Think you knew all there was to know about Stuxnet, the worm that was discovered in 2010 to have destroyed thousands of uranium enrichment centrifuges at Iran's Natanz nuclear facility? Think again. It appears that an early version of the worm was attacking Iran's nuclear program years before the version that made headlines in 2010 was unleashed, according to a new report by the IT Security firm Symantec.
Dubbed Stuxnet 0.5, the early version of the worm attacked Iran's nuclear program by closing valves that allowed uranium hexafloride gas (UF6) to flow into the centrifuges at Natanz, according to Symantec. Cutting off the flow of UF6 would, in theory, damage the centrifuges. (Click here for a primer on gas centrifuges.)
This apparently didn't work as well as Stuxnet's designers wanted it to and we saw later versions of the worm that famously caused the centrifuges to spin out of control -- thereby destroying them. Stuxnet 0.5 was under development as early as November 2005 and in the wild by November 2007 with orders to shut down by July 2009 -- the year that the version aimed at causing the centrifuges to spin out of control was developed, according to Symantec.
"The earliest known variant of Stuxnet was version 1.001 created in 2009. That is, until now," reads a Symantec blog post accompanying the report.
Remember, Stuxnet was reportedly the work of a U.S.-led cyber campaign against Iran known as Operation Olympic Games. At the time of its discovery the worm was considered to be one of the most advanced cyber weapons ever fielded. The worm reportedly took an unprecedented amount of time, expertise, and money to create.
As a Symantec blog post says, "Stuxnet proved that malicious programs executing in the cyber world could successfully impact critical national infrastructure."
The malware was designed to worm its way (See what I did there?) harmlessly around the globe until it found its precise target, the Siemens-made programmable logic control (PLC) computers that ran the centrifuges at Natanz. Once there, it attacked. You know the rest.
Some cybersecurity experts fear that cyberweapons like Stuxnet can be revers- engineered and used against their creators or sold on the ever-growing black market for cyber weapons.
"The difference between traditional weapons and cyber weapons is that it's not possible to [re]assemble a cruise missile after it has been used," said cyber security expert Eugene Kaspersky last September in Washington. "Cyber weapons are different" because the victims "can learn from" weapons used against them.
As another cyber security expert told Killer Apps last fall:
Because uranium centrifuges and power turbines are both spinning machines, "the attack is identical -- the one to take out the centrifuges and the one to take out our power systems is the same attack."
"If a centrifuge running at the wrong speed can blow apart" so can a power generator, said the expert. "If you do, in fact, spin them at the wrong speeds, you can blow up any rotating device."
Rep. Mike Rogers said today that Iran may pose the highest risk of a destructive cyber attack on U.S. critical infrastructure because its leaders are irrational. Although Russia and China are conducting large-scale cyber espionage campaigns, he explained, Iran has fewer qualms about launching a destructive attack.
"You have nation-states like Iran who are developing this capability, and they're not a rational actor when it comes to trying to disrupt or cause a catastrophic attack to our U.S. economy," the chair of the House Permanent Select Committee on Intelligence said during a speech Wednesday reintroducing his Cyber Intelligence Sharing and Protection Act, better known as CISPA.
Rogers said that Iran had already displayed its willingness to wreak havoc abroad in the attacks last August against the Saudi Aramco oil company and the Qatari gas firm RasGas, which wiped the data from 30,000 computers and kept employees off email for more than a week.
The U.S. government has yet to name a culprit in those attacks, but Rogers said that, based on his conversations with private sector cyber security analysts, he is "99.9 percent sure" that Iran was behind them.
"That's a new level of capability," said Rogers. "They have obviously aggressively stepped up their campaign."
He then pointed to last fall's denial of service attacks against U.S. banks as also being the work of Iranian cyber operators, though he acknowledged those attacks were far less sophisticated and damaging.
"Most people believe that was a probing action, they're trying to find deficiencies in our systems to find a better way to come back and cause some catastrophic disruption," Rogers said. "You can imagine how devastating it would be, not just getting into that system but actually breaking that system, manipulating and changing data, and destroying data. Devastating. That could bankrupt a company."
Rogers said that Russia and China would be unlikely to attack the United States in peacetime, but that Iran is a different story.
"I think they're eager and ready to ramp up their actions against the United States," he said to reporters after his speech. "Here's a country that's feeling isolated. Sanctions are hurting badly. You saw them reach out and strike Aramco. This is the same country that tried to kill the Saudi ambassador here in Washington DC. This is not a country that's going to make a rational decision about attacks of this nature."
Happy Monday! In case you missed this over the weekend, these pictures show Iran's incredibly fake Quaher 313 "stealth fighter."
