Search This Blog

Monday, January 17, 2011

Postal Weaponry...

Before the days of email there were limited things one could do as far as using postal transactions as weapons.  There was the Anthrax attack in September of 2001 that resulted in the deaths of five people.  And who could forget Ted Kaczynski as the Unabomber.

These ideas and actions by terrorists are nothing new.  The first historical account of using the postal system for delivering weapons dates to 1764 (from Wikipedia): "Colonel Poulsen residing at Børglum abbey was sent by mail a box. When he opens it, therein is to be found gunpowder and a firelock which sets fire unto it, so he became very injured."

With the advent of email things have changed, or maybe not...

I have been reading about STUXNET.  This is the specifically targeted computer virus that has been attacking the Iranian nuclear facilities for the last couple of years.

Now this is not your run-of-the-mill "click here to see naked coeds" (or "buy Viagra" or "acquire a new Russian bride") email viruses that infects your PC.  No, this virus was much more specifically targeted to Iran's particular nuclear plant.  How it actually got in in the first place is a mystery - but one images that a craftily designed email sent to all the employees at the Iranian nuclear facility probably did the trick:

From: Zem Sibabuah
To: All Employees
Subject: Help me access my enriched uranium... 

I am Mr. Zem Sibabuah from Nigeria.  Due to unforeseen circumstances I have a warehouse of highly enriched uranium that was left to me by my grandfather.  However, do to unforeseen political circumstances I am unable to leave the country and make use of this uranium.

However, with your assistance I will be able to ship you all 30 pounds of uranium and pay a finders fee of $300,000 Euros.

Please open the attached instructions below and submit to me the forms it contains...


Mr. Zem Sibabuah
Nigerian Uranium Counselor


So one click by any one of the thousands of Iranian nuclear employees (or one of their Russian contractors) probably did the trick.

(I wonder if Russians get emails advertising US brides?)

Now the Stuxnet virus is a very specific virus.  It was designed to target something called the Siemens AG PCS 7 Industrial Controller.  This is a big, fancy computer system for controlling industrial machinery.  It reads sensors, controls machines, adjusts motor speeds and all of that sort of stuff.  In the case of Iran it controls something called the P-1. 

The P-1 is a nuclear gas centrifuge.

A nuclear gas centrifuge is a device that holds a gas containing uranium hexaflouride.  It is tube that spins around very fast and the uranium parts of the gas tend to move outward and collect at the outside of the tube.  In order to build atomic weapons you have to collect a lot of uranium.  It takes a lot of centrifuges a long time to collect enough gas to make a weapon - probably a thousand or so running for years.  These devices are fairly fragile and, if run at a higher rotational speed than recommended, for example, fly apart in fragments or otherwise break.

In the case of Iran there are 984 centrifuges.  These centrifuges are controlled by a Siemens PCS-7.

Now its probably no surprise that at the heart of the PCS-7 is our old friend Windows 2003.  That's right - Iran's entire nuclear centrifuge program is controlled by a Windows-based system.  Not surprisingly by 2008 people at the Homeland Security Department figured out that having a Windows-based system running something important was a "bad idea".

Now Stuxnet is very clever according to this NY Times article.

For one thing it seems to only like Siemens PCS-7 controllers in configurations that talk to 984 P-1 centrifuges. 

My, my, what a coincidence!

For another, it cleverly tells the centrifuges to run faster than their rated speed while happily reporting to the operators monitoring the PCS-7 system that everything is running exactly as it should be.

Stuxnet likes the PCS-7 only when connected to something called a PCL "Programmable Logic Controller".  This is a device that actually connects the computer network to things like pumps and other industrial things. 

Another surprise - Iran uses a PLC to run its centrifuges.

Finally it turns out that, surprisingly, Iran did not buy all of its software from official sources, i.e., like Microsoft and McAfee.  Since they don't have support they don't have the latest virus signature updates and Stuxnet just keeps on slipping by.  Imagine running your entire atomic weapons program on an unsupported set of Windows 2003 servers.

While a lot of this commentary is tongue-in-cheek I think its important to point out what can be done with a little clever hackery and a single email.

Iran's nuclear program is, I am sure, costing them billions of dollars.  By all accounts the Stuxnet virus has rendered it useless - at least for a time.  While Iran will eventually overcome this problem it has set their nuclear program back years.

The idea of mailing someone a box full of gun powder with a flint rigged to explode when its opened has sure come a long way in the last 250 years...

No comments:

Post a Comment