ADRIAN MORGAN ON STUXNET…..WHOEVERDUNNIT DESERVES OUR PRAISE AND GRATITUTDE

http://www.familysecuritymatters.org/publications/id.7499/pub_detail.asp

Why Did Stuxnet Worm Target Iran?

The Editor

Recently there has been news of a computer worm called Stuxnet, which is currently wreaking havoc on industrial systems. It was first identified in June, and has been reported in India, Pakistan and Indonesia, although it is estimated that 60 percent of occurrences of the computer worm are from Iran. Along with the facts, however, there has been a lot of supposition and theory.
The Stuxnet worm belongs to a family of worms/Trojans of that name that primarily attack Windows PCs. Worms are written to exploit vulnerabilities in software. These are self-replicating pieces of code that infect computers on a network which then send copies to other machines on the network. Generally patches are written when software weaknesses are discovered. Microsoft has been increasingly plagued by worms and viruses.
For example in October 2008, a patch was released for a Microsoft software vulnerability. In January 2009, the company was reprimanding users who had not uploaded the patches. A worm called “Downadup.b,” (also called Conficker) began to spread at an alarming rate after the patch was issued. Around 9 million PC computers were affected by January 2009. A large proportion of these computers had not downloaded the protective patch. Worms are usually fairly indiscriminate, attempting to infect any computer that they encounter on networks.
Stuxnet, however, is far more sophisticated and specific in the nature of its targets. Stuxnet seeks out computers used to control industrial operations. Stuxnet targets SCADA systems – “supervisory control and data acquisition” systems. These are computer systems used to monitor and run complex inductrial operations – flow of water or gas, railway signalling, electricity grids, and nuclear installations. In the case of Stuxnet, it embeds itself within Microsoft code and then seeks out systems made by the German company Siemens.
The first known instances of Stuxnet were noticed in mid-June 2009 by VirusBlokAda, an anti-virus company from Belarus. On July 23, 2010, Siemens announced that Stuxnet had been recognized as malware affecting WINCC SCADA systems, and a patch code to flush the malware from systems had been added to anti-viral software.
WINCC SCADA (also called PS7 on Siemens systems) is a software “viewing” system for monitoring the flow of activity on industrial SCADA systems. In the case of the Stuxnet worm, the malware is spread by USB memory sticks, as WINCC SCADA systems run by Siemens are not connected to the internet for security reasons. In July, 2010 when the worm was newly identified, an article suggested that it was used to steal information:
Once the USB device is plugged into the PC, the virus scans for a Siemens WinCC system or another USB device, according to Frank Boldewin, a security analyst with German IT service provider GAD, who has studied the code. It copies itself to any USB device it finds, but if it detects the Siemens software, it immediately tries to log in using a default password. Otherwise it does nothing, he said in an email interview.
A worm generally attacks a system using a “zero-day” vulnerability in its code. A zero-day vulnerability is a point of weakness that is unknown by its developers or distributors. What makes Stuxnet unique is that is uses FOUR zero-day vulnerabilities. This suggests that it is not a worm designed by a small-scale criminal group, but a highly sophisticated team, which would only come from the resources provided by one or more developed nations.
Roel Schouwenberg of Kaspersky Lab and Liam O Murchu of Symantec have both commented on the immense sophistication of the Stuxnet code.
By July, sixty percent of cases of Stuxnet attacks were thought to have taken place in Iran. Siemens had announced on January 26 this year that it was pulling out of further contracts with Iran. A Wall Street Journal article from February 2009 claimed that many European companies, including Siemens, were contributing to Iran’s growth of its nuclear capacity. The article was titled: “How European Companies Are Feeding Iran’s Bomb.” According to the Jerusalem Post, Siemens’ decision to pull out of Iranian operations came as a result of pressure from a group called “Stop the Bomb”. This group, comprised of Iranian and German activists, condemned Siemens for facilitating nuclear bomb-making ambitions.
Iran and the Bomb
Iran has been edging closer towards creating its own nuclear weaponry for at least a decade. On the surface, Iran has pretended that it has only been pursuing a means to provide nuclear energy. The main Bushehr nuclear reactor in southern Iran (Bushehr 1, pictured above), which was due to go online this month, has been seen as a source of nuclear material that could be used in a weapon.
