Israel tested Stuxnet worm, says report

New York Times cites strongest clues yet of Israel-U.S. involvement

The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was jointly created by Israel and the U.S., the New York Times said Saturday.

Citing confidential sources, the U.S. newspaper claimed that Israel's covert nuclear facility at Dimona was used to test the worm's effectiveness on centrifuges like the ones Iran employs at its Natanz complex, which has been plagued by technical problems.

The Times also spelled out other clues it said "suggest[ed] that the virus was designed as an American-Israeli project to sabotage the Iranian program."

Stuxnet, which first came to light in June 2010 but may have been aimed at Iran as early as mid-2009, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH.

According to both Symantec and Langner, Stuxnet was most likely designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its facilities, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.

Symantec's analysis gained credence last November after the International Atomic Energy Agency (IAEA), the United Nations' nuclear watchdog, reported that Iran had stopped feeding uranium hexafluoride gas to its centrifuges at Natanz for about a week. Speculation quickly focused on Stuxnet as the reason for the shutdown.

On Nov. 29, Iran President Mahmoud Ahmadinejad admitted that a "limited" number of centrifuges had been affected by software he claimed had been installed by the country's enemies. It was the first time that an Iranian official had acknowledged the worm had struck its enrichment machinery.

Ahmadinejad has frequently blamed Israel and the U.S. for trying to destabilize his regime.

The New York Times' story amassed other circumstantial evidence that Stuxnet was a joint Israeli-U.S. creation.

According to the newspaper, Siemens -- the German maker of the SCADA systems purportedly used by Iran -- cooperated in 2008 with the Idaho National Laboratory (INL) to help experts there identify vulnerabilities in the control systems. The lab -- located about 30 miles east of Idaho Falls, Idaho -- is the U.S. Department of Energy's lead nuclear research facility.

Also in 2008, Siemens asked the Department of Homeland Security to conduct a security assessment on its popular PCS 7 control systems, a fact highlighted in a conference hosted by the IHL and Siemens that year in Chicago.

Stuxnet targeted Siemens' PCS 7 control systems and its Step 7 software.

Israel, meanwhile, set up an unknown number of gas centrifuges at its top-secret Dimona complex, then tested Stuxnet on the machines and their control systems, according to the New York Times. The centrifuges were virtually identical to the ones used by Iran.

Dubbed "P-1" centrifuges because they were Pakistan's first-generation design, the machines are notoriously unpredictable, and often fail at rates much higher than more sophisticated designs. Iran's centrifuges are knock-offs of the P-1, and are usually identified as "IR-1" models.

But the Israelis, and perhaps the Americans at their own Oak Ridge National Laboratory in Tennessee, succeeded in getting several P-1 centrifuges up and running, the New York Times said. The publication cited an anonymous American expert in nuclear intelligence, who told the paper that the Israelis had used the P-1 centrifuges at Dimona to test Stuxnet's effectiveness.

An Israeli link to Stuxnet has been long suspected, both because Israel has been vocal about the danger posed by a nuclear-armed Iran and because of several obscure clues buried in the worm's code. Rather than launch a military strike, as it did against an unfinished Iraqi nuclear reactor in 1981, the scenario goes, the country decided to wage cyber warfare.

Other hints came from security researchers, who unanimously agreed that Stuxnet's complexity pointed to a state-sponsored project, probably one that involved a large team of programmers, SCADA experts and intelligence analysts.

Langner, who has spent months pulling the worm apart, said earlier this week that Stuxnet was a natural weapon for opponents of Iran's nuclear program to unsheathe.

"If any target would justify a full-blown cyberwar strike for the first time in history, those centrifuges certainly would," Langner said Jan. 10 on his blog, where he has spelled out his findings and speculations. Langner believes that Stuxnet's creators had access to what he called a "mockup test system" to try out their worm on actual centrifuges.

Although Stuxnet has apparently not crippled Iran's nuclear program, it seems to have seriously hindered it, perhaps more than some have thought. Just last week, for example, the outgoing head of Israel's Mossad intelligence service said setbacks meant Iran wouldn't be able to create a bomb before 2015.

Langner was more skeptical about Iran's chances of solving the problems created by Stuxnet.

"In the moment when they will have cleaned up all systems, a new dropper exploiting new Windows zero-day vulnerabilities will likely be underway already," Langner asserted last week, echoing research last September that said systems scrubbed of Stuxnet could be easily re-infected.

"The cyberwar nightmare for Tehran may have only just begun," said Langner.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentmanagementNetworkingsymantecinfrastructure managementMalware and VulnerabilitiesGovernment/IndustriesCybercrime and Hacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?