Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
The virus scarier bombs. How hackers destroyed a nuclear plant in Iran
Material posted: Publication date: 01-10-2017

Russian hackers has become a brand of our time. Judging from the headlines around the world, crafty burglars almost omnipotent and able to at least pull out the light the ins and outs of the world anti-doping Agency, though, to sit in the White house Donald trump. While not hear hysteria about hackers from other countries. Meanwhile, just a few years ago hackers waged a successful sabotage at a nuclear facility.

Iran's nuclear program and caused a sharp reaction from a number of countries, primarily Israel and the United States. The Islamic Republic tried hard to join the nuclear club, but these attempts have only caused a cold fury in Washington and tel Aviv since the Islamic revolution Tehran saw as a dangerous enemy. Of course, here and there were plenty of hawks who would prefer to bomb any worthwhile way, but in 2000-e years remaining anonymous scouts came up with a much more subtle impact on the nuclear project of the ayatollahs.

Iranian President Mahmoud Ahmadinejad during a visit to the secret facility — the nuclear center of uranium enrichment — Natanz (Iran), April 8, 2008. Photo: © REUTERS/Presidential official website
Iranian President Mahmoud Ahmadinejad during a visit to the secret facility — the nuclear center of uranium enrichment — Natanz (Iran), April 8, 2008. Photo: © REUTERS/Presidential official website

The military operation would be extremely costly, would have caused obvious problems in the international arena, besides there is always the risk of unexpected failures. Plant uranium enrichment facility at Natanz was well protected, and bombing did not guarantee its complete destruction. However, non-trivial approach could be found.

For the destruction of Iran's nuclear program developed the original computer virus, called Stuxnet. The virus was confined to work with computers strictly defined configuration, that is, it has not begun to destroy the first system that came. Once on the new computer, Stuxnet began to scan the software finding the automated control systems used in nuclear industry. Such systems are specific to each plant — sensor system, control different nodes and aggregates all his own. Stuxnet was looking for a well-defined goal. If he didn't find this, then just "fell asleep" while waiting to move on.

It is interesting that, according to the American press, Israel has built a complex, imitating the Iranian plant for uranium enrichment. "Simulation centrifuges" working out the implementation of the system and the attack itself. The developers of the virus knew that second chance they never will, so that the first blow should be lethal.

However, the Iranians, of course, kept disconnected from the network computers, having operated nuclear facilities. So Stuxnet was spread via flash drives. With electronic saboteur used stolen certificates large reputable company Realtek for any cheat antivirus. The virus with all its complexity is very compact, and once on the computer, almost no read, no one just not had any reason to find him.

Room control enrichment at the facility in the nuclear center for uranium enrichment — Natanz Photo: © REUTERS/IRIB Iranian TV via Reuters TV
Room control enrichment at the facility in the nuclear center for uranium enrichment — Natanz Photo: © REUTERS/IRIB Iranian TV via Reuters TV

Of course, to spread so the virus could very long. However, the hackers had the opportunity to wait: the construction of a nuclear power station or nuclear weapons development — business not fast. Sooner or later someone had to make a mistake.

Initially, the attacks began to Iranian firms engaged in development programs for industrial enterprises. Exploration was represented by which companies can be involved in the nuclear program, so the virus was introduced primarily to firms with ties to them. At the same time remained vague circumstances of the initial infection, so that probably played a role, the good old human intelligence: someone had for the first time to insert an infected flash drive into the computer. However, to track the Odyssey Stuxnet could not even the creators. This virus was extremely well written so as not to cause any damage to the system that do not meet the necessary parameters, and not to leave the slightest sign of implementation. It later turned out that his inscrutable ways the virus has infected several industrial computers in Germany, but did not come into effect, because did not find matching parameters to those that were looking for.

In the summer of 2010, another copy of the Stuxnet finally found myself on the computer controlling Iran's nuclear centrifuge. And then the virus is turned on full.