This reactor has been built with the assistance of German and Russian technical companies, and the Bushehr reactor has been said to have been affected by the Stuxnet virus. However, though there are other reactors under construction at Bushehr, and one of these (a light-water reactor) could in the future be used to produce weapons-grade plutonium, Bushehr 1 itself seems to be available only for power purposes. However, an active reactor would be a good cover for other activities beside it: few people would wish to hit a working reactor and create a nuclear disaster.
As I wrote in August:
It is in the central and northern regions of Iran that Iran has its facilities that are directly related to the production of weapons-grade uranium. It has uranium enrichment plants at Natanz and Qom. At Isfahan there is a gas storage tank (Uranium hexafluoride gas is essential in the production of weapons-grade uranium) and at Arak there is a heavy-water reactor. At Darkhovin there is a pressurized water reactor (built with French assistance) which is said to be for peaceful power purposes but is believed to be connected to Iran’s nuclear enrichment program.
All of these facilities, spread as they are across a wide section of Iran, would be hard to shut down with a single strike. Some facilities – such as a bank of centrifuges as Natanz – are believed to be underground. Which is where a worm like Stuxnet is so useful, if it can effectively slow down Iran’s attempts to produce a bomb.
Sanctions may have been imposed, but the world has effectively stood by while Iran has lied about its real intentions and shown contempt for all of the usual means by which civilized nations attempt to negotiate.
In May this year, hardline Islamist cleric Ahmad Khatami told worshipers that Iran had entered the “nuclear club.” Khatami also warned other nations that Iran could “endanger your entire world.” Behzad Soltani, the head of Iran’s Atomic Energy Organization, had made a similar comment in April. He had claimed that Iran would be joining the nuclear club to deter other nations.
Iran’s Islamic Republic was born out of despotism and lies. Before the revolution, Ayatollah Khomeini suggested from his base in France that once the Shah of Iran would be overthrown, there could be a possibility of a woman leading Iran, states Con Coughlin. The kidnapping and holding hostage of innocent American embassy workers showed that Iran had no respect for international standards.
In 1980 Operation Eagle Claw, a rescue attempt by US airmen, failed and eight US servicemen were killed in a refuelling incident. On Iranian TV, Ayatollah Sadeq Khalkhali prodded the charred remains of the American servicemen. Khalkhali, who took a delight in hanging people as a revolutionary judge, had since youth displayed his unhinged tendencies. He would strangle cats for fun.
Iran has been working closely with Syria to establish a defense network since 2005. Iran and Syria, according to a report from the UN from May this year, have both been receiving nuclear technology from North Korea. North Korea has managed to detonate two underground nuclear devices in the northeast of the country, equivalent in power to the Hiroshima bomb. On September 6, 2007, Israel is said to have launched an air strike on Syria, apparently upon a cache of nuclear materials that had been imported from North Korea.
Within weeks of winning the elections of August 2005, Mahmoud Ahmadinejad was making repeated calls for Israel to be wiped off the map. On Tuesday April 11, 2006, Ahmadinejad announced that:
“I am officially announcing that Iran has joined the group of those countries which have nuclear technology. This is the result of the Iranian nation’s resistance. Based on international regulations, we will continue our path until we achieve production of industrial-scale enrichment.”
It has long been known that Iran has been plotting to build nuclear weapons, yet bizarrely, while there was time to prevent the development of a nuclear weapon, the head of the International Atomic Energy Agency (IAEA) appeared to be enabling Iran. In May 2007, the head of the IAEA was Egyptian Muslim scientist Mohammed ElBaradei. Even while the IAEA official report to the UN Security Council had said that “Iran has not suspended its enrichment-related activities, Iran has continued with the operation of their pilot fuel enrichment plant.”
Three UN resolutions demanding that Iran stop its uranium enrichment program had been made, but ElBaradei claimed in May 2007 that the situation had been “overtaken by events” and that Iran should only be prevented from enriching uranium on an “industrial scale.” In February 2007, at the LSE in Britain, ElBaradei had argued that there was little moral authority in asking countries like Iran to desist from nuclear development. He said that Britain could not “modernise its Trident submarines and then tell everyone else that nuclear weapons are not needed in the future.”
