Stuxnet control 'was in Thailand'
A new account of the Stuxnet worm attack on Iran's nuclear processing plants says one of four servers controlling Stuxnet was in Thailand.
- Published: 27/02/2013 at 10:05 AM
- Newspaper section: news
Iran's President Mahmoud Ahmadinejad inspects the uranium-processing centrifuges. At the time of this photo in 2009, the Stuxnet worm was causing major problems in the Iranian project to refine nuclear fuel. (File photo)
A summary of the report on Wednesday by correspondent Tim Greene of Network World said the command and control servers were concealed on the internet, with "unavailable" IP addresses.
The servers fed updates to the worm from its programmers, and received back information including photos and the state of Iran's uranium enrichment process.
The worm "was at work sabotaging a uranium plant in Iran a year earlier than previously thought," said the new account, well before then-president George W Bush officially authorise the use of cyberwar against Iran.
The authors and controllers of the Stuxnet worm have not been publicly identified. Most security experts agree the worm was a joint effort by Israel and the US.
Stuxnet, whose existence was discovered by security analysts in the private sector in 2010, aimed to sabotage the centrifuge enrichment process at the Nanantz plant in Iran.
Mr Greene's new account of the worm, based mostly on two analyses by the Symantec security firm, said Stuxnet was in operation from November 2007 to July, 2009. Previous research indicated it began to run in 2008.
The highly sophisticated worm used a flaw in Windows and in software made for the Iranians by the German firm Siemens, which also supplied the machinery involved.
"The worm would find Siemens programmable logic controllers (PLC) used to manipulate valves that fed a gaseous state of uranium ore into centrifuges for separating out the uranium," Mr Greene's report said. "Closed at the right time the valves would disrupt the flow of the gas and possibly damage the centrifuges."
To control this sabotage required major input from controllers, and thus the command and control servers in Thailand, France, the US and Canada.
Previous analysis had concluded the servers were in Denmark and Malaysia. The new reports showcase how covert the Stuxnet programme remained over a period of three years.
The source documents presented Wednesday provide no analysis or guess as to the actual location and human controllers of the servers. But the home page of the machines, called Media Suffix, carried the motto "Deliver What the Mind Can Dream".