Experts dissecting the computer worm suspected of being aimed at Iran’s nuclear program have determined that it was precisely calibrated in a way that could send nuclear centrifuges wildly out of control.

Their conclusion, while not definitive, begins to clear some of the fog around the Stuxnet worm, a malicious program detected earlier this year on computers, primarily in Iran but also India, Indonesia and other countries.

The paternity of the worm is still in dispute, but in recent weeks officials from Israel have broken into wide smiles when asked whether Israel was behind the attack, or knew who was. American officials have suggested it originated abroad.

The new forensic work narrows the range of targets and deciphers the worm’s plan of attack. Computer analysts say Stuxnet does its damage by making quick changes in the rotational speed of motors, shifting them rapidly up and down.

Changing the speed “sabotages the normal operation of the industrial control process,” Eric Chien, a researcher at the computer security company Symantec, wrote in a blog post.

Those fluctuations, nuclear analysts said in response to the report, are a recipe for disaster among the thousands of centrifuges spinning in Iran to enrich uranium, which can fuel reactors or bombs. Rapid changes can cause them to blow apart. Reports issued by international inspectors reveal that Iran has experienced many problems keeping its centrifuges running, with hundreds removed from active service since summer 2009.

“We don’t see direct confirmation” that the attack was meant to slow Iran’s nuclear work, David Albright, president of the Institute for Science and International Security, a private group in Washington that tracks nuclear proliferation, said in an interview Thursday. “But it sure is a plausible interpretation of the available facts.”

Intelligence officials have said they believe that a series of covert programs are responsible for at least some of that decline. So when Iran reported earlier this year that it was battling the Stuxnet worm, many experts immediately suspected that it was a state-sponsored cyberattack.

Until last week, analysts had said only that Stuxnet was designed to infect certain kinds of Siemens equipment used in a wide variety of industrial sites around the world.

But a study released Friday by Mr. Chien, Nicolas Falliere and Liam O. Murchu at Symantec, concluded that the program’s real target was to take over frequency converters, a type of power supply that changes its output frequency to control the speed of a motor.

The worm’s code was found to attack converters made by two companies, Fararo Paya in Iran and Vacon in Finland. A separate study conducted by the Department of Homeland Security confirmed that finding, a senior government official said in an interview on Thursday.

Then, on Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart.

In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed.

“It’s striking how close it is to the standard value,” he said.

The computer analysis, his Wednesday report concluded, “makes a legitimate case that Stuxnet could indeed disrupt or destroy” Iranian centrifuge plants.

The latest evidence does not prove Iran was the target, and there have been no confirmed reports of industrial damage linked to Stuxnet. Converters are used to control a number of different machines, including lathes, saws and turbines, and they can be found in gas pipelines and chemical plants. But converters are also essential for nuclear centrifuges.

On Wednesday, the chief of the Department of Homeland Security’s cybersecurity center in Virginia, Sean McGurk, told a Senate committee that the worm was a “game changer” because of the skill with which it was composed and the care with which it was geared toward attacking specific types of equipment.

Meanwhile, the search for other clues in the Stuxnet program continues — and so do the theories about its origins.

By:
Copyright © 2023 CST, Inc. All Rights Reserved