Cyberattacks on Iran — Stuxnet and Flame
NORMAN ASA, via PR Newswire
Over the last few years, Iran has become the target of a series of notable cyberattacks, some of which were linked to its nuclear program. The best known of these was Stuxnet, the name given to a computer worm, or malicious computer program.
According to an article in The New York Times in June 2012, during President Obama's first few months in office, he secretly ordered increasingly sophisticated attacks on Iran’s computer systems at its nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons.
Mr. Obama decided to accelerate the attacks — begun in the Bush
administration and code-named Olympic Games — even after an element of
the program accidentally became public in the summer of 2010 because of a
programming error that allowed it to escape Iran’s Natanz plant and
sent it around the world on the Internet. Computer security experts who
began studying the worm, which had been developed by the United States
and Israel, gave it a name: Stuxnet.
The Natanz plant was hit by a newer version of the computer worm, and
then another after that. The last of that series of attacks, a few
weeks after Stuxnet was detected around the world, temporarily took out
nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to
purify uranium.
Iran initially denied that its enrichment facilities had been hit by
Stuxnet, then said it had found the worm and contained it. In 2011, Iran
announced that it had begun its own military cyberunit, but there has
been scant evidence that it has begun to strike back.
Internal Obama administration estimates say Iran’s nuclear program
was set back by 18 months to two years, but some experts inside and
outside the government are more skeptical, noting that Iran’s enrichment
levels have steadily recovered, giving the country enough fuel today
for five or more weapons, with additional enrichment.
Stuxnet appears to be the first time the United States has repeatedly
used cyberweapons to cripple another country’s infrastructure,
achieving, with computer code, what until then could be accomplished
only by bombing a country or sending in agents to plant explosives. The
code itself is 50 times as big as the typical computer worm, Carey
Nachenberg, a vice president of Symantec, one of many groups that have
dissected the code, said at a symposium at Stanford University in April.
Those forensic investigations into the inner workings of the code,
while picking apart how it worked, came to no conclusions about who was
responsible.
The Flame Virus: More Harmful Than Stuxnet?
A similar dissecting process is now under way to figure out the
origins of another cyberweapon called Flame, a data-mining virus that in
May 2012 penetrated the computers of high-ranking Iranian officials,
sweeping up information from their machines. But the computer code
appears to be at least five years old, and American officials say that
it was not part of Olympic Games. They have declined to say whether the
United States was responsible for the Flame attack.
In a message posted on its Web site,
Iran’s Computer Emergency Response Team Coordination Center warned that
the virus was potentially more harmful than Stuxnet. In contrast to
Stuxnet, Flame appeared to be designed not to do damage but to secretly
collect information from a wide variety of sources.
Researchers at Kaspersky Lab in Moscow said that Flame is likely part of the same campaign as Stuxnet, though it appears to have been written by a different group of programmers. They declined to name the government.
In April, Iran disconnected its main oil terminals from the Internet, after a cyberattack began erasing information on hard disks in the Oil Ministry’s computers. Iranian cyber defense officials labeled that program Wiper.
The increasing number of cyberattacks on Iran runs parallel to a series of mysterious explosions and assassinations of nuclear scientists and underscores growing feelings among officials and normal Iranians that the country is increasingly targeted by covert operations, organized by the United States and Israel.
Origins of Stuxnet: A Bush Initiative
The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.
Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.
For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.
The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.
The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.
Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant.
It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.
Developing a Complex Worm Called ‘The Bug’
Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.
Soon the two countries had developed a complex worm that the Americans called “the bug.”
The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up.
The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally.
Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.
By the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice.
Obama Authorizes Cyberattacks to Continue
Mr. Obama authorized the attacks to continue, and every few weeks — certainly after a major attack — he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.
In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage.
An error in the code had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself “in the wild,” where computer security experts can dissect it and figure out its purpose.
Within a week, another version of the bug brought down just under 1,000 centrifuges.
Olympic Games was still on.
In April, Iran disconnected its main oil terminals from the Internet, after a cyberattack began erasing information on hard disks in the Oil Ministry’s computers. Iranian cyber defense officials labeled that program Wiper.
The increasing number of cyberattacks on Iran runs parallel to a series of mysterious explosions and assassinations of nuclear scientists and underscores growing feelings among officials and normal Iranians that the country is increasingly targeted by covert operations, organized by the United States and Israel.
Origins of Stuxnet: A Bush Initiative
The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.
Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.
For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.
The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.
The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.
Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant.
It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.
Developing a Complex Worm Called ‘The Bug’
Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.
Soon the two countries had developed a complex worm that the Americans called “the bug.”
The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up.
The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally.
Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.
By the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice.
Obama Authorizes Cyberattacks to Continue
Mr. Obama authorized the attacks to continue, and every few weeks — certainly after a major attack — he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.
In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage.
An error in the code had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself “in the wild,” where computer security experts can dissect it and figure out its purpose.
Within a week, another version of the bug brought down just under 1,000 centrifuges.
Olympic Games was still on.
ARTICLES ABOUT STUXNET
Cyberweapon Warning From Kaspersky, a Computer Security Expert
Eugene
Kaspersky says his discovery of the Flame virus adds weight to his
warnings of the grave dangers posed by governments that manufacture and
release viruses on the Internet.
June 3, 2012
MORE ON STUXNET AND: ESPIONAGE AND INTELLIGENCE SERVICES, INTERNATIONAL RELATIONS, CYBERWARFARE, MIDDLE EAST, IRAN, RUSSIA, UNITED STATES, KASPERSKY LAB, KASPERSKY, EUGENE
Mutually Assured Cyberdestruction?
