalance and easily induce oscillations. So while there are definite mechanical resonant frequencies that must be avoided there are also "valid" operational settings combinations, that will tear the machine apart.

I'd suggest that the obvious spot to add a safety sensor is the magnetic bearing, BUT what do you do if you get a warning? the only option is to power down the machine, and from what I have read there is a 1in 10 change that it will tear itself apart on either spin-up or spin-down.

BTW turning-off one element of the cascade changes the gas flow to subsequent units thereby altering their operational state.

From what I have seen, all in simulation, this is not a simple motor control problem. Its a complex multi-variable problem.

Personally I'd still be trying to control this with dedicated DSP's and H-Bridge motor drives BUT I think it is probably even easier to hack the DSP RTOS, than to attack the PLC controller.

fbm • January 19, 2011 11:12 PM

Another opinion about Stuxnet:

http://www.h-online.com/security/news/item/Stuxnet-not-such-a-masterpiece-after-all-1171795.html

Clive Robinson • January 20, 2011 3:36 AM

@ fbm,

The article you provide a link to neglects a couple of points.

First up is that you would probably want stuxnet to look as much like "Bulgarian hackers code from the 90's" simply to make identification difficult.

Secondly it is sensible when it comes to info weapons to keep it as low tech as required to do the job, just to protect you and your "friendlies".

I would always work on the theory "it will be discovered" if writing such malware especialy if targeted at systems that are essentialy static and due to high rel requirment should be "hot swappable".

And this is the crux, why was it not discovered sooner.

Prudence would sugest you run a "prototype" or "test network" isolated system that you test all upgrades etc befor putting on the live system.

Further prudence would suggest the test network gets installed from original media prior to testing and that disk images/file signitures be taken so you can do the only reliable check for infection on the semi-mutable media (Fully mutable memory viri are harder to find but a similar system can be used.

The fact that the Iranian scientists and technicians appear not to do this is a significant "tell".

And it is something all administrators of networks with high value should take note of. If the man that cuts the cheques won't stump up for such prototype/test systems then make sure you fully document and go find another job because sooner rather than later the systems will be hit. And as we know the man will point the finger at you and your the one that will get roasted due to simple seniority...

Clive Robinson • January 20, 2011 5:19 AM

@ Robert T,

"From what I have seen, all in simulation, this is not a simple motor control problem. Its a complex multi-variable problem"

It's a bit more than complex you have probably found that it is overly sensitive to certain constants and relations to the point of being considered "chaotic" at some points of the multidmensional operating "plane".

As I noted the isssue is mechanicaly over designed and belt and braces control (the 1950's solution), or more sloppy mechanics and higher efficiency by the use of a microcontroler and DSP (the 2010's solution).

"Personally I'd still be trying to control this with dedicated DSP's and H-Bridge motor drives BUT think it is probably even easier to hack the DSP RTOS, than to attack the PLC controller".

Hmm I'd not be too sure on the last bit, RTOS's can be increadably light and if written properly highly secure (Nick P will give some good examples of off the shelf systems if we ask nicely ;).

The main issue would be "issolation with control". Thus the network stack (if not more sensibly done on a non shared comms system) would need to be made very secure, however it is only needed to implement a single control channel so you can strip out most of the stack functionality.

The issue would then be securley implementing the control channel which "micro manages" the mechanical slop and gets the efficiency out of the centrifuge.

In essence you design the default state of operation to be "safe" not efficient and have various know stable points on the control map.

You then allow the external controler to slowly change the operating state to bring the efficiency of operation up (some high performance fighter aircraft systems work in a similar way).

Over and above "passive monitoring" of various parts of the centrifuge, I would also use drive control sensing. That is you use the fact that all transducers are effectivly bidirectional, that is motors are generators and vice versa, and use the "generator" information to determine other dynamics of the system.

[For those that are curious as to how you do this have a look at the simple systems developed for model railways where the DC motor is "chopper driven" (at twice the voltage with a 50% duty cycle). In the "off cycle" the voltage on the supply rail is "sampled" and this information is used to drive the next "on cycle"].

Also one thing I would be very tempted to do would build in a secure hypervisor to monitor the functioning of the sub parts of the system, that at any sign of problems or incorect control information would kick the centrifuge into the inefficient "safe mode" and take it safely to a known state. This of course requires a certain software development methadology, which is not normaly visable in the majortiy of software projects (though you do see it in a few high rel/avail systems).

All in all it is probably less complex than designing the control systems for high performance avionics platforms. So definatly doable.

fbm • January 20, 2011 1:52 PM

@Clive

Yeah, it is rather thin in the content department. I hadn't read it before I posted here. Seems there are more folks that want to put down the quality of the code than validate it as something that worked its purpose.

I'm not a code writer, so it really doesn't matter to me.

