By Christopher Williams
A British security expert has uncovered new evidence in the Stuxnet virus attack on Iran’s nuclear programme.
The Stuxnet computer virus, created to sabotage Iran’s nuclear programme, was the result of collaboration between at least one Western power and the Israeli secret service, a British cyber security expert has found.
Tom Parker, a US-based security researcher who specialises in tracing cyber attacks, has spent months analysing the Stuxnet code and has found evidence that the virus was created by two separate organisations. The hard forensic evidence supports the reported claims of intelligence sources that it was a joint, two step operation.
“It was most likely developed by a Western power, and they most likely provided it to a secondary power which completed the effort,” he told The Daily Telegraph.
The malicious software, first detected in June last year, was almost certainly designed to make damaging, surreptitious adjustments to the centrifuges used at Natanz, Iran’s uranium enrichment site. While he downplayed its impact, the Iranian President Mahmoud Ahmadinejad has confirmed Stuxnet set back his nuclear ambitions.
Separate investigations by US nuclear experts have discovered that Stuxnet worked by increasing the speed of uranium centrifuges to breaking point for short periods. At the same time it shut off safety monitoring systems, hoodwinking operators that all was normal.
Mr Parker found that this part of the attack must have been conceived by “some very talented individuals”, and the other by a less talented, or more rushed, group of developers.
The element written by the first group, which was activated after Stuxnet reached its target and is known as the “payload”, is very complex, well designed and effective, according to Mr Parker’s analysis. He believes this is evidence of the involvment of a major Western power or powers – potentially including Britain – because they have both the scarce cyber expertise, and access to the tightly-regulated nuclear equipment necessary to test the virus.
In contrast, the way Stuxnet was distributed and its “command and control” features, which allow it to be remotely altered, include many errors and are poorly protected from surveillance.
“It’s a bit like spending billions on a space shuttle and then launching it using the remote control from a £15 toy car,” said Mr Parker.
His criticisms of Stuxnet’s distribution mechanism, presented this week at the Black Hat computer security conference in Washington DC, are supported by other experts, including Nate Lawson, a computer encryption consultant.
“Either the authors did not care if the payload was discovered by the general public, they weren’t aware of these techniques, or they had other limitations, such as time,” said Mr Lawson.
However, the apparently cheap wrapping of an expensive package points to Israel as the distributing power, said Mr Parker.
Each of the two stages of the Stuxnet operation demanded different resources to succeed. Stuxnet’s distributors may not have had the elite software engineering abilities of those responsible for the payload, but according to President Ahmadinejad, they hit their target.
Ensuring the virus reached Natanz would have required secret cooperation inside the Iranian nuclear programme, a field of state espionage in which Israel’s Mossad agency is acknowledged as unrivalled. Last week Iran claimed to have destroyed a network of 10 spies “linked to the Zionist regime”, a sign, at least, of the threat the regime feels from Israeli spies.
Furthermore, Mr Parker’s finding that two apparently discrete clandestine teams, each with different resources, were responsible for Stuxnet is consistent with a report in the New York Times last week, which cited unnamed intelligence officials who said the virus was created using American knowledge of the relevant equipment and completed by Israel.
Professor Peter Sommer, a computer forensics expert the London School of Economics and Political Science, said the Stuxnet attack’s complexity in both the digital and physical realms was very impressive. However, he added that the virus itself heralds only an evolutionary stage in the cyber security threats nations that will face in future.
“We should see this as another type of tool in statecraft,” Professor Sommer, who advises the OECD on cyber security, said.
Mr Parker agreed. “If you think Stuxnet is revolutionary then you slept through the revolution,” he said.