Worm Was Perfect for Sabotaging Centrifuges By WILLIAM J. BROAD and DAVID E. SANGER



Similar documents
Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

SCADA City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor

Last year, two security researchers

INTERNET ATTACKS AGAINST NUCLEAR POWER PLANTS

The Christian Science Monitor

Conference Call with Dr. Olli Heinonen Transcript

The Stuxnet Worm The Nexus of Cyber Security and International Policy. By George Aquila Mentor: Ming Chow

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Post-Stuxnet Industrial Security: Zero-Day Discovery and Risk Containment of Industrial Malware

Energy Cybersecurity Regulatory Brief

SCADA Security: Challenges and Solutions

Post-Stuxnet Industrial Security

It's a MAD, MAD, MAD Cyber World

Advanced Analytics For Real-Time Incident Response A REVIEW OF THREE KNOWN CASES AND THE IMPACT OF INVESTIGATIVE ANALYTICS

COVER FEATURE PANDORA'S NET. Pandora s Net

American Public University System - A Multi-Disciplinary Approach to Cybersecurity Education

Protecting Organizations from Cyber Attack

Cyber Security & State Energy Assurance Plans

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Brought to you by: Justin White

WRITTEN TESTIMONY OF

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

PLC FORENSICS BASED ON CONTROL PROGRAM LOGIC CHANGEDETECTION WORKS

Ohio Families First:

Careers in the Growing Field of Information Technology Services

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

The Vulnerability of Nuclear Facilities to Cyber Attack

A Survey of SCADA and Critical Infrastructure Incidents

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

ADVANCED CYBER ATTACKS ON GLOBAL ENERGY FACILITIES

Research Note Engaging in Cyber Warfare

Conventional Energy Sources

Security Awareness Training Solutions

The State-of-the-State of Control System Cyber Security

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Cyber Security. Protecting the UK water industry

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Technology, Security, and Conflict in the Cyber Age IGA-236M, Harvard Kennedy School January 2015 Faculty: Professor James Waldo

Industrial Internet of Things - Transformation of Products to Services and new Business Models. Frank Schinzel Managing Director Accenture Digital

How To Design A Cyber Security Architecture

TAKE CONTROL OF YOUR DIGITAL PLANT ECOSYSTEM. Practical Industrial Cyber Security with RIPE

Business Continuity for Cyber Threat

The Asian Event Dedicated to Homeland and Civil Security

How Covert Agents Infiltrate the Internet to Manipulate, Deceive,...

Institute for Science and International Security

Keeping the Lights On

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

The Landscape of Cyber, critical infrastructure and how Regulation fits in

Big Profits and Scrutiny for Colleges That Draw Veterans By ERIC LIPTON

What s It All About? The Sun as a Power Source Instructor Guide

Generating Current Electricity: Complete the following summary table for each way that electrical energy is generated. Pros:

NSA Surveillance, National Security and Privacy

Bush Lets U.S. Spy on Callers Without Courts

State Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

the Council of Councils initiative

OVERSIGHT FOR CYBERSECURITY ACTIVITIES* Why Intelligence Policies Won t Work, and What Kind of Approach Will

Financial Sector Cybersecurity: who s in charge? Aquiles A. Almansi Lead Financial Sector Specialist WBG-Finance & Markets

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

Securing Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case

Effects-based Targeting for Critical Infrastructure

Emerging Trends in Malware - Antivirus and Beyond

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Webroot SecureAnywhere Business Endpoint Protection

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Cyber security and critical national infrastructure

IS THERE SUCH A THING AS A VIOLENT ACT IN CYBERSPACE?

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Cybersecurity in the Energy/Utility Sectors

Using Tofino to control the spread of Stuxnet Malware

SIZE. Energy. Non-Mechanical Energy. Mechanical Energy. Part II. Examples of Non-Mechanical Energy. Examples of Mechanical Energy.

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Cyber crime. lingua house. 1 Internet crime. Lesson code: 9ZE5-4PDB-KC48 UPPER INTERMEDIATE + Match the following words to their correct definitions:

Energy Prices. Presented by: John Heffernan

The Comprehensive Coatings Service Provider to Industry

Security Testing in Critical Systems

THE CASE FOR SCUC SOFTWARE

TOWARDS A CYBER-SECURITY POLICY

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

VBSim. Symantec Computer Virus/Worm Simulation System. Version 1.2. Copyright 1999, Symantec Corporation

Available online: 28 Jan To link to this article:

Supported by. A seven part series exploring the fantastic world of science.

