Whenever we have heard of Stuxnet we have heard that it “infected a nuclear power plant”. What exactly does that mean? What did the creators of Stuxnet achieve by infecting the headquarters? According to the investigations, the purpose of Stuxnet was to delay the Iranian nuclear program.
The Iranian plant uses centrifuges to enrich uranium. The design is the IR-1, originally developed in Europe in the 1960s, stolen by A.Q. Khan, a nuclear secrets broker, who handed it over to Iran in the 1980s. Iranian engineers failed to fully master the complexity of the system and were unable to put it to full function. However, they did succeed in producing these centrifuges on an industrial scale, so they could replace them faster than they broke down.
The first version of Stuxnet was aimed at Siemens S7-417 industrial controllers, those in charge of controlling centrifuge valves and pressure sensors. Back then, Stuxnet came in the form of a configuration file for Siemens software. On the outside it looked normal, but it exploited some flaws in order to carry out its actions.
The infection of these drivers was very unglamorous: someone had to manually open that configuration file, either via USB or by keeping it on one of the laptops used to configure the systems. Stuxnet had no self-propagation method at the time.
When the malicious file was loaded, it skipped the execution code and took control of the system, but in a very discreet way. It replaced system functions that allowed legitimate code to access sensor readings, and then let everything run normally as if nothing was happening.
However, when a number of conditions were met, Stuxnet went into action. It would record 21 seconds of sensor readings and then loop them back. More specifically, it overwrites the memory regions in which the read data with which it had recorded was stored. In this way, when the SCADA control system (on another computer, external to the Siemens controller) asked for the readings, the controller would return the reproduced Stuxnet readings and neither the engineers nor the automated systems would see anything abnormal.
Once Stuxnet had drawn the curtain, he went to work isolating stages from the centrifuges, so that the pressure in the system began to rise. At this time, the exhaust valves should actuate and release excess pressure. But they did not.
What was the objective of Stuxnet?
Stuxnet simply periodically modified the conditions of the centrifuges, putting much more stress on the rotors and leading to more frequent failures and replacements. In this way, they managed to have frustrated engineers looking for what caused such a high failure rate in the systems (obviously, they were not looking for malware but flaws in design or construction) instead of moving forward to improve the performance of the plant.
Thanks to this, the personnel of the nuclear power plant sat down to look for the problems that caused this and not to advance in their projects with which their objective was fulfilled, which was to delay these projects.
Stuxnet can be considered the first cyberweapon. He is the pioneer in this world, and he points out several points and ideas on which his successors will focus in the future.
The first is the sample of how vulnerable industrial systems can be. The bugs that were exploited to get into Siemens controllers are software design flaws, not just bugs, and therefore more difficult to fix with a quick patch applied.
On the other hand, we also have the problem of security and access control to those systems. The second version used several 0-day vulnerabilities in Windows, but the first was introduced manually and without much computer science.
[…] also:Stuxnet, the first cyberwar computer wormWhat is cyberwar or technological […]