Pages

Monday, June 4, 2012

Cyberattacks on Iran — Stuxnet and Flame


NORMAN ASA, via PR Newswire


Updated: June 1, 2012


Over the last few years, Iran has become the target of a series of notable cyberattacks, some of which were linked to its nuclear program. The best known of these was Stuxnet, the name given to a computer worm, or malicious computer program.
According to an article in The New York Times in June 2012, during President Obama's first few months in office, he secretly ordered increasingly sophisticated attacks on Iran’s computer systems at its nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons. 
Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.
The Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.
Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. In 2011, Iran announced that it had begun its own military cyberunit, but there has been scant evidence that it has begun to strike back.
Internal Obama administration estimates say Iran’s nuclear program was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.
Stuxnet appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.
The Flame Virus: More Harmful Than Stuxnet?
A similar dissecting process is now under way to figure out the origins of another cyberweapon called Flame, a data-mining virus that in May 2012 penetrated the computers of high-ranking Iranian officials, sweeping up information from their machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.
In a message posted on its Web site, Iran’s Computer Emergency Response Team Coordination Center warned that the virus was potentially more harmful than Stuxnet. In contrast to Stuxnet, Flame appeared to be designed not to do damage but to secretly collect information from a wide variety of sources.
Researchers at Kaspersky Lab in Moscow said that Flame is likely part of the same campaign as Stuxnet, though it appears to have been written by a different group of programmers. They declined to name the government.

In April, Iran disconnected its main oil terminals from the Internet, after a cyberattack began erasing information on hard disks in the Oil Ministry’s computers. Iranian cyber defense officials labeled that program Wiper.
The increasing number of cyberattacks on Iran runs parallel to a series of mysterious explosions and assassinations of nuclear scientists and underscores growing feelings among officials and normal Iranians that the country is increasingly targeted by covert operations, organized by the United States and Israel.

Origins of Stuxnet: A Bush Initiative

The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.

Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.

The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant.

It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.

Developing a Complex Worm Called ‘The Bug’

Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.
Soon the two countries had developed a complex worm that the Americans called “the bug.”

The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up.

The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally.

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.

By the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice.

Obama Authorizes Cyberattacks to Continue

Mr. Obama authorized the attacks to continue, and every few weeks — certainly after a major attack — he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.

In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage.

An error in the code had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself “in the wild,” where computer security experts can dissect it and figure out its purpose.
Within a week, another version of the bug brought down just under 1,000 centrifuges. 

Olympic Games was still on.

ARTICLES ABOUT STUXNET

Newest First | Oldest First
Page: 1 | 2 | 3 | Next >>
Cyberweapon Warning From Kaspersky, a Computer Security Expert
Cyberweapon Warning From Kaspersky, a Computer Security Expert
Eugene Kaspersky says his discovery of the Flame virus adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.
June 3, 2012
Mutually Assured Cyberdestruction?
Mutually Assured Cyberdestruction?
Because the United States refuses to talk about its new cyberarsenal, there has never been a real debate in the United States about when and how to use cyberweapons.
June 2, 2012
Obama Ordered Wave of Cyberattacks Against Iran
Even after the Stuxnet computer worm became public, President Obama accelerated cyberattacks against Iran that had begun in the Bush administration, temporarily disabling 1,000 centrifuges.
June 1, 2012
Daily Report: Researchers Find Clues in Flame Virus
Security experts have only begun to examine the thousands of lines of code that make up Flame, a data-mining computer virus that has been designed to steal information from computers across the Middle East, Nicole Perlroth reports in Thursday's New York Times. But already digital clues point to its creators and capabilities.
May 31, 2012
Researchers Link Flame Virus to Stuxnet and Duqu
Researchers said they believe the Flame computer virus came from different programmers but the same, state-sponsored campaign that damaged Iran’s nuclear program in 2010.
May 30, 2012
Israel Gets the Blame for Flame Virus
A new powerful weapon in the cyber war has been unleashed, according to Russian researchers. Iran seems to be the main target of the Flame virus, so is Israel responsible?
May 29, 2012
Iran Confirms Attack by a Virus That Steals Data
Iran Confirms Attack by a Virus That Steals Data
Though newly identified, the virus, called Flame, could be five years old, experts say. It is designed not to do damage, but to collect information from sources.
May 29, 2012
Virus Infects Computers Across Middle East
Kaspersky, the computer security firm, says a new virus called Flame has invaded computers in Iran, Israel, Lebanon, Sudan, Syria, Saudi Arabia and Egypt for at least two years.
May 28, 2012
Iranian Oil Sites Go Offline Amid Cyberattack
Officials said the virus that infiltrated the Oil Ministry and other agencies had not affected production or exports, but oil terminals and some installations were being taken offline as a precaution.
April 24, 2012
Digital Security Bills Bruised by a Lingering Antipiracy Fight
Digital Security Bills Bruised by a Lingering Antipiracy Fight
Legislation intended to help protect infrastructure from terrorists is hampered by fears of pressure from advocates who scored a victory against antipiracy bills.
February 9, 2012
Iran Adversaries Said To Step Up Covert Actions
Experts believe Israel is behind an accelerating covert campaign of bombings, assassinations, defections and cyberattacks in Iran, meant to set back Iran's progress toward a nuclear weapon; campaign claims its latest victim when a bomb kills a nuclear scientist in Tehran. Chart, Photos
January 12, 2012
Adversaries of Iran Said to Be Stepping Up Covert Actions
Adversaries of Iran Said to Be Stepping Up Covert Actions
A campaign of bombings, assassinations, defections and cyberattacks, which experts believe is mainly Israel’s work, seems meant to halt Iran’s progress toward a nuclear weapon.
January 12, 2012
Stefan Savage: Girding for Digital Threats We Haven’t Imagined Yet
Stefan Savage: Girding for Digital Threats We Haven’t Imagined Yet
Anticipating security threats is not merely a matter of reasoning abstractly about how new technology might raise new risks; it requires an understanding of human nature.
December 6, 2011
The Secret War With Iran
The Secret War With Iran
Many believe America’s shadow war with Iran is about to ramp up dramatically.
November 6, 2011
Stuxnet Computer Worm’s Creators May Be Active Again
Stuxnet, a worm that infected computers in 155 countries and was used to vandalize an Iranian nuclear site last year, may have struck again.
October 19, 2011

No comments:

Post a Comment