Tag Archives: stuxnet North Korea

A War Like No Other: the Covert Invasion of Iran

Leave a reply

Within hours of Iran proudly announcing the launch of its latest centrifuges, on April 10, 2021, a power blackout damaged some of the precious machines at its site in Natanz…One thing reports seem to agree on is that an “incident” affected the power distribution network at Natanz.

Natanz is critical to Iran’s nuclear program. The heavily secured site is protected by anti-aircraft guns and has two large centrifuge halls buried more than 50 feet underground to protect them from airstrikes. Despite the conflicting reports, it appears the facility’s main power distribution equipment — Natanz has its own grid — was taken out with explosives. Backup emergency electricity also was taken down, and power cut out across the multibuilding compound, Behrouz Kamalvandi, spokesperson for Iran’s Atomic Energy Organization, told Iran’s state-run TV.

A blackout may not sound that serious, but it can be at an enrichment plant. Centrifuges are slender machines linked up in what are called cascades which enrich uranium gas by spinning it at incredibly high speeds using rotors. The stress on the advanced materials involved is intense and the process is technically immensely challenging. A small problem can send a centrifuge spinning out of control, with parts smashing into each other and damaging a whole cascade.

The question is: what caused the blackout – a cyber-attack or a physical act of sabotage, like a bomb?

Israel has a long history of sabotaging nuclear facilities in Iraq, Syria, and Iran, both through cyber means — including the sophisticated Stuxnet attack against Iran, which Israel conducted with U.S. and Dutch intelligence agencies — and with conventional bombs and explosives. Israel is also reportedly behind a number of assassinations of Iranian nuclear scientists and officials over the last decade. The Stuxnet attack was particularly significant because it launched the era of cyberwarfare, as it was the first cyberattack known to use a digital weapon that could leap into the physical realm to cause actual destruction of equipment. The highly skilled covert operation was conducted in lieu of a kinetic attack to avoid attribution and an escalation in hostilities with Iran; it remained undetected for three years..

Excerpts from Gordon Corera, Iran nuclear attack: Mystery surrounds nuclear sabotage at Natanz, BBC, Apr. 12, 2021, Kim Zetter, Israel may have Destroyed Iran Centrifuges Simply by Cutting Power, Intercept, Apr. 13, 2021

Who is the Boss? Cyber-War

Leave a reply

A new National Cyber Power Index by the Belfer Centre at Harvard University ranks 30 countries on their level of ambition and capability…That America stands at the top of the list is not surprising. Its cyber-security budget for fiscal year 2020 stood at over $17bn and the National Security Agency (NSA) probably gets well over $10bn. The awesome scale of America’s digital espionage was laid bare in leaks by Edward Snowden, a former NSA contractor, in 2013, which showed the agency hoovering up vast amounts of the world’s internet traffic and trying to weaken encryption standards.

China, in second place, has demonstrated a voracious appetite for commercial cyber-espionage abroad and an iron grip on the internet at home. Britain, whose National Cyber Security Centre has parried over 1,800 cyber-attacks since its creation in 2016, is third. Russia, whose spies interfered with America’s last election, is in fourth place. The big surprise is the Netherlands in fifth place, ahead of France, Germany and Canada. Dutch expertise in analyzing malware is particularly sharp…

Many countries outsource the dirtiest work to deniable proxies, like “hacktivists” and criminals….But while stealing things and disrupting networks is important, what matters most over the longer term is control of digital infrastructure, such as the hardware that runs mobile telecommunications and key apps. Dominance there will be crucial to economic strength and national security.

Excerpt from Digital dominance: A new global ranking of cyber-power throws up some surprises, Economist, Sept. 19, 2020

Iran Wants to Be North Korea: nuclear weapons

Leave a reply

The US tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons programme five years  (2010) ago but ultimately failed, according to people familiar with the covert campaign.  The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear programme in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uraniumc. Reuters and others have reported that the Iran attack was a joint effort by US and Israeli forces.

According to one US intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine…But the National Security Agency-led campaign was stymied by North Korea’s utter secrecy, as well as the extreme isolation of its communications systems...North Korea has some of the most isolated communications networks in the world. Just owning a computer requires police permission, and the open internet is unknown except to a tiny elite. The country has one main conduit for internet connections to the outside world, through China.  In contrast, Iranians surfed the net broadly and had interactions with companies from around the globe.

The US has launched many cyber espionage campaigns, but North Korea is only the second country, after Iran, that the NSA is now known to have targeted with software designed to destroy equipment.

Experts in nuclear programmes said there were similarities between North Korea and Iran’s operations, and the two countries continue to collaborate on military technology. Both countries use a system with P-2 centrifuges, obtained by Pakistani nuclear scientist AQ Khan, who is regarded as the father of Islamabad’s nuclear bomb, they said. Like Iran, North Korea probably directs its centrifuges with control software developed by Siemens AG that runs on Microsoft Corp’s Windows operating system, the experts said. Stuxnet took advantage of vulnerabilities in both the Siemens and Microsoft programmes…

Despite modest differences between the programmes, “Stuxnet can deal with both of them. But you still need to get it in,” said Olli Heinonen, senior fellow at Harvard University’s Belfer Center for Science and International Affairs and former deputy director general of the International Atomic Energy Agency…

The Stuxnet campaign against Iran, code-named Olympic Games, was discovered in 2010. It remains unclear how the virus was introduced to the Iranian nuclear facility in Natanz, which was not connected to the Internet.,,,According to cybersecurity experts, Stuxnet was found inside industrial companies in Iran that were tied to the nuclear effort. As for how Stuxnet got there, a leading theory is that it was deposited by a sophisticated espionage programme developed by a team closely allied to Stuxnet’s authors, dubbed the Equation Group by researchers at Kaspersky Lab…

In addition, North Korea likely has plutonium, which does not require a cumbersome enrichment process depending on the cascading centrifuges that were a fat target for Stuxnet, they said.

Excerpts from NSA tried Stuxnet cyber-attack on North Korea five years ago but failed, Reuters, May 29, 2015