These ultra-centifuges spin at 1000-1500 revolutions per second and can easily break when not carefully controlled. The Zippe-type centrifuges (http://en.wikipedia.org/wiki/Zippe-type_centrifuge) are probably used in Natanz for enrichment. During the spinning, a temperature gradient of 300C is applied to the cylinder which induces a convection inside (filled with uranium-fluoride gas). The lighter fraction collects at the top and is captured. These centrifuges operate in a vacuum, and can turn frictionless due to magnetic bearing.
There is another possible explanation, though it sounds even more like an airport novel than the Stuxnet story does.
Consider that a lot of people, including the US, Israel, and just about everyone else on the planet would like to do anything possible to derail the Iranian nuclear activities. Making the centerfuges self-destruct by introducing Stuxnet would do that - but making the Iranians think that a virus was the problem would have the same effect. I'm sure that the Iranians spent a lot of effort trying to remove the malware from the computers controlling the centerfuges and they probably even took them off-line until they were sure that the controllers were clean. Why would you risk the very valuable remaining centerfuges until you were sure the problem was fixed? They might have even tried to replace the Windows controllers with something running Linux or Solaris or something. It's quite likely that the clean-up from Stuxnet delayed the enrichment process even more than the original damage.
Malware is a convenient excuse for computer problems. "I don't have my homework because the computer crashed" certainly sounds valid but it's also an excuse that people immediately understand and have a hard time disputing. The Iranians may have internally blamed Stuxnet for the problems but isn't it possible that someone at Natanz might be using that to off-load blame for some other problem?
It's also a convenient story for Israeli and Western Intelligence. Perhaps the Israelis really did do something to destroy the centerfuges - perhaps they had a mole on the inside who unbalanced the centerfuges with sweaty fingerprints or grains of sand. It's reasonably likely, especially this close to the time of the event, that the story they would want the Iranians to believe isn't the actual story. Put out a false account and watch the Iranians running around reformatting their computers while your man on the inside stays safe and ready to act again.
If the Stuxnet story is true it shows remarkable technical cleverness by whoever did it. But if they're that clever they might be even slightly more cunning - enough to throw off the Iranians as to the actual cause and retain the ability to bung up the works again.
I'd say neither: there are 10000 centrifuges and only 1000 were replaced, it's not certain that that has anything to do with the virus, the virus gained a lot of press early on which prevented it from staying put and silently disrupting for any longer period of time (which was the supposed mode of operation). Not to mention that it was so "overdesigned" that it was too obvious that it's a too well funded operation etc.
The virus had been in place a relatively long time before it's public disclosure in June. Also the way the virus was designed it wasn't going to damage all of the rotors anyway.
> the way the virus was designed it wasn't going to damage all of the rotors anyway
Why not? Why shouldn't it make as much damage as possible, as it attracted too much attention anyway?
> had been in place a relatively long time
I think the version that became analyzed all over the world (with the last certificate) was discovered very soon after it was introduced.
It still sounds to me more like something for what somebody got some promotion than something that did the damage appropriate to the money/time invested.
The virus was first identified in late 2008, and was in the wild, in various forms until June 2010 when it was identified and advertised to the world. Let's assume it went 2 years from release to June. That's a relatively long time, even if half of that was reconnaissance.
To quote the Symantec document:
"Thus, the targeted system is using Profibus to communicate with at least 33 frequency converter drives from one or both of the two manufacturers, where sequence A is chosen if more Vacon devices are present and sequence B is chosen if more Fararo Paya devices are present."
The upshot (to my understanding) is that only one type of frequency converter drive can be targeted per bus. If the buses are mixed, e.g. 50/50, only half the drives on that bus will be targeted.
Additionally, if the bus has less than 31 devices on it, then it is not targeted. We can assume that at least a few of these buses were not hooked up to a full compliment of converter drivers.
No. According to the document you link, the first known exploit of the vuln used later by Stuxnet was in Nov 2008, but by some other trojan. The oldest known Stuxnet is from June 2009, one year later it was already prominent. It had just a little over one year to "quietly do its magic." Results? Already one month ago:
"Iran has experienced many problems keeping its centrifuges running, with hundreds removed from active service since summer 2009."
