Worm in Iran was perfect for sabotaging centrifuges
Experts dissecting the computer worm suspected of being aimed at Iran’s nuclear program have determined that it was precisely calibrated in a way that could send nuclear centrifuges wildly out of control.
Their conclusion, while not definitive, begins to clear some of the fog around the Stuxnet worm, a malicious program detected this year on computers, primarily in Iran but also India, Indonesia and other countries.
The paternity of the worm is still in dispute, but in recent weeks officials from Israel have broken into wide smiles when asked whether Israel was behind the attack, or knew who was. American officials have suggested it originated abroad.
The new forensic work narrows the range of targets and deciphers the worm’s plan of attack. Computer analysts say Stuxnet does its damage by making quick changes in the rotational speed of motors, shifting them rapidly up and down.
Changing the speed “sabotages the normal operation of the industrial control process,” Eric Chien, a researcher at the computer security company Symantec, wrote in a blog post.
Those fluctuations, nuclear analysts said in response to the report, are a recipe for disaster among the thousands of centrifuges spinning in Iran to enrich uranium, which can fuel reactors or bombs. Rapid changes can cause them to blow apart. Reports issued by international inspectors reveal that Iran has experienced many problems keeping its centrifuges running, with hundreds removed from active service since summer 2009.
Intelligence officials have said they believe that a series of covert programs are responsible for at least some of that decline. So when Iran reported this year that it was battling the Stuxnet worm, many experts immediately suspected that it was a state-sponsored cyberattack.
The computer analysis, Albright’s Wednesday report concluded, “makes a legitimate case that Stuxnet could indeed disrupt or destroy” Iranian centrifuge plants.
The latest evidence does not prove Iran was the target, and there have been no confirmed reports of industrial damage linked to Stuxnet.