When I first looked at the plane Saturday morning, I could tell it was bogus. Look at the photos of the cockpit: there's barely any wiring. In fact, it looks like the Iranians dumped some rudimentary flight controls and an ejection seat into a shell molded in what they thought were stealthy angles. (As Killer Apps' friend David Cenciotti points out, there are no rivets or seams on the outside of the jet where its different fuselage sections would normally be joined together.) You can actually see the white-painted inside of the shell in the cockpit photos. Check out how awful the visibility through the canopy is, it's downright terrible.
Then there's the photo of the back of the plane showing a non-existent engine nozzle. Things get even better when you see a photo of a pilot sitting inside the cockpit. The jet is so small it looks like the man is sitting in a clown car, er, clown fighter. It's seriously unlikely that such an aircraft has room to carry the avionics, radars, electronic countermeasures, heat masking gear, and, most importantly for a fighter, the weapons that make modern stealth jets effective.
(Heck, it's all but proven that video Tehran claims shows the jet in flight is actually just showing a radio controlled model.)
At best, these photos show a small mock-up, or maybe, just maybe the radio controlled plane used in the video. Still, this is not a modern stealth fighter. If you want a laugh, read Iran's press release saying the "super advanced" jet can "evade radars." Enjoy!
Fars News Agency
A U.S. official dropped a very interesting quote on Killer Apps the other day.
As we discussed the growing trend of destructive cyber attacks, the strikes against Middle Eastern oil firms Saudi Aramco (its HQ is shown above) and Rasgas of Qatar that rendered about 30,000 computers useless last August came up.
The official then mentioned that these attacks may have been more damaging than reported.
"I was just in Saudi a while ago and found that the attacks were probably worse than we originally had believed, from talking to some of the folks there," said the official.
And that's it. He wouldn't elaborate when asked for more details.
Last August's Middle East cyber attacks were apparently conducted by a supposedly independent hacktivist group." However, the U.S. government has implied that it thinks Iran sponsored the attacks and some experts think the attack was retaliation against several cyber espionage tools like Flame that were spying on Iranian computers.
The August attacks, using a virus called Shamoon, wiped the hard drive of the Saudi computers and left thousands of Aramco employees unable to access email and kept them off company networks for a week or more.
So how is it that the pilots of those Iranian Su-25 attack jets failed to score any hits on the U.S. MQ-1 Predator drone that they shot at with 30 mm cannon last week?
Well, it can be difficult for a supersonic fighter to engage a super-slow prop plane -- which a Predator is. That's why the United States uses Coast Guard HH-65 Dolphin helicopters with snipers aboard to defend the airspace around Washington, D.C. (locals can see the orange Coastie helos tooling around DC's skies every day) against slow moving targets, like errant Cessnas.
But the Su-25 Frogfoot is the Soviet-designed, Georgian-made version of the U.S. Air Force's A-10 Warthog, a relatively slow-moving ground attack jet equipped with big guns and the ability to carry a lot of bombs. The Su-25 can fly so slowly that there's even a variant that is used to tow aerial gunnery targets. It should be the ideal jet to gun down a slow-moving Predator. (Of course, missiles are another story, the Iraqis easily downed a Predator in 2003 using air-to-air missiles.)
The Air Force and Navy routinely make the case that they need to develop a new generation of stealthy, jet-powered UAVs since the current MQ-1 Predators and MQ-9 Reapers don't stand a chance of surviving against pretty much any air defenses, from ground based-antiaircraft weapons to fighter jets. Heck, bad weather can easily bring down a Predator.
Press accounts indicate that the Iranian jets fired at the UAV twice -- missing both times -- as it cruised in international airspace over the Persian Gulf. The Iranian planes apparently followed the drone for a while after shooting at it (maybe they ran out of ammo). Nevertheless, Pentagon officials say they assume Iran was firing to shoot down the drone and not simply firing warning shots.
"Our working assumption is that they fired to take it down. You'll have to ask the Iranians why they engaged in this action," said Pentagon Press Secretary George Little yesterday.
Still, the circumstances of the incident beg the question: are Iranian ground-attack pilots that bad at air-to-air gunnery, or did they miss deliberately to provoke the United States without actually damaging its property?
(For what it's worth, we've seen some Iranian press accounts say the shots were warning shots.)
When asked if those Iranian pilots should have been able to hit the MQ-1, Richard Aboulafia, Vice President of Analysis (and manned aircraft enthusiast) at the aviation consulting firm Teal Group, said "yes, they should." He then pointed out that the the incident was "an ironic commentary on the limits of UAV utility. Fighters are quite useful across a broad spectrum of conflict, including operations other than war (OOTW). You can't get a UAV to fire a warning shot, or enforce a no-fly zone, or anything like that. Inhabited fighters will always be essential for armed diplomacy, if you will." Well, they are for now anyway.
John Reed reports on the frontiers of cyber war and the latest in military technology for Killer Apps.