Three days ago an updated report by the Institute for Science and International Security (ISIS) was published with the following conclusion:
While it has delayed the Iranian centrifuge program at the Natanz plant in 2010 and contributed to slowing its expansion, it did not stop it or even delay the continued buildup of LEU [low enriched uranium]. […] At the time of the attack, the Natanz FEP contained a total of almost 9,000 IR-1 centrifuges. The destruction of 1,000 out of 9,000 centrifuges may not appear significant, particularly since Iran took steps to maintain and increase its LEU production rates during this same period. […] One observation is that it may be harder to destroy centrifuges by use of cyber attacks than often believed.
They suggest that the malware was injected into systems in the supply-chain for Natanz.
Because of sanctions and trade controls, Iran operates international smuggling rings to obtain industrial control equipment, including the Siemens 315 and 417 PLCs. Although foreign intelligence agencies could infect or sabotage these PLCs abroad, they would have far greater chance of ultimately infecting Natanz by inserting Stuxnet in the core of Iran’s supply chain for the centrifuge program’s control systems.
This points strongly to an outsider cut-off from direct site access yet influential, which echoes a CIA method claimed to have caused the trans-Siberian pipeline disaster in 1982. On the other hand, it is said the attackers monitored and continued to modify Stuxnet, almost as if they had inside access and knowledge of their progress:
Symantec has established that Stuxnet first infected four Iranian organizations in June and July 2009. After the 2009/2010 attack, and before Stuxnet’s public discovery, the malware’s operators tried to attack again. Symantec found that in March, April, and May 2010, two of the original organizations were again infected. In May, a new Iranian organization was also infected. Were the Stuxnet operators dissatisfied with destroying only 1,000 centrifuges, or were they encouraged by their success? In any case, they were improving the code’s ability to spread by the spring of 2010, according to Symantec. These improvements undoubtedly sought to enable the program to again breech Iran’s security on its gas centrifuge program and destroy more centrifuges.
The report points out that the level of knowledge required for the attack had to come from a plant insider, but that the attack vector is more likely to have been from an outsider. The blended approach of Stuxnet emphasizes a loss of secrecy in their program, which may significantly affect Iran’s management of their nuclear effort far more than damage to controllers and centrifuges. The objective may have not been destruction but rather to demonstrate the sophisticated level of information leakage.
The popular theory is that contractors from Russia were the vector for the infection, which would make sense. They have (some level of) access to the facilities, and would certainly know if problems were noticed.
Quite possibly the contractors could hand-off USB flash drives to locals with higher level of physical access, who would then (knowingly or not) infect the facility computer systems.
As to who wrote the malcode, that’s still quite up in the air. I’ve seen one article with a fair amount of circumstantial evidence pointing to Israel, and a recent article claiming a national took credit, but that could just be a PR mission for Mossad.
I think it’s equally possible that the Saudis contracted Eastern European criminals to write the code and assist with the infection.
Attribution: It’s really hard.
I have heard that as well. It was posed to me as a strong-arm tactic by the Russians to force past-due payments from Iran, but that almost sounds like a joke.
I just started reading a book called “The Nuclear Jihadist” by Frantz and Collins.
They point out that Cheney and Rumsfeld under Ford actually wanted to give Iran nuclear capability back in the 1970s.
Page 58-59:
“…Rumsfeld advocated the sale of nuclear technology to Iran as a way to bolster American influence in the region, a view that aligned him with Kissinger and other administration officials, including Cheney and Paul Wolfowitz…”
They convinced President Ford to authorize it in 1976. When Carter debated the issue in the election Ford backed down, and apparently the CIA also informed Ford secretly at the time that Iran was planning to use the technology for weapons. Carter won the election and that was the end of the Rumsfeld plan.
Anyway, fast forward to the newly elected Bush Administration in the summer of 2001, with Rumsfeld, Cheney and Wolfowitz back in office. They were told by Pakistani intelligence, who learned from British intelligence, that Iran was stealing nuclear secrets for centrifuges from Pakistan. Interesting to see how Rumsfeld, Cheney and Wolfowitz reacted to this after being the ones who wanted to give the technology to Iran.
Page 250:
“…the CIA also sabotaged other equipment [sent to Iran] subtly to slow progress. […] The CIA and the administration [in 2001] were employing the same passive response implemented in 1975 — watch and wait. It would take a cataclysmic event to force them to act.”
Now I’m going to go out on a limb here and say that while the US took a passive role Pakistan actually may have been the upstream supply-chain link in the best position to make use of the secrets anyway. Instead of modifying parts like with the CIA counter-intelligence above and in the 1980s against the USSR, secrets stolen from Pakistan meant they had practically insider-level knowledge to design an attack specific to the PLC. British intelligence by 2003 was pushing the US to take action. Stuxnet then would have resulted from Pakistan and the UK (US too?) working together to modify Confickr and target it at Natanz.