Monday, September 27, 2010
Six mysteries about the Stuxnet computer worm
1. What was the target? Although the worm has affected computers in Indonesia, India, Pakistan, and elsewhere in addition to Iran, security researchers who have been pouring over Stuxnet for months say it appears aimed at a very specific target. According to Siemens, "The behavioral pattern of Stuxnet suggests that the virus is apparently only activated in plants with a specific configuration. It deliberately searches for a certain technical constellation with certain modules and certain program patterns which apply to a specific production process." Two German experts, Ralph Langner and Frank Rieger, have offered competing theories as to what that target might be, both of them in Iran, where most of the affected machines are.
Langner guesses that Stuxnet is aimed at Bushehr, Iran's civilian nuclear power plant, which is slated to go online this fall. Langner's case rests largely on the fact that Bushehr runs Siemens software and that Russian contractors would have had access to the facility -- and that they would have used USB drives to set up the system.
Rieger counters that Natanz, Iran's uranium enrichment plant, is a more likely target. Not only is it more of a proliferation threat, there's suggestive evidence that it actually may have been affected by sabotage. (More on this later.) He also points out that Natanz is more likely to have the kinds of identical nodes, in this case "cascades" or groups of centrifuges, that would be susceptible to an attack.
2. Who did it? The obvious culprit is Israel, which has both the sophisticated technology and the motive to sabotage Iran's nuclear program, which it deems a mortal threat. An eerily prescient Reuters article published in July 2009 quotes Scott Borg, a U.S. cybersecurity expert, speculating that Israel might want to do so, adding that "a contaminated USB stick would be enough" to cause real damage to Iranian facilities.
Other countries, such as the United States, China, and Russia, probably have the capability, but only one -- the United States -- has a clear motive (some might add France and Germany to this list). One could spin complicated theories as to why Russia would want to sabotage its own facility, but Occam's Razor probably applies here -- and other reporting has indicated that the United States and Israel have, in fact, approved a covert sabotage campaign that may include a cyber component.
You think WE - the world's biggest experts on cybersecurity - would do something like that? Hmmm.