KUALA LUMPUR, Nov 18 — It was through a Malaysian-based server that the United States (US) and Israeli intelligence agencies operated the notorious Stuxnet computer virus four years ago, successfully ruining one-fifth of Iran’s nuclear centrifuges in an early bid to cripple the republic’s controversial nuclear programme.
Stuxnet, according to past reports, is believed to be of Israeli origin with cyber superpower US as its leading force, and was speculated to have been designed solely to attack Iran’s nuclear facility in Natanz.
According to Israeli newspaper Haaretz in September 2010, the Stuxnet malware had sabotaged the uranium enrichment facility at Natanz, “where the centrifuge operational capacity has dropped over the past year by 30 per cent”.
When the virus hit the facility’s systems, the centrifuges used to separate enriched uranium, which is the precursor to bomb-grade material, from uranium hexafluoride gas, began breaking down, resulting in a shutdown of some systems.
According to reports, at least 1,000 centrifuges were destroyed in the virus attack between November 2009 and January 2010.
In an article by Gabriel Schoenfeld, senior fellow at US-based non-profit think tank Hudson Institute, on the Wall Street Journal (WSJ) last weekend, it was revealed that a server based in Malaysia had acted as Stuxnet’s “command post”.
This server, Schoenfeld explained, was used to read signals from computers affected by the virus, which was reportedly narrowly designed to only come to life when it encountered industrial programmable logic controllers (PLCs) operating proprietary software produced by German firm Siemens.
Schoenfeld, quoting from the book “Countdown to Zero Day” which chronicles the workings of the Stuxnet worm, noted that the PLCs running such software were installed in only one location — the heavily-fortified Iranian facility.
“The first thing Stuxnet did upon invading a computer was to ‘phone home’ — i.e., send a signal to a server (based in Malaysia) that operated as its command post.
“The signal reported key details about the computer, such as where it was located, what its IP address was and, critically, whether it contained the Siemens software.
“If it did not, the virus became inert — end of story. If the virus hit pay dirt, the fun began,” Schoenfeld explained, citing the book by Wired magazine reporter Kim Zetter.
The fun, the writer noted, included opening and closing valves on the centrifuges and adjusting their power supply. This, then caused a dangerous build-up of pressure and forced the uranium into a “dump line” where it went to waste.
“Ms Zetter suggests that Stuxnet might have also altered spin speeds, leading centrifuges to wobble, break free from their moorings and fly apart, not so quietly destroying entire production chains,” Schoenfeld said.
For whatever it did or did not accomplish, Stuxnet, which was designed under the codename “Operation Olympic Games”, later came to be known as the “hack of the century”, he observed.
Other reports described the worm as the world’s first cyber weapon, and a harbinger of future state-sponsored attacks on control systems across the globe.
Schoenfeld agreed, saying: “The epoch of cyber warfare inaugurated by Stuxnet promises to be no less unnerving than the nuclear-weapons age that began in 1945.”
He cited recent headlines of other viruses created by small-time hackers, some of which had wreaked havoc on financial institutions and even government systems.
In 1997, for example, a teenager hacked into a Bell Atlantic system and for six hours, tampered with the runway lights and crippled the airline’s control tower at Worcester, he recalled.
“If individuals or small groups of amateurs can perpetrate attacks of this magnitude, imagine what nation-states might do.
“With the advent of Stuxnet, state-sponsored attacks are no longer hypothetical,” Schoenfeld said.