And that, compared to what? How often do you have to remove the centrifuges during the normal operation if you have 10 thousands of them on one location and you are just developing the process? Couldn't it be the normal rate of failure for that situation?
Note also that the latest brand new certificate used in the latest Stuxnet variant was from July 2010 (at the time it was already known by antivirus companies) which means that the authors still failed to have it at the target, otherwise they wouldn't need to make the new variant with the new certs! Doesn't it seem like they panicked because the goal was not reached at the time the antivirus companies started to actively detect it?
I stand corrected as to the date. I should have fact checked against the dossier :-(
Well if you've been successfully exploiting a broken certificate, and it gets busted, and you have another spare one, are you going to use it or leave it? Probably use it.
Ahmadinejad is quoted by Reuters as saying "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts". Sounds like it got in to me.
> Well if you've been successfully exploiting a broken certificate, and it gets busted, and you have another spare one, are you going to use it or leave it? Probably use it.
No: if you reached the target with your trojan and if your trojan is made to quietly disrupt then the last thing you want is to raise the awareness of your target by making a newer version with a newer certificate, which is then immediately recognized by all antivirus vendors, and which induces your target to recheck all their configurations and add the protections.
You've made an important distinction here - variations of the LNK zero-day exploit used by stuxnet to propagate were first identified in late 2008. This should not be confused with the idea that Stuxnet has been around for that long.
I disagree with the categorization of this attack as 'military' grade, though upon reflection this is largely semantic. By military you refer to the degree and purpose of the accomplished action.
But it isn't warfare proper in my mind. Military action has a nationality to it, and we don't know who it was [star]. Military action has an opposition with its own capacity for action, and Iran is not hacking at the reverse.
Maybe it's that I have a category in my mind for open cyberwarfare, and its character is absurd. It seems to me that the endgame is quick: disable the power or take control of computers and fill the country's network with garbage. That'd be a precise and deadly trick to pull off. Ah, there's another distinction then: this was a subtle effect designed solely for sabotage.
It's not outright war on their system. Outright cyberwarfare could only be a prelude to military action. Incapacitate a nation like the US for a mere 24 hours, and imagine what military possibilities that could yield...
Hopefully the cyberwarfare to come will be cyber-espionage--little tricks and turns, subtle but powerful changes--instead of cyber assault.
[star] except that it was probably the US or Israel. I'd bet it was the US, any takers?
[subfootnote] is the escaping of asterisks really turned off?
> Military action has a nationality to it, and we don't know who it was
That doesn't preclude it from being military action. For example, there were Italian submarines involved in sinking ships during the Spanish Civil war, and at the time the nationality of the submarines wasn't known. But no-one would classify that as not being military action.
Quite possibly the identity of the people behind Stuxnet will emerge over the next few decades.
The current assumption here in Israel is that this was a joint operation. Mossad brought the detailed intel (possibly with US assistance) and the army intelligence unit 8200 (http://en.wikipedia.org/wiki/Unit_8200) carried out the execution.
Unit 8200 is not only in charge of SIGINT collection, but also oversees and coordinates the entire cyber-warfare effort in the IDF.
..or it may have not. But it doesn't make such a great headline.
Anyway, if it is true and I had to make a bet about authorship, it would be on the USA. The USA has been doing that since 1970s (Siberian pipeline incident). Mossad is great at machinegunning waiters at Norwegian ski resorts, but high-tech ops have not been their strength.
> They've probably switched to homegrown motor drives now
According to Wikipedia [1]:
it was reported in 2006 that the tiny amount of material deposited in fingerprints on Iran's prototype centrifuges were enough to cause the machines to shatter.
It's not like that's the kind of stuff anyone can build at home.
1) It was the speed controllers for the motors which were targeted.
2) They did use home grown speed controllers (apparently). Stuxnet targeted two types of speed controller, one made in Finland (IIRC) and one in Tehran.
3) Undoubtedly, however the exposure of their delivery mechanism makes this much harder.
Well, I don't know how smart is to piss off people with nuclear material, and not to much to lose. Attack other nation territory is considered a Casus belli.