Bizarrely, in October 2007, Mohammed ElBaradei said in a CNN interview that: “I have not received any information that there is a concrete active nuclear weapons programme going on right now. Even if Iran were to be working on a nuclear weapon… they are at least a few years from having such a weapon.” French Defence Minister Herve Morin dismissed ElBaradei’s comments,stating: “Our information, matching those of other countries, gives us the opposite feeling.”
On October 25, 2007, faced with the overwhelming evidence of Iran’s nuclear program which ElBaradei refused to take seriously, the United States Treasury designated Iran.
ElBaradei and the IAEA had been jointly awarded the 2005 Nobel Peace Prize, “for their efforts to prevent nuclear energy from being used for military purposes and to ensure that nuclear energy for peaceful purposes is used in the safest possible way”.
Ali Akbar Hashemi Rafsanjani is one of the most powerful clerics in Iran, heading the “Assembly of Experts,” a body responsible for choosing the Supreme Leader of Iran. In December 2007, Rafsanjani urged Iran to continue enriching uranium. In 2005, Rafsanjani had admitted that Iran had deliberately misled the United Nations concerning its experiments with plutonium, another element used in nuclear weapons. Officially Iran had abandoned experiments with plutonium in 1993, but had continued up until 1998. In April 2006, when Iran announced its enrichment of Uranium, Rafsanjani had stated:
“Iran has put into operation the first unit of 164 centrifuges, has injected (the uranium) gas and has reached industrial production. We operated the first unit which comprises of 164 centrifuges, gas was injected, and we got the industrial output. We should expand the work of these machines to achieve a full industrial line. We need dozens of these units (sets totalling 164 centrifuges) to achieve a uranium enrichment facility.”
The only reason for Iran to be enriching uranium beyond the comparatively impure state required to generate domestic electric power is for military purposes. Iran with a nuclear bomb would become a scourge of the Middle East. The centrifuges used to produce enriched uranium from uranium hexafluoride gas would be a target that needs to be stopped.
Rafsanjani has said earlier this month that Iran should not take the sanctions lightly. In a statement designed to criticize the cavalier and boastful approach taken by Ahmadinejad, he warned the Assembly of Experts:
“Gentlemen, you should be vigilant and careful. Do not downplay the sanctions … people should not be tricked. Throughout the revolution, we never had so many sanctions and I am calling on you and all officials to take the sanctions seriously and not as jokes.”
Even though Rafsanjani claims that sanctions may be working, in real-world terms, it is too late for sanctions. For five years, Iran under Ahmadinejad has led UN nuclear inspectors on a merry dance.
Ahmadinejad believes in the return of the 12th Imam. According to an Iranian tradition, this Shia imam (who disappeared more than a thousand years ago) would only return when the world is plunged into chaos. With a person having such irrational beliefs, there is no knowing what he would do with a nuclear weapon.
Today’s Washington Post claims that Iran is convinced that a foreign nation or organization has designed Stuxnet. After the posturing and arrogance shown by Ahmadinejad on Thursday in the United Nations, some officials are admitting that they have a problem. Hamid Alipour told the state-owned Iranian media that:
“We had anticipated that we could root out the virus within one to two months. But the virus is not stable, and since we started the cleanup process three new versions of it have been spreading.”
The origin of the Stuxnet worm is unknown. Several sources have suggested that Israel, or Israel and America combined, have fashioned this worm. No-one has claimed responsibility. While the worm exists, and while Iran has not managed to deactivate the worm, it is highly likely that the centrifuges at Natanz (pictured top) will not be running, which can only be a good thing.
Cyberattacks which attack infrastructure and operational systems, which have been written about for a decade, have been feared by many. Islamists based in Turkey have launched numerous low-level DOS attacks against web forums that criticize Islam, and the Mufti of Saudi Arabia has encouraged Muslims to use cyberattacks against web domains that host sites critical of Islam.
This particular worm is a “class act.” It is unfortunate for the companies in Indonesia, Azerbaijan, India and even the USA who have been hit by Stuxnet. But anything that sabotages the intentions of a rogue state like Iran to gain a nuclear weapon, particularly when the country is led by a maniacal figure who has already threatened Israel with such an attack, can only be a positive development.
No-one has been killed by Stuxnet, but a rogue state has found its main systems compromised. To whoever created Stuxnet and let it loose on Iran – congratulations are due.
Adrian Morgan

The Editor, Family Security Matters

Comments are closed.