Skip to: [ search ] [ menus ] [ content ] Select style [ Aqua ] [ Citrus ] [ Fire ] [ Orange ] [ show/hide more content ]

Stuxnet IV: worm reportedly tested in Israel

Well, it beats a bombing run….

The following was reported today in The New York Times.

Recently, both Meir Dagan, the retiring head of Israel’s Mossad intelligence agency and Hillary Rodham Clinton, America’s Secretary of State, separately announced that they believe Iran’s nuclear ambitions have been set back by several years. Mr. Dagan recently told the Israeli Knesset that Iran has had technological difficulties that could delay an atomic bomb until 2015, a sharp reversal from Israel’s argument that Iran was on the verge of success.

The biggest reason for the delay appears to be the Stuxnet Worm (1, 2), “the most sophisticated cyberweapon ever deployed.

Relying on Hanlon’s Razor that one should “Never attribute to malice that which is adequately explained by stupidity,” IMHO, (In My Humble Opinion) I can no longer explain the SEVERAL zero-day vulnerabilities in Windows that allow propagation of the worm, by stupidity alone. Don’t get me wrong. I would LIKE to! :-) Can we now safely say (or not) that some (all?) operating systems are “vulnerable by design?” I just don’t know. :-)

In early 2008, the German Siemens company cooperated with a U.S. national laboratory, the Idaho National Laboratory, to identify vulnerabilities in controllers that Siemens sells to operate machinery around the world and that American intelligence agencies identified as critical equipment in Iran’s enrichment facilities. Siemens describes the program as routine efforts to protect its products against cyberattack. The exercise identified holes in the Siemens systems for the Idaho Laboratory, part of the U.S. Department of Energy, which is responsible for U.S. nuclear arms. The Stuxnet Worm exploited the vulnerabilities the next year, in 2009.

At this point, the Stuxnet Worm apparently included two major components:

  1. code to send Iran’s gaseous centrifuges for enriching uranium out of control and
  2. code to record what normal operations of the nuclear plant looked like, and play back the data (to mask the “spinning” out of control)!

Of course, American and Israeli officials will not even discuss the matter. According to The New York Times:

“Mr. Obama’s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: ‘I’m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.’”

“By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British.”

According to The New York Times article, in early 2008, the Department of Homeland Security and the Idaho National Laboratory teamed up to study the widely used Siemens controller known as P.C.S.-7, for Process Control System 7. Its complex software is called Step 7. In July, the Idaho National Laboratory and Siemens teamed up on a PowerPoint presentation made to a conference in Chicago at Navy Pier. The “Goal is for attacker to gain control,” the 62-page (including pictures of controllers tested in Idaho) paper said.

I’ll just list a few statements below that should whet your appetite to read The New York Times article:

State Department cables made public by WikiLeaks described efforts in April 2009 to stop a shipment of Siemens controllers in 111 boxes at the port of Dubai in the United Arab Emirates. The controllers were headed for Iran to control “uranium enrichment cascades.” The United Arab Emirates blocked the transfer across the Strait of Hormuz to Bandar Abbas, a major Iranian port.

Symantec Corporation, a major computer security company in Mountain View, California, (and a recent purchaser of VeriSign’s security assets) snagged the Stuxnet Worm only a few months later. The worm hit primarily inside Iran, Symantec reported, but also in time appeared in India, Indonesia, and other countries. I personally found it interesting that several coincidental :-) submarine cable breaks in early 2008 affected predominantly Iran, India, and Indonesia. Were the cable breaks (map is here) related to Stuxnet, accidents, :-) or merely something for the future? :-)

Mr. Langner, who runs a small computer security company in a suburb of Hamburg, discovered that the worm became activated when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a gaseous centrifuge plant. One section of the code appears designed to send commands to 984 machines linked together.

The Institute for Science and International Security, a private group in Washington, issued a Stuxnet report last month that said Iran’s P-1 machines at Natanz suffered a series of failures in mid-to-late 2009 that culminated in technicians taking 984 machines out of action. The report called the failures “a major problem” and identified Stuxnet as the likely culprit.

As for testing the worm:

In the 1970’s , the Dutch designed a tall thin centrifuge for enriching uranium-235.  The design was stolen by A. Q. Khan, who fled to Pakistan. The resulting machine was called the P-1, for Pakistan’s first generation centrifuge, and it helped Pakistan get the atomic bomb. Dr. Khan later illegally sold P-1’s to Iran, Libya, and North Korea.

How Israel collected an array of P-1’s is unknown, but the article states that the centrifuges wound up in Dimona and were used to test the Stuxnet Worm. The United States also obtained P-1’s when Libya abandoned its nuclear program in late 2003.

In January and November of last year, two scientists who were believed to be central to Iran’s nuclear effort were killed in Tehran.

I don’t know how it is in Iran. In the U.S., scientists are seldom paid well enough to justify such increased risks.

Enjoy the article in The New York Times.

(Note added January 23, 2011: I followed a citation from the Wikipedia article on “coincidental” submarine cable breaks in early 2008, to a WIRED magazine article. In the WIRED article, I found a quote by Todd Underwood, a vice president at Internet analysis firm Renesys, about the cable breaks that made me laugh! :-)

“Its difficult to tell what the motive would be: is it just to annoy people?” Underwood said. “If it were targeted, the targeting is bad. The loonies on the American left say this was us targeting Iran. If this is us targeting Iran, we are much worse than I thought we were.”

“Are we really targeting India or Pakistan?” Underwood asked incredulously.

In view of The New York Times report on the Stuxnet Worm, I think that executives at Internet analysis companies need better imaginations. :-) )

-Bill at

Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. The Cheshire Cat Photo Store on Zazzle contains a wide variety of apparel and gifts decorated with our images of California. Framed prints and prints on canvas can be ordered from our galleries on redbubble®. All locations are accessible from here. Be a “Facebook Fan” of Cheshire Cat Photo here! If you don’t see what you want or would be on our email list for updates, send us an email at

©2011 William F. Hackett. All Rights Reserved.

No Comments to “Stuxnet IV: worm reportedly tested in Israel”

  (RSS feed for these comments)

You must be logged in to post a comment.

InspectorWordpress has prevented 52153 attacks.
Get Adobe Flash player