LONDON (Reuters) - New research on the Stuxnet worm shows definitively it was made to target the kind of equipment used in uranium enrichment, deepening suspicions its aim is to sabotage Tehran’s suspected nuclear arms program, experts say.
Stuxnet, a malicious computer worm of unknown origin that attacks command modules for industrial equipment, is described by some experts as a first-of-its-kind guided cyber missile.
Thanks to the worm’s sophistication, uncertainty has lingered about its origins and exact aim since German company Siemens first learned in July that the malware was attacking its widely-used industrial control systems.
Some analysts point to unexplained technical problems that have cut the number of working centrifuges in Iran’s uranium enrichment program as evidence that its nuclear ambitions may have suffered sabotage.
Diplomats and security sources say Western governments and Israel view sabotage as one way of slowing Iran’s nuclear program, which the West suspects is aimed at making nuclear weapons but Tehran insists is for peaceful energy purposes.
New research by cyber security company Symantec contains evidence that apparently supports the enrichment sabotage theory, pointing to tell-tale signs in the way Stxunet’s changes the behavior of equipment known as frequency converter drives.
A frequency converter drive is a power supply that can alter the frequency of the output, which controls the speed of a motor. The higher the frequency, the higher the motor’s speed.
Stuxnet “sabotages” the systems the drives control, a paper posted online by Symantec researcher Eric Chien said.
“We’ve connected a critical piece of the puzzle.”
Stuxnet’s approach is to monitor the frequency of these drives and only attack ones that run between 807 Hertz (Hz) and 1210 Hz — very high speeds used only in a limited set of applications, including gas centrifuges.
Once operation at those frequencies occurs for a period of time, Stuxnet begins modifying the behavior of the frequency converter drives and in effect sabotages it, Symantec said.
Ivanka Barzashka, a research associate at the Federation of American Scientists, said in an email that if Symantec’s findings were true they were very significant.
“If Symantec’s analysis is true, then Stuxnet likely aimed to destroy Iran’s gas centrifuges, which could produce enriched uranium for both nuclear fuel and nuclear bombs.”
Leading German cyber expert Ralph Langner, who says he reached the same conclusion independently of Symnatc, agreed that a gas centrifuge was the likely target.
“This finding strongly points to a controller for a module in a gas centrifuge cascade,” he blogged. “One reasonable goal for the attack could be to destroy the centrifuge rotor by vibration, which causes the centrifuge to explode.
Enrichment is a method of boosting the proportion of fissile isotope found in uranium ore to make it usable as nuclear fuel or the explosive core of nuclear weapons. A gas centrifuge is a machine that separates the fissionable U-235 isotope from the much more prevalent U-238 by spinning at supersonic speeds.
For story on cyber warfare threat: (Additional reporting by Fredrik Dahl in Vienna and Mark Heinrich in London)
Editing by Noah Barkin