Dr Karl › Dr Karl's Great Moments In Science

Stuxnet the world's dirtiest digital bomb

Computer espionage has taken on a newer and more sinister meaning this century. Dr Karl looks closely at the dirty work done by a computer worm, Stuxnet, as it attacked a uranium processing plant in Iran.

There is a very effective computer virus called Stuxnet, Last time, I mentioned it caused a nuclear accident in Iran. To be more specific, the Stuxnet virus attacked the underground uranium centrifuge plant at Natanz, in Iran.

This incredibly well-crafted virus took its manufacturers, and we still don't know who they are, at least 10 person-years to make.

Once Stuxnet was inside the computers that controlled the spinning centrifuges, it made copies of itself and spread to all the computers on the internal network at the underground centrifuge plant.

The virus then looked for a specific set of widely used software, with the fairly obscure name of Simatic WinCC Step 7. This software could be used to control the action of high-speed motors.

Then the Stuxnet virus went deeper, and looked for motors spinning at 1064 revolutions per second, the exact speed at which the uranium centrifuges were spinning.

And then it went looking for centrifuges that were set up in the very specific configuration that had been used at Natanz.

Now computer and IT people have a saying, 'root is God'. In a computer, the so-called root-level is the most basic and fundamental level, and if you have access to 'root', you can do anything. The half-meg [file size of the] Stuxnet virus had root-access, and it used it.

It sped up the uranium centrifuges from their normal 1064 revolutions per second, to 1410, and kept them there for 15 minutes. This burst of over-speed created subtle damage in the bearings and structures of the centrifuges, which were already running at a speed close to critical.

Over time, this damage would destroy the centrifuges. Then Stuxnet went to sleep for 27 days. This time, when it woke up, it slowed down the centrifuges to an incredibly slow two revolutions per second, and kept them at this speed for 50 minutes.

This very slow speed would undo all the weeks and months of work that the centrifuges had done in separating the heavy and not-so-heavy isotopes of uranium, by letting the gases mix back together again.

And then Stuxnet went to sleep, only to wake up and repeat the whole cycle again in another two weeks.

So Stuxnet was both making the centrifuges self-destruct, and was mixing back together the painstakingly separated isotopes of the unwanted uranium-238, and the highly desired uranium-235.

And the operators of the centrifuges didn't know, because Stuxnet had done what is called a man-in-the-middle attack. It came between the computers that controlled the centrifuges and the centrifuges, and it made itself invisible.

So the operators didn't know when the centrifuges were running too fast, and they didn't receive any of the alarm signals that the centrifuges were sending back to them because Stuxnet was blocking them.

As far as the operators were concerned, everything was fine and running normally.

The first wave of Stuxnet was unleashed on June 22, 2009. Shortly after, the head of the Iranian atomic energy organisation resigned.

The next month, Wikileaks revealed that there had been a nuclear accident at the uranium centrifuge plant in Natanz. We don't have any more details on just what this accident was.

Uranium centrifuges are very high-tech, very delicate machines. They are normally replaced at the rate of 10 per cent per year. But as a result of Stuxnet, Iranian centrifuges were being replaced at 10 per cent per month!

Yes, Stuxnet did work, in the sense that it slowed, for a year or two, the advance of the Iranian nuclear program.

But now, in the words of the journal, The Bulletin of the Atomic Scientists, "Stuxnet is the world's problem".

You see, the very clever code that made up Stuxnet is now open source; anybody can look it up.

Anybody who works in this area can easily customize Stuxnet to be their virus. The original Stuxnet was a very exact and precise surgical instrument with a single target, the Iranian nuclear program.

But it can be reverse-engineered to be a dirty digital bomb. Already there are reports that a version of Stuxnet has been infiltrated into parts of the American military machine, perhaps the armed drones flying over Pakistan and Afghanistan.

The security of programmable logic controllers has always been very low, because nobody thought they would be a target.

But what if every traffic light, elevator and water pump in your country suddenly stopped working? What if the tiny valves that let fuel into every petrol and diesel engine suddenly stopped working?

A new weapon has been unleashed upon the world, and Stuxnet can't be stuffed back into Pandora's Box.

^ to top