 |
| Cyber photo via Shutterstock |
The admission comes in a book by David Sanger released today. The author interviewed many sources with direct knowledge of the program in what was clearly an authorized disclosure.
When the attack was first discovered in 2010, all that was known was that it was extremely sophisticated. Whoever wrote it had employed four 'zero day' attacks. A zero day attack being one that was previously unknown and provides 'zero days' to protect systems against it. As further details were uncovered, researchers quickly concluded that Stuxnet had been written by a well funded government lab.
What set Stuxnet apart however was the target which was clearly an industrial control system of some sort. Previous attacks on control systems had occurred when a hacker had found a way to connect over the network. These were like planting a bomb on a plane or a bus: the attack required only a certain amount of technical skill and access to the target area. Stuxnet was like a cruise missile: The payload was delivered by an automated delivery system. Whoever had developed Stuxnet was confident that they knew enough about the target to write a program that would break it without any other intervention.
At first the only clue as to the target of Stuxnet was the obvious cost of writing something so complex. Analysis of the code showed that each of the exploits and the payload had all been written at different times. This was not the act of a lone obsessive, it was a team effort that had taken many months work. There was no evidence, but Iran's nuclear program appeared to be the only target that could justify this level of attention.
Only the US, China and Russia had the means and opportunity to perform the attack. If the target was Iran, China had no motive and Russia would only have a motive if the attack would provide an opportunity to sell Iran spare parts for their civilian power plant. This made the US the most likely culprit.
Then researchers at the Institute for Science and International Security showed that the control parameters being manipulated by Stuxnet precisely match parameters reported to the IAEA for the Natanz centrifuges and that they appeared designed to cause damage:
Based on Symantec’s deciphering of infection sequence A, which is the attack involving a preponderance of Finnish frequency converters, Stuxnet can destroy centrifuges.In sequence A, there are two specific attacks that are separated by about a month. The first, called sequence one, would raise the speed of the centrifuge as high as a frequency of 1,410 Hz during a 15 minute attack, before the malware returns the control system to normal operation. After waiting about 27 days, Stuxnet would launch attack sequence two. The first part of this attack would lower the frequency toward 2 Hz and last 50 minutes. The second part would raise the frequency back to the nominal frequency of 1,064 Hz. After another 27 days, the first attack sequence would start again; followed by sequence two 27 days after that.Since the target was not a facility Russia had either built or was likely to provide spare parts for, the US emerged as the most likely culprit but there was also the possibility that the attack was a false flag operation designed to implicate the US.
Now we have final confirmation that the country with the biggest glass house decided to be the first to throw stones. In the next post I will discuss some of the consequences that flow from that decision.
