The Stuxnet worm was discovered in June in Iran, and has infected more than 100,000 computer systems worldwide. At first blush it appeared to be a standard, if unusually sophisticated, Windows virus designed to steal data, but experts quickly determined it contained targeted code designed to attack Siemens Simatic WinCC SCADA systems. SCADA systems, short for “supervisory control and data acquisition,” are control systems that manage pipelines, nuclear plants, and various utility and manufacturing equipment.
Researchers determined that Stuxnet was designed to intercept commands sent from the SCADA system to control a certain function at a facility, but until Symantec’s latest research it was not known what function was being targeted for sabotage. Symantec still has not determined what specific facility or type of facility Stuxnet targeted, but the new information lends weight to speculation that Stuxnet was targeting the Bushehr or Natanz nuclear facilities in Iran as a means to sabotage Iran’s nascent nuclear program.
According to Symantec, Stuxnet targets specific frequency converter drives — power supplies that are used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.
The malware, however, doesn’t just sabotage any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.
Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds – between 807Hz and 1210Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”
“There’s only a limited number of circumstances where you would want something to spin that quickly -– such as in uranium enrichment,” said O Murchu. “I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device,” he added.
Wikileaks repported that, soon after the virus' apparent introduction into Iran, the Iranian nuclear program hit serious problems, with nearly a thousand centrifuges going offlline and mysterious resignations a-plenty.
Go, read the article in full.