1 June 2015

The US Tried to Stuxnet North Korea’s Nuclear Program


A PRECISION DIGITAL weapon reportedly created by the US and Israel to sabotage Iran’s nuclear program had a fraternal twin that was designed to attack North Korea’s nuclear program as well, according to a new report.

The second weapon was crafted at the same time Stuxnet was created and was designed to activate once it encountered Korean-language settings on machines with the right configuration, according to Reuters. But the operation ultimately failed because the attackers were unable to get the weapon onto machines that were running Pyongyang’s nuclear weapons program.

WIRED reported back in 2010 that such an operation against North Korea would be possible in light of the fact that some of the equipment used by the North Koreans to control their centrifuges—the devices used to turn uranium hexafluoride gas into nuclear-bomb-ready fuel—appeared to have come from the same firms that outfitted the Iranian nuclear program.

“The computer-control equipment North Korea got was the same Iran got,” David Albright, the president of the Institute for Science and International Security and a long-time watcher of both nuclear programs, told WIRED at the time.

Albright published a study back then noting that the North Korean control system “is dual use, also used by the petrochemical industry, but was the same as those acquired by Iran to run its centrifuges.”

Iran uses industrial control systems made by the German firm Siemens to control and monitor the operation of its centrifuges.

Stuxnet is believed to have been created sometime in 2006 when President Bush’s advisers first floated the idea to him of attacking Iran’s program with a digital weapon to avoid bombing it through an airstrike.

The first version of Stuxnet was likely unleashed on systems in Iran in 2007—a copy of this version of Stuxnet appeared in the wild in November 2007. A later version of Stuxnet was unleashed on Iran in June 2009 and again in March and April 2010.

Stuxnet would infect any computer using the Windows operating system but would only unleash its payload on systems that had a specific configuration. That configuration included Siemens Step 7 or Siemens WinCC software and Siemens S7-315 and S7-417 programmable logic controllers.

The programmable logic controllers are small computers that control the speed at which the centrifuges spin as well as valves through which the uranium hexaflouride gas flows into and out of the centrifuges. The Step7 software is used to program the PLCs, while the WinCC software is used to monitor the PLCs and centrifuges to ensure that they’re operating correctly.

Once Stuxnet found a system with Step 7 or WinCC installed it would inject its malicious code into the PLCs that were connected to these machines and sabotage the operation in two ways—by either causing the centrifuges to speed up and slow down or by closing exit valves on the centrifuges, causing the gas to build up inside the centrifuges.

The targeted machines in Iran, like those in North Korea, are not connected to the internet. So the attackers had to devise ways to get the weapon onto those air-gapped machines. They did so by infecting five Iranian companies that are in the business of installing Siemens and other brands of industrial control systems at Natanz and other facilities throughout Iran. The attackers targeted these companies with the hope that contractors working at Natanz would carry the weapon into the well-guarded facility.

While the plan worked beautifully in Iran, it ultimately hit a snafu against North Korea where the nuclear program is even more tightly controlled than Iran’s and where few computers—belonging to contractors or anyone else—are online and accessible via the internet.

As WIRED reported in 2010, “someone would have to infiltrate the Hermit Kingdom’s most sensitive sites and introduce the worm into the command systems, a hard bargain to say the least. In other words, don’t go thinking the United States or an ally could magically infect North Korea with Stuxnet. But if more information emerges about the North’s command systems, that might provide fodder for a copycat worm—provided someone could introduce it into Yongbyon.”

No comments: