[ISN] How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

From: InfoSec News <alerts_at_private>
Date: Tue, 12 Jul 2011 02:31:23 -0700 (MST)

By Kim Zetter
Threat Level
July 11, 2011

It was January 2010, and investigators with the International Atomic 
Energy Agency had just completed an inspection at the uranium enrichment 
plant outside Natanz in central Iran, when they realized that something 
was off within the cascade rooms where thousands of centrifuges were 
enriching uranium.

Natanz technicians in white lab coats, gloves and blue booties were 
scurrying in and out of the "clean" cascade rooms, hauling out unwieldy 
centrifuges one by one, each sheathed in shiny silver cylindrical 

Any time workers at the plant decommissioned damaged or otherwise 
unusable centrifuges, they were required to line them up for IAEA 
inspection to verify that no radioactive material was being smuggled out 
in the devices before they were removed. The technicians had been doing 
so now for more than a month.

"We were not immune to the fact that there was a bigger geopolitical 
picture going on. We were definitely thinking ... do I really want my 
name to be put on this?" -- Eric Chien Normally Iran replaced up to 10 
percent of its centrifuges a year, due to material defects and other 
issues. With about 8,700 centrifuges installed at Natanz at the time, it 
would have been normal to decommission about 800 over the course of the 

But when the IAEA later reviewed footage from surveillance cameras 
installed outside the cascade rooms to monitor Iran's enrichment 
program, they were stunned as they counted the numbers. The workers had 
been replacing the units at an incredible rate -- later estimates would 
indicate between 1,000 and 2,000 centrifuges were swapped out over a few 

The question was, why?

Iran wasn't required to disclose the reason for replacing the 
centrifuges and, officially, the inspectors had no right to ask. Their 
mandate was to monitor what happened to nuclear material at the plant, 
not keep track of equipment failures. But it was clear that something 
had damaged the centrifuges.

What the inspectors didn't know was that the answer they were seeking 
was hidden all around them, buried in the disk space and memory of 
Natanz's computers. Months earlier, in June 2009, someone had silently 
unleashed a sophisticated and destructive digital worm that had been 
slithering its way through computers in Iran with just one aim -- to 
sabotage the country's uranium enrichment program and prevent President 
Mahmoud Ahmadinejad from building a nuclear weapon.

But it would be nearly a year before the inspectors would learn of this. 
The answer would come only after dozens of computer security researchers 
around the world would spend months deconstructing what would come to be 
known as the most complex malware ever written -- a piece of software 
that would ultimately make history as the world's first real 

[ <- SNIP -> ]


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
Received on Tue Jul 12 2011 - 02:31:23 PDT

This archive was generated by hypermail 2.2.0 : Tue Jul 12 2011 - 02:37:33 PDT