This weekend The New York Times published what they claim is an insider look at the mysterious Stuxnet virus that attacked Iran’s nuclear programme in 2009. Stuxnet was a worm that appears to affect a specific make of Siemens controller used in Iran’s centrifuge complex. There’s been a fare bit of speculation about whether Stuxnet was put together by the Israelis or the Americans or just some random hackers.
The level of detail in the piece, by veteran reporters Bill Broad, John Markoff and David Sanger, should put that speculation to rest. According to the piece, Stuxnet was a coordinated attack two years in the making. It appears to be a joint US-Israeli effort, with possible involvement from the UK and Germany.
Perhaps most surprising is the article’s claim that the Israeli nuclear research centre at Dimona, which is widely believed to be the site that developed the nation’s first nuclear weapons, was actually operating a cascade of Iranian-style centrifuges in order to test the virus. According to the report, Israel obtained a cascade of P-1 centrifuges of the type used by Iran (how is unclear, although the United States obtained parts for the P-1s from Libya in 2004). They then used their cascade to make sure the Stuxnet virus did its job.
The virus itself appears far more sophisticated than initially reported. According to Ralph Langer, an independent computer security expert, the virus was designed to only attack 984 controllers linked together. That, it turned out, was the exact size of a cascade that was incapacitated by the attack. Moreover, it appears to have been designed simultaneously spin the rotors of the centrifuges until they broke apart, while sending a signal that all was well to facility operators.
There’s plenty more in the story: details of how a US Department of Energy lab studied vulnerabilities in the controllers in the year before Stuxnet emerged, and how officials believe the virus did far more damage than the press has reported. That last point may be why the story is finally now coming to the fore: somebody feels their hard work is underappreciated.