Stuxnet Worm Targets Iranian Centrifuges

Iran President Mahmoud Ahmadinejad accused the country’s enemies of using malware to disrupt centrifuges involved in uranium enrichment.

“They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts,” he was quoted as telling reporters at a media conference. “They did a bad thing. Fortunately, our experts discovered that and today they are not able [to do that] anymore.”

Ahmadinejad did not initially name Stuxnet as the culprit, but the worm immediately became the focus of speculation. In the past, Iran has said only that the worm affected computers belonging to employees at the Bushehr nuclear power plant. Iran’s president has since confirmed that the Stuxnet worm did indeed take out some of the centrifuges.

Iran targeted by Stuxnet

Earlier this month, Iran temporarily halted most of its uranium enrichment work. Just days prior, former International Atomic Energy Agency chief Olli Heinonen told Reuters that Iran has had problems with equipment used in its uranium enrichment program for years, but that the Stuxnet worm may also have been a factor.

According to security researchers, the worm targets frequency converter drives in industrial control systems. The technology is used to control electrical power supplied to motors, thereby controlling motor speed. More specifically, researchers at Symantec found the worm zeros in on frequency converter drives operating with outputs between 807 Hz and 1,210 Hz. Low-harmonic frequency converter drives that output more than 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission because they can be used for uranium enrichment.

Much of the speculation about Stuxnet has centered on Iran being the chief target of the worm, though this has not been confirmed. Also a mystery is just who authored the worm, which was first detected this summer but is believed to go back to at least June of 2009.

“It’s been common knowledge for a couple of years that there are over 100 countries with offensive cyber capabilities,” said Eddie Schwartz, chief security officer at NetWitness. “These capabilities come in the form of direct ownership by military and intelligence organisations and through the hiring of ‘cyber mercenary’ groups. … For latent organisations in some sectors, the last couple of years have been a wakeup call.”