Wednesday, January 19, 2011

The Stuxnet Virus—A Hidden Battle for the Future of Israel

(The information below is largely based on an article that appeared beginning on page one of the Sunday New York Times, Jan. 16, 2011.)

Background

In the 1970’s, the Dutch were working on a new machine to enrich uranium. A Pakistani metallurgist working on the project, Dr. A.Q. Khan, stole the design and returned home to build his country’s first generation of uranium centrifuges which led to their development of an atomic bomb. Afterwards, Khan sold similar technology to Iran, Libya and North Korea.

Iran’s development of a nuclear program has been in the works for at least a decade, but came under new pressures with the rise of Mahmoud Ahmadinejad, elected president in June 2005. He has, of course, repeatedly voiced his determination to destroy Israel and even suggested he’s a divine instrument for that purpose. No threat is more intimidating to Israel than Iran’s attempt to build a nuclear arsenal under the direction of this ruthless, single-minded fanatic.

Repeated attempts to restrain the Iranian nuclear program, including trade sanctions by other governments, have not stopped them from developing a massive, highly sophisticated nuclear generating and enriching facility in the Iranian desert near Natanz (two hundred kms south of Tehran) where the underground facility is over 350,000 square feet covered by thick protective coverings of concrete and earth. For added protection, the Russians have installed and maintain advanced anti-aircraft missile batteries to ward off the threat of Israeli or American air attacks.

Nature of the threat

The Israelis have long insisted that the Iranian program was on track to develop nuclear warheads by 2015 or earlier and sought American aid to address the problem with air strikes. This follows their strategy used in June 1981 to destroy the Iraqi nuclear facility (“Osirak,” a joint Iraqi-French project)—an attack that was widely denounced by Americans, Europeans and of course, the UN. Later assessments were somewhat more appreciative that the Gulf War was not complicated by Saddam Hussein having nuclear weapons. There has been a more recent, less known, Israeli attack on a Syrian site in 2007 where the North Koreans were preparing an unauthorized nuclear reactor.

While both these attacks were capably carried out by the Israelis, attacking Iran posed many more challenges for success. The problems of distance and overcoming the Russian missile system would have stretched the Israeli air force to its limits and possibly provoked open war in the region.

With some of those concerns in mind, a 2008 request from the Israelis to President Bush for “bunker busting” bombs was refused. Meanwhile, the Israelis admitted that a successful strike might only push back the Iranian nuclear program by three years. However, when they presented the Americans with an alternative approach, a computer virus attack on the Iranian facility, Bush gave an initial go ahead; later, President Obama urged a speedy development of a stealth virus attack.

Preparing for attack

The complex worm secretly developed by the Israelis and Americans (initially denied by both governments) began with the growing awareness that the computerized controllers of the Natanz program were the most obvious weakness to be exploited. These controllers are separate computer components which oversee operational systems and computer programs. In this case, the controllers were operating the hundreds of uranium centrifuges inside the Natanz facility.

Both the Americans and the Israelis were aware of the types of centrifuge being used and called on various experts—including retired Israeli nuclear technicians. In preparation, both the Israelis and Americans built similar devices to figure out the best means of sabotage. Eventually, they learned how to speed up (or alternatively, speed up and slow down) the internal rotors causing them to wobble and then destroy themselves from the inside.

Avoiding Attention

The initial appearance of the Stuxnet virus in June 2009 did not attract much attention—it didn’t seem very active. One of the first to examine it in more detail was Ralph Langner, an independent computer security expert based in Hamburg, Germany. He noticed that the worm had only one specific aim: to attack a particular type of computerized nuclear facility and even more precisely, the computer control systems.

The ingenious nature of the virus was evident from its two major capabilities: First, programs to get nuclear centrifuges spinning wildly out of control until the machines literally self-destruct. Second, potential to send signals back to the control system indicating that the machines were doing fine—fully allowing the first part of the program to complete its destructive course without interference.

On further examination, Langner found added layers of sophistication:
1) the worm kicked into gear only when a particular array of controllers was found, i.e. those running a centrifuge plant, and it was even more precise, attacking a specific number of centrifuges: 984.
2) the dual aspect of the worm allowed the program to lie dormant for long periods of time. However, this dormancy was actually used to develop the second part of the program. The program used this down time to secretly record the normal operations of the nuclear plant. Once the centrifuges began running out of control, these same signals were played back to plant operators, preventing them from interfering before the destructive phase was completed.

In Langner’s view, “The attackers took great care to make sure that only their designated targets were hit. It was a marksman’s job. It is about destroying its targets with utmost determination in military style.”

Did the attack succeed?

Not until November 2010 did Iranian President Mahmound Ahmadinjad mention the virus attack, saying there had been minor problems but his experts had discovered it. A more accurate account of the Stuxnet’s success comes from the private, Washington-based Institute for Science and International Security, which issued a lengthy report. They noted that the Natanz facility suffered a series of failures in mid-2009 that led to 984 machines being put out of service.

The report concluded that the failures were a major problem for the Iranian program. While the attacks were not successful in halting the entire program and parts of the Iranian operation remain active, other areas have been stopped. Security experts note that the worm continues to circulate and may launch again in future since it can update itself off the net.

Recent statements by Israeli officials (as of Jan 2011), including the retiring head of the Israeli Mossad, have confirmed the view that the Iranian program is no longer an imminent threat. Israelis are confident that at least another three years has been gained—they have “postponed the timetable”—with at least the same effect as a direct hit on the Natanz facility by Israeli fighter bombers.

As the Israeli pilots returned from the successful operation on Osirak in 1981, their commander led the pilots in recalling this passage from Joshua 10:12-14:

On the day the LORD gave the Amorites over to Israel, Joshua said to the LORD in the presence of Israel: “Sun, stand still over Gibeon,
and you, moon, over the Valley of Aijalon.”
So the sun stood still,
and the moon stopped,
till the nation avenged itself on its enemies,
as it is written in the Book of Jashar.
The sun stopped in the middle of the sky and delayed going down about a full day.
There has never been a day like it before or since, a day when the LORD listened to a human being. Surely the LORD was fighting for Israel!