More Clues to Stuxnet’s Origin

In case you haven’t seen it already, The New York Times ran an interesting piece last Saturday highlighting a host of clues suggesting the U.S. and Israel collaborated to build the Stuxnet worm that wreaked havoc on Iran’s nuclear program.

Among the more interesting facts presented, is that Siemens, the company whose industrial control computers were targeted by Stuxnet, gave the U.S. Department of Energy access to the software that the worm exploits so that the DoE could finds weaknesses in the software.

In early 2008 the German company Siemens cooperated with one of the United States’ premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world — and that American intelligence agencies have identified as key equipment in Iran’s enrichment facilities.

Siemens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory — which is part of the Energy Department, responsible for America’s nuclear arms — the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet.

The article goes on to say that while the U.S. and Britain had trouble getting their copies of the Dutch-Pakistani-designed P-1 centrifuges —  the type used by Iran to enrich uranium — to work, the Israelis were able to do so. Their success allegedly opened the door for the U.S. to test Stuxnet on the types of equipment used at Iran’s Natanz nuclear facility.

The Idaho National Laboratory, which conducted the tests with the Siemens software, insist that the project was part of an overall effort to shore up U.S. cyber defenses against outsiders attempting to take control of nuclear equipment, not some effort aimed at figuring out how to sabotage Iran:

the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory’s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation’s intelligence apparatus.

Still, it seems like one heck of a coincidence that the U.S. government was working to discover weaknesses with the very industrial control system that was successfully targeted by what has been called one of the most sophisticated cyber weapons ever used.

Here’s the whole article.

  • PKBills

    Good work!

  • crackedlenses

    Looks like the Israelis via Debka were right after all…..

  • Christopher Bloom

    Mutually Assured Destruction

  • Tim

    A great piece of offensive work. Probably more effective in causing Iran problems that the Trillions of
    dollars wasted fighting Bin Laden and the Taliban ever
    have been.

    • PAul

      Apples to oranges, you can’t realisticly compare the two.

  • eric

    i am also pleased that dear kevin didn’t turn this filmscript quality espionage/sabotage story into a vague cyberwarfare one.

  • IknowIT

    I think someone yesterday quoted Sun Tsu about winning without firing a shot- so this is a great move. On the other hand, technically, it’s not that big a deal, if you have inside cooperation, and God knows who at places like the NSA writing code for you. I am interested to know if there is a specific TYPE of machine that got infected- lot’s of things have software that can be attacked- not just “desktops”…

    Tomrants must be a troll and should be added to the /ignore list.

  • Will

    Siemens has a factory in my city & now I’m feeling even better about them.

  • PKBills

    Hard to understand how some of the world’s population can consistently turn anything the US does into a negative……..While this act was a great move and hopefully set their program back a few months in the end it will take bombs, sad but true.