A Bank of centrifuges at Natanz. Photo: © REUTERS/IRIB Iranian TV via Reuters TV
A Bank of centrifuges at Natanz. Photo: © REUTERS/IRIB Iranian TV via Reuters TV

Stuxnet was a small technical masterpiece. Just hack software of the centrifuges would not be enough: Yes, for a while they would stop, but then the virus would have waited a quick and inglorious end. However, the essence of the construction of this virus was that it took over control of the compromised computer and he started to give commands, but to have live operators maintained the illusion of control over the situation.

To do this, the virus spent some time within the system, gathering information about processes and the current mode of operation of the equipment. After accumulating enough information, the "worm" went to work. After gaining control of Iran's nuclear centrifuges, Stuxnet began to slowly change their mode of operation. Iranian centrifuges are designed for a certain speed. Stuxnet slowly changed the frequency of rotation, causing the centrifuges to work in critical conditions. The centrifuge was accelerated dramatically and as sharply braked. The operators were blissfully unaware of what is happening, as the indicators coming on their screens, virus falsified. The process took several months: the developers of the virus, obviously, believed that this time will be able how to wear the maximum number of centrifuges.

As a result, in one point of the Iranian centrifuges at Natanz have begun to fail. In a short time from 1368 in the possession of the country of the ayatollahs centrifuges just broke down without the possibility of recovery.

General view of the nuclear center for uranium enrichment — Natanz. Photo: © REUTERS/ISNA
General view of the nuclear center for uranium enrichment — Natanz. Photo: © REUTERS/ISNA

It was a milestone in the practice of information warfare. A computer virus caused physical harm. The hackers didn't just steal or destroy data, but mutilated existing in the real world industrial equipment. The destructive effect of the virus was comparable with aerial bombardment, with no real rocket did not fly more, even the fact of attack long remained in doubt. The head of the atomic energy Organization of Iran Gholam Reza Aghazadeh without explanation resigned, centrifuge stopped, and Iran's nuclear program had been set back years. In Iran, this story has caused a severe debriefing, during which even delayed "nuclear spies", which in the end was implicated in the accident.

However, the history of the virus-the saboteur did not end.


Sergey Ulasen

In the summer of 2010 Sergey ulasen, a specialist from the small Belarusian company "VirusBlokAda", found the unknown worm and its description made available to the General public. The company he worked for, olaseni, worked with clients from Iran, and they turned to him for help with their infected computers. Olaseni, already knowing that with the computer, combed through it carefully and eventually came out on an unknown virus. What struck security professionals is the availability of physical certificates, allowing to depict a "fair" program. Another thing that made the caught the virus the hero of the day, is its highly specialized purpose.

In the coming months, Stuxnet has studied literally under the microscope and disassembled into bytes. The General conclusion was almost unanimous: it is not a virus written by a hacker, a loner, and not a product of the creativity of bullies. Judging by the intellectual effort invested in the development of the virus, we are talking about sophisticated written a full combat program, created by the group of experts in the long term.

And the developers had the sources, to supply them with intelligence on the target you have to attack, and resources that are not characteristic for the network of bullies and for special services. Moreover, the virus existed in many versions and for a long time they traveled the world, infecting tens of thousands of computers.

Photo: © RIA Novosti / Vladimir Astapkovich
Photo: © RIA Novosti / Vladimir Astapkovich

Subsequently, he was nominated more or less reasonable version about actual cyberattacks. The fact that specifically attack by Stuxnet, was unpleasant for Iran, but not absolutely lethal consequences. However, Stuxnet destroyed only a specific goal, while the potential problems for such a virus can be much more. Management of industrial facilities, transport infrastructure — a variety of automated systems are nowadays implemented everywhere. As shown by the example of Iran, infiltration quite cleverly written worm can be carried out quickly. But further developments are limited only by the imagination of the authors of the virus.

Eugene Noreen

Source: https://life.ru/t/%D0%B8%D1%81%D1%82%D0%BE%D1%80%D0%B8%D1%8F/1047800/virus_strashnieie_bomby_kak_khakiery_unichtozhili_iadiernyi_zavod_v_iranie


RELATED MATERIALS: Defence and security
Возрастное ограничение