U.S. officials have remained tight-lipped amidst a news report suggesting that the highly-sophisticated computer worm Stuxnet was borne out of an American-Israeli collaboration.
On Saturday, the New York Times reported that scientists at the Idaho National Laboratory have spent the last couple of years working on a project to uncover vulnerabilities in the controller equipment used to run Iran’s uranium enrichment facilities. Through the piecing together of known facts and interviews with confidential sources, the report goes on to assert that the information was then passed on to Isreal for the creation of a super cyberweapon capable of sabotaging the controllers and thwarting Iran’s nuclear ambitions.
The mysterious Stuxnet worm was first discovered back in June and appears designed to gunk up the operations of specific industrial systems. By the end of the summer, about sixty of computers infected by the worm were in Iran, according to security software company Symantec. Iranian president, Mahmoud Ahmadinejad, has since admitted that the bug inflicted some damage to the centrifuge machinery used to refine uranium.
The Times report provides a brief explanation of the precise manner in which the worm assaults its target.
One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a “man in the middle” in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct.
Even experts believe such a sophisticated design is unlikely to be the handiwork of hackers and suspect that government agencies may have been involved.
(For more, check out my colleague John Herrman post that explained the significance of the Stuxnet worm and it’s impact on military cyberwarfare.)