Friday, September 18, 2015

The Stuxnet Worm

1 Overview of Stuxnet

Stuxnet is a sophisticated worm designed to target only specific Siemens SCADA (industrial control)
systems.
It makes use of an unprecedented four 0-day vulnerabilities- attacks that make use of a security
vulnerability in an application, before the vulnerability is known to the application’s developers.
It also uses rootkits - advanced techniques to hide itself from users and anti-malware software -
on both Windows and the control computers it targets. It employs two stolen digital certificates to
sign its drivers, and its creators needed a large amount of knowledge of its targeted systems. See
Figure 1 for an overview.
It was discovered in June 2010, but an early version appeared a year earlier. It is widely
suspected of targeting Iran’s uranium enrichment program, since it is rather specific about what it
attacks, and this matches the Iranian Natanz enrichment plant.
One indication that Stuxnet targeted Iran’s nuclear program is that it only targets facilities that
have a certain specific physical layout. The layout of the centrifuges in a facility such as Natanz is
called a cascade, and describes how the centrifuges are piped together; this is done in stages, and
the centrifuges within one stage are piped in parallel.
Iranian President Ahmadinejad visited Natanz on April 8, 2008, and photos of the visit were
published on his website as a photo-op. In one of the photos (Figure 2) is what appears to be a
monitor showing the structure of a so-called IR-1 (for Iran-1 centrifuge) cascade. This structure,
giving the number of centrifuges in each stage, matches the Stuxnet code exactly.
Iran’s nuclear program launched in the 1950s with the Shah of Iran obtaining non weapons-
related assistance from the United States’ “Atoms for Peace” program. The program’s inception
was delayed because of the 1979 revolution and after that because of the Iran-Iraq war. However,
Iran’s new leaders were interested in continuing the nuclear program and started getting help from
other countries to further it.

1 comment: