How Stuxnet cyber weapon targeted Iran nuclear plant
Researchers from California and Germany dove into the Stuxnet code and found it sought out specialized components used in Iran nuclear centrifuges – and could cause them to explode.
Stuxnet, the world's first known “cyber missile,” was designed to sabotage special power supplies used almost exclusively in nuclear fuel-refining centrifuge systems, researchers studying its code have revealed. The discovery is another puzzle piece experts say points to Iran's nuclear centrifuge plants as the likely target.Skip to next paragraph
Subscribe Today to the Monitor
While the discovery may seem just another bit of circumstantial evidence, it is a critical one that appears to all but answer a central mystery surrounding Stuxnet: What was its target?
Stuxnet was discovered in June by a Belarus antivirus company, and its unique ability to control industrial processes was uncovered by US researchers in July. But its true role as the world's first publicly known cyber super weapon – designed to cross the digital divide and destroy a very specific target in the real world – was only revealed in September.
Even then, the target was mostly an informed guess. Was Iran's Bushehr nuclear power plant or its nuclear centrifuge fuel-refining plant at Natanz the target, as some suggested? Or was it something quite different, like the big Indian-made satellite that failed dramatically in July?
It now appears that a smoking gun within Stuxnet's software code targets power supplies almost certainly used inside any Iranian nuclear fuel refining plant, researchers say. Working separately, researchers at California computer security firm Symantec arrived at the same conclusion as researchers in Germany late last week: Nuclear-fuel centrifuges were the target.
The researchers followed a complex trail. After cleverly gaining access to computer systems using an array of devious "exploits," Stuxnet searches for and infects only a specific Siemens-made programmable logic controller (PLC) performing specific functions, the researchers found. Then – and this is the part just unearthed – it hunts for identification numbers unique to a special kind of "frequency converter drive" made by just two firms in the world: one headquartered in Finland, the other in Tehran.
Frequency converter drives are a kind of power supply that can change the frequency of its output to control the speed of a motor. The drive responds to a PLC's computer commands and is used for industrial control in factory settings worldwide. Stuxnet hunts for specific drives set at specific speeds – the very high speeds a centrifuge must achieve to physically separate and concentrate uranium isotopes for use as nuclear fuel. Such fuel can then be used in a reactor or, if refined to far higher concentrations, a nuclear weapon. [Editor's note: The original version misconstrued the nature of frequency converter drives.]
Symantec researchers were aided by a Dutch industrial control systems expert who revealed the connection with Tehran and Finland firms. It turns out that the special drives Stuxnet targets are built to operate "at very high speeds ... speeds used only in a limited number of applications," Symantec stated in a report update Nov. 12. Such drives are "regulated for export in the US by the Nuclear Regulatory Commission," because one of their main uses is for uranium enrichment, it noted.