Because
the United States refuses to talk about its new cyberarsenal, there has
never been a real debate in the United States about when and how to use
cyberweapons.
June 2, 2012
MORE ON STUXNET AND: UNITED STATES DEFENSE AND MILITARY FORCES, CYBERWARFARE, IRAN, OBAMA, BARACK
Obama Ordered Wave of Cyberattacks Against Iran
Even
after the Stuxnet computer worm became public, President Obama
accelerated cyberattacks against Iran that had begun in the Bush
administration, temporarily disabling 1,000 centrifuges.
June 1, 2012
MORE ON STUXNET AND: UNITED STATES INTERNATIONAL RELATIONS, NUCLEAR WEAPONS, CYBERWARFARE, IRAN, ISRAEL, NATIONAL SECURITY AGENCY, OBAMA, BARACK, BUSH, GEORGE W
Daily Report: Researchers Find Clues in Flame Virus
Security
experts have only begun to examine the thousands of lines of code that
make up Flame, a data-mining computer virus that has been designed to
steal information from computers across the Middle East, Nicole Perlroth
reports in Thursday's New York Times. But already digital clues point
to its creators and capabilities.
May 31, 2012
MORE ON STUXNET AND: Computers and the Internet, Cyberwarfare, Kaspersky Lab
Researchers Link Flame Virus to Stuxnet and Duqu
Researchers
said they believe the Flame computer virus came from different
programmers but the same, state-sponsored campaign that damaged Iran’s
nuclear program in 2010.
May 30, 2012
MORE ON STUXNET AND: COMPUTERS AND THE INTERNET, CYBERWARFARE, MIDDLE EAST, IRAN, ISRAEL, KASPERSKY LAB
Israel Gets the Blame for Flame Virus
A
new powerful weapon in the cyber war has been unleashed, according to
Russian researchers. Iran seems to be the main target of the Flame
virus, so is Israel responsible?
May 29, 2012
MORE ON STUXNET AND: Cyberwarfare, Iran, Israel, International Telecommunication Union
Iran Confirms Attack by a Virus That Steals Data
Though
newly identified, the virus, called Flame, could be five years old,
experts say. It is designed not to do damage, but to collect information
from sources.
May 29, 2012
MORE ON STUXNET AND: NUCLEAR WEAPONS, COMPUTERS AND THE INTERNET, CYBERWARFARE, IRAN, ISRAEL, NETANYAHU, BENJAMIN, AHMADINEJAD, MAHMOUD, YAALON, MOSHE
Virus Infects Computers Across Middle East
Kaspersky,
the computer security firm, says a new virus called Flame has invaded
computers in Iran, Israel, Lebanon, Sudan, Syria, Saudi Arabia and Egypt
for at least two years.
May 28, 2012
MORE ON STUXNET AND: Computer Security, Cyberwarfare, Nuclear Weapons, Iran, International Telecommunication Union
Iranian Oil Sites Go Offline Amid Cyberattack
Officials
said the virus that infiltrated the Oil Ministry and other agencies had
not affected production or exports, but oil terminals and some
installations were being taken offline as a precaution.
April 24, 2012
MORE ON STUXNET AND: CYBERWARFARE, OIL (PETROLEUM) AND GASOLINE, IRAN
Digital Security Bills Bruised by a Lingering Antipiracy Fight
Legislation
intended to help protect infrastructure from terrorists is hampered by
fears of pressure from advocates who scored a victory against antipiracy
bills.
February 9, 2012
Iran Adversaries Said To Step Up Covert Actions
Experts believe Israel
is behind an accelerating covert campaign of bombings, assassinations,
defections and cyberattacks in Iran, meant to set back Iran's progress
toward a nuclear weapon; campaign claims its latest victim when a bomb
kills a nuclear scientist in Tehran. Chart, Photos
January 12, 2012
MORE ON STUXNET AND: ASSASSINATIONS AND ATTEMPTED ASSASSINATIONS, INTERNATIONAL RELATIONS, CYBERWARFARE, POLITICS AND GOVERNMENT, NUCLEAR WEAPONS, NUCLEAR ENERGY, IRAN, ISRAEL
Adversaries of Iran Said to Be Stepping Up Covert Actions
A campaign of
bombings, assassinations, defections and cyberattacks, which experts
believe is mainly Israel’s work, seems meant to halt Iran’s progress
toward a nuclear weapon.
January 12, 2012
MORE ON STUXNET AND: ASSASSINATIONS AND ATTEMPTED ASSASSINATIONS, INTERNATIONAL RELATIONS, CYBERWARFARE, POLITICS AND GOVERNMENT, NUCLEAR WEAPONS, NUCLEAR ENERGY, IRAN, ISRAEL
Stefan Savage: Girding for Digital Threats We Haven’t Imagined Yet
Anticipating
security threats is not merely a matter of reasoning abstractly about
how new technology might raise new risks; it requires an understanding
of human nature.
December 6, 2011
MORE ON STUXNET AND: FUTURE OF COMPUTING, SPAM (ELECTRONIC MAIL), COMPUTERS AND THE INTERNET
The Secret War With Iran
Many believe America’s shadow war with Iran is about to ramp up dramatically.
November 6, 2011
Stuxnet Computer Worm’s Creators May Be Active Again
Stuxnet,
a worm that infected computers in 155 countries and was used to
vandalize an Iranian nuclear site last year, may have struck again.
October 19, 2011
MORE ON STUXNET AND: ESPIONAGE AND INTELLIGENCE SERVICES, CYBERWARFARE, NUCLEAR ENERGY, IRAN
No comments:
Post a Comment