11.16.10

Fancy Stuxnet Stuff: Effect still indiscernible

Posted in Cyberterrorism at 10:42 pm by George Smith

The Register summarizes recent findings that the Stuxnet worm targets mechanisms which are export-controlled under US anti-nuclear proliferation regimes.

DD lets the pub do the heavy lifting:

New research, published late last week, has established that Stuxnet searches for frequency converter drives made by Fararo Paya of Iran and Vacon of Finland. In addition, Stuxnet is only interested in frequency converter drives that operate at very high speeds, between 807 Hz and 1210 Hz.

The malware is designed to change the output frequencies of drives, and therefore the speed of associated motors, for short intervals over periods of months. This would effectively sabotage the operation of infected devices while creating intermittent problems that are that much harder to diagnose.

Low-harmonic frequency converter drives that operate at over 600 Hz are regulated for export in the US by the Nuclear Regulatory Commission as they can be used for uranium enrichment. They may have other applications but would certainly not be needed to run a conveyor belt at a factory …

The gist is that it seemingly confirms a malware jab at Iran’s nuclear program.

“Plant officials at the controversial Bushehr nuclear plant in Iran admitted the malware had infected its network in September,” continued the Reg.

“This had nothing to do with a recently announced two-month delay in bringing the reactor online, government ministers subsequently claimed.”

Could be true.

And nuclear power plants do not enrich uranium, perhaps indicating that Stuxnet’s creators have lousy aim, a topic I’ve addressed earlier. (We’ll get to it.)

In any case, various news agencies report Bushehr ready to join Iran’s power grid in 40 days. Exposing again a hard limit on using software to sabotage stuff in the physical world.

The Reg concludes:

The appearance of the malware has provoked talk of cyberwar in some quarters and certainly done a great deal to raise the profile of potential attacks on power grid and utility systems in the minds of politicians. This is regardless of the potential likelihood of such an attack actually being successful, which remains unclear even after the arrival of Stuxnet.

On limitations, previously at DD blog:

I’d only add that the lack of substantial proof of success in offensive malware operations won’t stop anyone in the business of insisting just the opposite.

However, Iran’s nuclear program also won’t be stopped by a piece of malware aimed at controller software in its factories.

And the liabilities of employing something like Stuxnet are now fairly obvious.

The most glaring being that such a thing is immediately seized upon and pulled apart by the worldwide distributed network of computer security researchers. And second, that even granting for a moment that it was designed to be directed at Iran, the intelligence requirements for it to be solely limited to that were still way too great to limit its spread to that country.

Another ramification is the identification of the originating country. But if the country of [creation] is already an international pariah, then it doesn’t matter if Stuxnet is pinned on [it].

For the purposes of nations with offensive cyberwar operations, Stuxnet shows there is no obstacle or particular reluctance to shoot a weapon across the networks. Even if it doesn’t achieve much from an outside perspective. Stuxnet is all good for the computer security business. Contractors love it. That’s just the way things work here. Nothing could be better than for nations to secretly make more of them.

Any interior arguments — coupled with the natural bent of the computer security industry — would validate operations, anyway. So the US or Israel can be bad actors all the time in this area, if they so wish.

There’s no oversight and little practical interest outside of the malware story’s use as a justification for more offensive and defensive spending.

Stuxnet actually only comprises a small part of the weekly news on the excellence of attacking Iran.

The political leadership, particularly the right, doesn’t care about the magical malware on Iranian networks. It is far more interested in just unleashing the bombers.

Having far more traction, for example, is an opinion piece in which a famous Village asshat recommended all out war with Iran in order to save the US economy. A development that most experts in international relations and nuclear proliferation would guarantee an Iranian bomb eventually.

By comparison, Stuxnet is interesting but petty shit.

Permalink