Tuesday, 12 July 2011
How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
Wired[1,2] has a really nice long write up on Stuxnet and how it was deciphered. It's a long and detailed article and makes for quite nice reading.
Bruce Schneier has also commented on it[3] as has Slashdot[4]. Sans also has coverage in their newsletter[5] along with some useful links[6,7].
Here's a blurb from the Wired article:
It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. Natanz technicians in white lab coats, gloves and blue booties were scurrying in and out of the “clean” cascade rooms, hauling out unwieldy centrifuges one by one, each sheathed in shiny silver cylindrical casings.
Any time workers at the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. The technicians had been doing so now for more than a month.
“We were not immune to the fact that there was a bigger geopolitical picture going on. We were definitely thinking … do I really want my name to be put on this?” – Eric Chien
Normally Iran replaced up to 10 percent of its centrifuges a year, due to material defects and other issues. With about 8,700 centrifuges installed at Natanz at the time, it would have been normal to decommission about 800 over the course of the year.
But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran’s enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate — later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months.
The question was, why?
To find the answers, read on... [1].
URL[1]: http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
URL[2]: http://www.wired.com/threatlevel/2011/07/stuxnet-timeline/
URL[3]: http://www.schneier.com/blog/archives/2011/07/history_of_stux.html
URL[4]: http://news.slashdot.org/story/11/07/11/1958249/How-Investigators-Deciphered-Stuxnet
URL[5]: http://www.sans.org/newsletters/newsbites/newsbites.php?vol=13&issue=55#sID300
URL[6]: Long Link [www.win32virusremoval.com]
URL[7]: Long Link [www.telegraph.co.uk]