I am grateful to Alexander Glaser, a young German physicist associated with Princeton University’s engineering and public policy schools, for alerting me to an exceptionally authoritative analysis of the stuxnet computer worm that reputedly infiltrated and crippled industrial control systems in Iran.
The article, by Frank Rieger, appeared in Germany’s Frankfurter Allgemeine Zeitung, on Sept. 22. Rieger is chief technology officer at the cryptography firm GSMK, and his work on stuxnet has got a boost on the net from Bruce Schneier, the renowned internet security expert.
Bear in mind, in this connection, that stuxnet is generally described as having been designed to infiltrate control systems made by Siemens, which is more or less Germany’s most important company. It’s surely no accident that the German blogosphere appears to be ahead of ours in stuxnet analysis, as Glaser puts it.
To summarize Rieger’s long article, he makes the following salient points:
–Stuxnet is a trojan designed to exploit a hitherto unrecognized flaw in the Microsoft operating system
–such flaws (once found) are valuable and typically are sold for hundreds of thousands of dollars in the black market, for example to criminal gangs seeking to extract money from banks; the fact that this one was not sold is itself a strong indicator that stuxnet was the work of one or more national intelligence agencies
–another strong indicator is the sophistication and complexity of the trojan: Rieger describes it as being like a Russian matryoshka, such that only the innermost “doll” would take down the systems it was designed to infiltrate or destroy; in all, stuxnet exploits four hitherto unrecognized computer system weaknesses and incorporates two stolen digital signatures–signatures that assure a computer the software it’s copying is authentic and not malware. Because of this layered design, says Rieger, forensic analysts found that when they tried to decypher the trojan, as soon as they peeled off one layer they’d find another unsuspected one.
–stuxnet appears to have been directed at the Siemens S-7 SCADA systems (the supervisory control and data acquisition systems that manage complicated industrial processes and power grids), and specifically at a key software component in those systems called WinCC
–Once stuxnet had been installed in a computer via a usb stick and was running, it would infest all the other computers connected with that one in search of WinCC
–having infected a network of computers, an element in the trojan appeared capable of synchronizing control system sabotage across the network; that capability points to a facility like Iran’s large enrichment plant at Natanz, where individual centrifuges are presumably controlled by networked computers
–further, the designers of stuxnet–who Rieger says could not possibly have been mere hackers or “trashy” cyber criminals–went to great lengths to limit collateral damage across systems, so that only the targeted operations would suffer
–they also appear to have limited the system’s lethality in time: it was set to stop working in January 2009, and only kept working some places because some computers had incorrect date and time settings, so that it eventually was detected
–ideally, it appears to have been designed, says Rieger, to manipulate control systems invisibly, so that people looking a displays in control rooms would be unable to see that things were going wrong or why
Rieger considers the January 2009 termination date highly suggestive. In February, the IAEA reported declining productivity at the plant. By July, Wikileaks reported that there had been some kind of accident at Natanz, Meanwhile, the head of Iran’s atomic energy agency had abruptly resigned.
Rieger’s English-language blogging about stuxnet and Natanz, even more detailed than his German newspaper article, has provoked a lively online discussion that is worth tapping into.
One particularly interesting angle: Rieger considers it improbable that stuxnet could have been designed without inside knowledge of the control systems that run plants like Natanz; reliance of stuxnet on memory sticks for infiltration also points to the existence of internal saboteurs and perhaps even an underground resistance.
