Exclusive: New thesis on how Stuxnet infiltrated Iran nuclear facility
Source: Christian Science Monitor
The Stuxnet worm that attacked Iran's nuclear facility at Natanz came to light nearly four years ago, but how it got there remains a mystery. A possible new explanation, outlined Tuesday, cites the supply chain as the key.
<snip>
Presented by Critical Intelligence, a cyber security firm based in Idaho Falls, Idaho, the tale of cyber infiltration comes nearly four years after the covert operation was discovered. Its already been fairly well documented that the United States and Israel created the Stuxnet worm, which ultimately infected and destroyed about 1,000 fuel-refining centrifuges at Natanz. The surreptitious attack sowed confusion within Irans uranium-fuel-enrichment program, which the US suspects is aimed at creating a nuclear bomb, and delayed it for years.
But how did Stuxnet get in there? As early as 2004, US intelligence agencies identified an Iranian company, NEDA Industrial Group, that had oversight of the Natanz facilitys computerized industrial control systems, says the Critical Intelligence report, citing documents gleaned from federal court cases, leaked State Department cables, and nuclear proliferation reports.
Documents suggest that the US was monitoring NEDAs efforts to procure components that may be needed for a nuclear weapons program, says Sean McBride, lead author of the report and director of analysis for Critical Intelligence. The report is the first to name NEDA in connection with Stuxnet.
<snip>
Read more: http://www.csmonitor.com/World/Security-Watch/2014/0225/Exclusive-New-thesis-on-how-Stuxnet-infiltrated-Iran-nuclear-facility
groundloop
(11,519 posts)This particular theory makes sense, I work with industrial control systems and fully understand the difficulty in pulling off something like this. Someone had to know the particular system in use pretty darned well.
bemildred
(90,061 posts)Kelvin Mace
(17,469 posts)it will be called "an act of war" and we will bomb someone.
jeff47
(26,549 posts)There were the reports of China hacking US "high-tech" companies a few years ago. Israel is rumored to do massive amounts of industrial espionage, but it's difficult to separate "real" claims from antisemitism. Heck, France stole technology from Boeing and other defense companies in the 1990s.
Kelvin Mace
(17,469 posts)Spying on us and hacking web sites is not the same thing as doing actual physical damage to something.
Stealing airplane blueprints from Boeing is not the same thing as infecting the software of centrifuges at a uranium processing facility so that they spin out of control and damage themselves.
Fortunately, no one was injured, but the potential was certainly there.
There is a distinction between "espionage" and "sabotage".
jeff47
(26,549 posts)That would be sabotage.
(Not terribly effective since backups existed)
Not really - there is an expected failure rate on those centrifuges. A significant portion are expected to break, even if there is not a deliberate effort to damage.
As a result, they are constructed and operated such that failures won't hurt people.
Kelvin Mace
(17,469 posts)deleting/stealing data and causing something to operate in such a way as to cause physical damage.
If the Iraqis infected computers in the U.S. and caused similar damage, we would be all up in their grill with missiles, bombers and drones.