What intrigues me the most is this new angle of "warfare". Scares the shit out of me, to be honest. Now we can't complain if the Chinese find a way to hack into our DoD's computer systems and share everything WikiLeaks wish they had. I don't even want to think about it...

Roger • January 20, 2011 3:25 PM

I am more than a little sceptical of the NYT's anonymous sources (who apparently are so highly cleared as to know small operational details of TOP SECRET programs in 3 different countries), because some of the claims simply don't agree with the facts.

I have just carefully read Symantec's excellent white paper on their reverse engineering of this worm. If you have an interest in this subject, you must read it. Having read it, I would have to say that the real state of our knowledge is that we still don't know the author or purpose of this worm, other than that it /probably/ wasn't meant to cause any physical damage.

Unfortunately, there are large areas of wholesale disagreement between Symantec's analysis and Langner's analysis. There are also areas of disagreement between Symantec's analysis and the claims by NYT's anonymous sources.

For example, within the massive scope of the code, there is a date and a string which hint at an Israeli coder. Symantec notes that they may have been left in carelessly, but -- since all other strings have been stripped out by an automatic process -- it is at least as likely that the string at least, and probably also the date, are deliberate misdirection.

Whether the string was left accidentally by an Israeli coder or added as misdirection, either way it doesn't seem to gel with NYT's claim that the code was written by Americans.

Nick P • January 20, 2011 5:02 PM

@ roger

Interesting post. I disagree with the last line though. If we had no data, Israel would be the main suspect by default because of their consistent use of sabotage and threats to iran. If Americans built the worm, theyd want everyone to think it was someone else. Planting something that points to Israel in the otherwise stripped code is *exactly* the kind of thing US covert ops would do. It's what I would have done. ;)

w • January 20, 2011 11:49 PM

Does any one hear think Germany/England/French created and deployed it.

The topomap looks like the first strike was in the Iraq area and around above.

Might have forgoten what was on the usb stick

fbm • January 21, 2011 12:52 AM

@roger & @nick p

I think the only tie to America by the Israelis was the fact that Israel wanted to militarily attack Iran's nuclear facility and asked for bunker busters from the US to do it - which was denied.
That's where the speculation begins, hinting at a covert partnership between the 2 countries - and in my opinion, it's absolutely feasible.

Regarding the coding and errors or amateur functionality - we all know government contracts go to the lowest bidder, and this was probably no exception. I guess the question becomes - did the person/people who wrote the code know what they were writing code for? It could have been clumsily pieced together from separate groups to make the worm in its totality. I don't know if that possibility has been reviewed or not by those with a more expert opinion on code than what I have. But it's something to think about.

moo • January 21, 2011 9:03 AM

http://www.telegraph.co.uk/technology/8274009/Stuxnet-Cyber-attack-on-Iran-was-carried-out-by-Western-powers-and-Israel.html

"The Stuxnet computer virus, created to sabotage Iran's nuclear programme, was the result of collaboration between at least one Western power and the Israeli secret service, a British cyber security expert has found.

Tom Parker, a US-based security researcher who specialises in tracing cyber attacks, has spent months analysing the Stuxnet code and has found evidence that the virus was created by two separate organisations. The hard forensic evidence supports the reported claims of intelligence sources that it was a joint, two step operation."

paul • January 21, 2011 12:05 PM

@Clive: I think the "right" answer is that by introducing another source of glitch into the system, regardless of exactly what regime it's being controlled in, you are manipulating the development process as well as the actual behavior. Your system doesn't pass its acceptance tests (if it has them), you can't comfortably operate it in regimes that assume everything pretty much works, you can't do the analyses required to optimize efficiency and so forth.

ebw • March 14, 2011 1:48 AM

Stuxnet:--the goal is to stop Iranian development of the bomb? Is this wise?
Some political theorists believe that nations become much more conservative in their foreign policy once they have nuclear capability.
Look at Pakistan (a nuclear power)--they seem mostly concerned with ripping off their own people and the US taxpayers, not in declaring war on India or anyone else. They don't even have much enthusiasm for the US war on Afghanistan. Iran may calm down if they get the bomb too. Many people have made this observation.

Rudi • June 1, 2012 1:55 AM

The best part was when Mahmoud from Iran called tech support and Jugdish from India asked him whether the nuclear reactor was plugged in.

Name (required):

E-mail Address:

URL:

Fill in the blank: the name of this blog is Schneier on ___________ (required):

Comments:

Allowed HTML: <a href="URL"> • <cite> • • • <ul> <ol> <li> • <blockquote> <pre>

← New Revelations in the Mahmoud al-Mabhouh Assassination Movie-Plot Threats at the U.S. Capitol →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.

More Stuxnet News

Comments

Leave a comment