Perspectives on Cyber Security Strategies & Tactics

Pipeline Cybersecurity: Federal Policy

What is Cyber Liability

What You Should Know About Cloud- Based Data Backup


Incident Handling Procedure

Beyond the Hype: Advanced Persistent Threats

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

An International Seminar

2014 Montana Government IT Conference. Securing Data Networks and People

Statement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013

Benefits of Machine Learning. with Behavioral Analysis in Detection of Advanced Persistent Threats WHITE PAPER

The National Intelligence Estimative Product

Transcription:

Page 1 of 5 Reprints This copy is for your personal, noncommercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers here or use the "Reprints" tool that appears next to any article. Visit www.nytreprints.com for samples and additional information. Order a reprint of this article now. November 18, 2010 Worm Was Perfect for Sabotaging Centrifuges By WILLIAM J. BROAD and DAVID E. SANGER Experts dissecting the computer worm suspected of being aimed at Iran s nuclear program have determined that it was precisely calibrated in a way that could send nuclear centrifuges wildly out of control. Their conclusion, while not definitive, begins to clear some of the fog around the Stuxnet worm, a malicious program detected earlier this year on computers, primarily in Iran but also India, Indonesia and other countries. The paternity of the worm is still in dispute, but in recent weeks officials from Israel have broken into wide smiles when asked whether Israel was behind the attack, or knew who was. American officials have suggested it originated abroad. The new forensic work narrows the range of targets and deciphers the worm s plan of attack. Computer analysts say Stuxnet does its damage by making quick changes in the rotational speed of motors, shifting them rapidly up and down. Changing the speed sabotages the normal operation of the industrial control process, Eric Chien, a researcher at the computer security company Symantec, wrote in a blog post.

Page 2 of 5 Those fluctuations, nuclear analysts said in response to the report, are a recipe for disaster among the thousands of centrifuges spinning in Iran to enrich uranium, which can fuel reactors or bombs. Rapid changes can cause them to blow apart. Reports issued by international inspectors reveal that Iran has experienced many problems keeping its centrifuges running, with hundreds removed from active service since summer 2009. We don t see direct confirmation that the attack was meant to slow Iran s nuclear work, David Albright, president of the Institute for Science and International Security, a private group in Washington that tracks nuclear proliferation, said in an interview Thursday. But it sure is a plausible interpretation of the available facts. Intelligence officials have said they believe that a series of covert programs are responsible for at least some of that decline. So when Iran reported earlier this year that it was battling the Stuxnet worm, many experts immediately suspected that it was a state-sponsored cyberattack. Until last week, analysts had said only that Stuxnet was designed to infect certain kinds of Siemens equipment used in a wide variety of industrial sites around the world. But a study released Friday by Mr. Chien, Nicolas Falliere and Liam O. Murchu at Symantec, concluded that the program s real target was to take over frequency converters, a type of power supply that changes its output frequency to control the speed of a motor. The worm s code was found to attack converters made by two companies, Fararo Paya in Iran and Vacon in Finland. A separate study conducted by the Department of Homeland Security confirmed that finding, a senior government official said in an interview on Thursday.

Page 3 of 5 Then, on Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second just enough, they reported, to send the centrifuges flying apart. In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges which, by that time, would presumably be destroyed. It s striking how close it is to the standard value, he said. The computer analysis, his Wednesday report concluded, makes a legitimate case that Stuxnet could indeed disrupt or destroy Iranian centrifuge plants. The latest evidence does not prove Iran was the target, and there have been no confirmed reports of industrial damage linked to Stuxnet. Converters are used to control a number of different machines, including lathes, saws and turbines, and they can be found in gas pipelines and chemical plants. But converters are also essential for nuclear centrifuges. On Wednesday, the chief of the Department of Homeland Security s cybersecurity center in Virginia, Sean McGurk, told a Senate committee that the worm was a game changer because of the skill with which it was composed and the care with which it was geared toward attacking specific types of equipment. Meanwhile, the search for other clues in the Stuxnet program continues and so do the theories about its origins. Ralph Langner, a German expert in industrial control systems who has examined the program and who was the first to suggest that the Stuxnet worm may have been aimed at Iran, noted in late September that a file inside the code was named

Page 4 of 5 Myrtus. That could be read as an allusion to Esther, and he and others speculated it was a reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them. Writing on his Web site last week, Mr. Langner noted that a number of the data modules inside the program contained the date Sept. 24, 2001, clearly long before the program was written. He wrote that he believed the date was a message from the authors of the program, but did not know what it might mean. Last month, researchers at Symantec also speculated that a string of numbers found in the program 19790509 while seeming random, might actually be significant. They speculated that it might refer to May 9, 1979, the day that Jewish-Iranian businessman Habib Elghanian was executed in Iran after being convicted of spying for Israel. Interpreting what the clues might mean is a fascinating exercise for computer experts and conspiracy theorists, but it could also be a way to mislead investigators. Indeed, according to one investigator, the creation date of the data modules might instead suggest that the original attack code in Stuxnet was written long before the program was actually distributed. According to Tom Parker, a computer security specialist at Securicon LLC, a security consulting firm based in Washington, the Stuxnet payload appeared to have been written by a team of highly skilled programmers, while the dropper program that delivered the program reflected an amateur level of expertise. He said the fact that Stuxnet was detected and had spread widely in a number of countries was an indicator that it was a failed operation. The end target is going to be able to know they were the target, and the attacker won t be able to use this technique again, he said.

Page 5 of 5 John Markoff contributed reporting.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information