Stuxnet Increasingly Sounding Like A Movie Plot

from the made-for-hollywood dept

Like many people, I've been following the story of the Stuxnet worm with great interest. As you probably know, this worm was apparently designed to infect Iranian nuclear operations to create problems -- and supposedly setting back their nuclear operations quite a bit. The NY Times came out with a fascinating investigative report about the background of Stuxnet over the weekend, and it's worth a read. What I found most entertaining was the rather Hollywood-trickery angle by which Stuxnet did its dirty work:
The worm itself now appears to have included two major components. One was designed to send Iranís nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.
That latter part is, indeed, right out of a movie. I guess sometimes truth does mimic fiction. That said, I'm still trying to figure out how or why Iran allowed any sort of outside code or computers into their nuclear operations.

Filed Under: iran, stuxnet


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    aldestrawk (profile), 18 Jan 2011 @ 4:57pm

    missing questions

    Iran was using equipment from Siemens to control their centrifuges. The Siemens PLC's (Programmable Logic Controllers) are, obviously, programmable devices. I can't see Iran duplicating the software needed to do the programming. It is really quite a lot of code. That, in itself, would have slowed down their effort to process uranium by perhaps years. So they have Windows computers that contain this Siemens PLC programming software (Step 7). Once the Stuxnet malware was introduced to some Windows computer in their plant it looked to infect a particular server and then to infect a computer that had this Step 7 software.
    What I found strangely missing from the New York Times article was that one aspect of the poisoned PLC code was to intermittently changed the speed of the centrifuges in a way that wouldn't destroy it but kept the uranium from being successfully enriched. Such a problem would be hard to be aware of much less debug.
    Another aspect of the story that I haven't seen explained is how the writers of Stuxnet got a hold of the code signing keys for Windows drivers from two separate companies; Realtek Semiconductor and JMicron Technology. The private keys for certificates is not something that should be accessible on the companies' website. In my mind, it doesn't even have to be on a computer connected to the internet. Was there collusion from these companies with the US?
    A really good summary of Stuxnet can be found here (warning, it is technical)
    http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32 _stuxnet_dossier.pdf

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.