Iran: Computer Malware Sabotaged Uranium Centrifuges

6 minute read

A security man stands next to an anti-aircraft gun as he scans Iran’s nuclear enrichment facility in Natanz, 300 kilometers [186 miles] south of Tehran, Iran, in April 2007.

Wired: In what appears to be the first confirmation that the Stuxnet malware hit Iran’s Natanz nuclear facility, Iranian President Mahmoud Ahmadinejad said Monday that malicious computer code launched by “enemies” of the state had sabotaged centrifuges used in Iran’s nuclear-enrichment program.

The surprise announcement at a press conference coincided with news that two of Iran’s top nuclear scientists had been ambushed Monday by assassins who killed one scientist and seriously injured the other.

Iran had previously acknowledged that Stuxnet infected the personal computers of workers at its Bushehr nuclear power plant but had insisted that the malware had not infected work systems involved in the nuclear program, and that the program itself had not been harmed. Officials did not mention then whether any computers at its nuclear facility at Natanz had been infected.

Natanz is engaged in enriching uranium that could be used to manufacture weapons. It was therefore believed by various computer security experts to have been Stuxnet’s likely target.

Ahmadinejad did not mention Natanz by name at Monday’s press conference but admitted that malware had “succeeded in creating problems for a limited number of our centrifuges.”

According to a recent report from the United Nations’ International Atomic Energy Agency, Iran had temporarily halted uranium enrichment at its Natanz plant for unknown reasons earlier this month. Thousands of centrifuges reportedly stopped production as a result.

Iran has had various problems over the years with equipment used in its nuclear facilities. The problems have delayed progress in both the country’s nuclear power plants and the uranium-enrichment program, which Iran has insisted is for peaceful purposes only.

Ahmadinejad said the malware that caused problems with its centrifuges was in software that the attackers had “installed in electronic parts.” He said the infection had been halted.

“Our specialists stopped that and they will not be able to do it again,” he said, according to the BBC. Ahmadinejad blamed Israel and “the West” for spreading the malware.

The Stuxnet worm was discovered on computers in Iran in June by a Belarusian security firm and has infected more than 100,000 computer systems worldwide, most of them in Iran. The targeted code was designed to attack Siemens Simatic WinCC SCADA systems. The Siemens system is used in various facilities to manage pipelines, nuclear plants and various utility and manufacturing equipment.

But speculation has focused on Iran’s nuclear facilities — at Bushehr, Natanz and other locations — being the most likely target. The sophisticated malware is believed to have been created by a well-financed nation state, with speculation focusing on Israel and/or the United States.

Security firm Symantec recently determined that the malware specifically targets Siemens systems that are used with frequency-converter drives made by two firms, one based in Iran and one in Finland. Even more specifically, Stuxnet targets only frequency drives from these two companies that are also running at high speeds — between 807 Hz and 1210 Hz.

Frequency-converter drives are used to control the speed of a device. Although it’s not known what device Stuxnet aimed to control, it was designed to vary the speed of the device wildly but intermittently over a span of weeks, suggesting the aim was subtle sabotage meant to ruin a process over time but not in a way that would attract suspicion.

“Using nuclear enrichment as an example, the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium,” Symantec’s Liam O Murchu told Threat Level earlier this month. “If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges … and the final grade of uranium you would get out would be a lower quality.”

Iran’s confirmation this week that malware was behind recent problems with its centrifuges suggests that Stuxnet may indeed have been designed specifically to target Iran’s nuclear program. But if this is the case, the assassinations on Monday could indicate that whoever targeted Iran felt the malware was insufficient to halt Iran’s nuclear program.

According to news reports, the scientists were targeted in separate but nearly simultaneous car bomb attacks near Shahid Beheshti University. Majid Shahriari and Fereydoun Abbasi, along with their wives, were driving to work when assailants on motorcycles zipped by their vehicles and slapped magnetized explosives to the cars, which were detonated within seconds.

Shahriari, who was head of an unnamed Iranian nuclear program, was killed. Abbasi, a high-ranking Ministry of Defense official who reportedly holds a Ph.D. in nuclear physics, was wounded. Both wives were wounded in the attacks.

Two other Iranian nuclear scientists have been killed in recent years. A senior physics professor at Tehran University was killed in January, when a bomb attached to a motorcycle exploded near his car as he was leaving for work. A second nuclear scientist died in 2007 from gas poisoning.

Ahmadinejad blamed Monday’s assassination attacks on Israel and the West.

“Undoubtedly, the hand of the Zionist regime and Western governments is involved in the assassination,” he said, according to an Associated Press account of the news conference.

Sunday’s disclosure of U.S. State Department documents also show that Arab nations share the same concerns that Israel and the United States have about Iran’s nuclear programs. The documents, given to various media outlets by the secret-spilling site WikiLeaks, reveal that King Abdullah of Saudi Arabia pleaded with the United States to stop Iran before it could develop an atomic weapon. Other Arab leaders were equally urgent that Iran had to be stopped.

There have been suggestions, however, that the Iranian government itself could have been responsible for the attacks on the two nuclear scientists.