The World’s First Cyber Weapon Attack on a Nuclear Plant | Cyberwar
Apr 05, 2024a secret facility in Iran renews fears of a
nuclear
threat the nations of theworld
must not allow the Iranian regime to obtainnuclear
weapon
s a computer virus that has never been seen before this is not two children in a basement in Kansas releasing code the virus sabotage that secret facility it used very advanced capabilities to cover or obfuscate itself who built it why it is a mystery this was an act of war it was an act of war without there being a stagnant war it is thefirst
knowncyber
weapon
in theworld
There are conflicts that are rage around us and that we cannot see.
Hackers are poised to dominate the 21st century, reshaping geopolitical landscapes, sometimes on behalf of terrorists, but often for governments or simply because they think it's the right thing to do. As a reporter I've been covering nationally. Security for vice and increasingly my job is to track these digital battles. There is a computer virus that really showed how far everything had come. In the early 2000s, the United States began to fear that Iran, its sworn enemy since 1979, was secretly developing its own nuclear weapons. The ONU. responded with San s, the US and Israel threatened war and then a mysterious computer virus appeared in June 2010.
More Interesting Facts About,
the world s first cyber weapon attack on a nuclear plant cyberwar...
We turned to sanch, yes, the same company that protects your desktop from malware to speak with an engineer and expert that the forensics dismantled it. I got stuck online and found out that it wasn't just an ordinary Trojan virus. I contacted Sanch security researcher Eric Chen, who performed some of the most in-depth analysis of the virus when it
first
appeared. The threat we analyzed may take us 5 to 20 minutes and we know exactly what it does, but it took us months, more than three months, to analyze it, so that can give you an idea of how difficult, how big and how complicated it is. uh the threat was so why don't you tell me how you discovered the stuck network?
Basically what happened was another security company based in b Bru uh found this binary and it had something called zero day, why not? Won't you tell me what a zero day is? A zero day is basically when you have what's called a vulnerability or you have some kind of hole in your computer, a bug of some kind that allows someone to execute code on your machine without you knowing. the computer just needs to be on and maybe even connected to the internet and that's it, you don't need to be logged in, you don't need to be browsing the web, you don't need to double click on any files, and that It means you have no way to protect yourself, what if you've never seen it before?
An average threat does not have any type of exploit within it. This thing had four zero days. What distinguishes a zero-day is that it is a security flaw. that there is no solution for Zer days are incredibly rare and for that reason incredibly valuable what were the details that set off an alarm there are these skada ropes within skada basically it's technology that controls robots and automation or power
plant
s and things like that and we had never seen a threat that mentioned anything to do with SCADA. This thing could actually beattack
ed by some kind of national critical infrastructure.This isn't like two kids in the basement in Kansas putting together code. The frame clearly had quality assurance behind it. Here we are talking about something that is simply orders of magnitude larger than what we have seen before as their research deepened. Eric and his team realized that the jammed network was designed to target computers running Seaman's proprietary software called Step. 7, the first thing that caught our attention were all these chains like S7 and we started searching on Google for those types of chains, we saw wicc and we saw step 7 and when we searched for them we determined that it was actually software that would control the plcs of plc. programmable logic controllers computer systems used to convert digital code into physical commands that automate everything from factory machinery to heating and cooling systems Eric was now in uncharted territory, so we contacted the International Security Community and were blogging throughout that summer counting people, if you're a PLC expert, if you're a critical national infrastructure expert, contact us because we didn't even know what a PLC was at the time.
Eric and his team learned that PLCs are extremely vulnerable to
cyber
attack
s, but he still didn't know which machines were the targets. This sophisticated malware or malicious code was detected in industrial control systems around the world. Cybersecurity analysts were baffled at the same time Homeland Security was also trying to understand the virus. Sean Mcer was the director of enck the cyber branch of the Department of Homeland Security when the Stu network was identified, what did the team see from him when they took it down? Well, the first thing we saw was that it was very sophisticated and its communications capability, so if you think of the stuck network as a kinetic device. like a missile, you had the delivery vehicle, you know, which put the payload on the target, so to speak, and then the payload itself, and they were unique features to both.Stu Net's ability to perform uncontrolled digital reconnaissance was essentially digital. You know, fire and forget kind of approach, the fact that it used, you know, four zero-day vulnerabilities to gain access to the network, is something you haven't seen in the code before. Someone willing to risk so many zero days to gain access. place and then when we saw the part of the payload that was actually targeted specifically at an industrial control environment which is really for us, it became a very significant event because normal malware doesn't attack control systems and this focused specifically on control systems, it was non-stop.
For weeks this was all we thought about in everything we worked on and you can imagine it was a really big change from what we had done before the average threat, we were done in 5 to 20 minutes and here we were sitting on the same day of the threat. After the day, hour after hour, night after night, and you know, we weren't bored every day, every week, we were discovering new little clues, new breadcrumbs that kept us going and kept us digging and searching until basically November , when I finally discovered that this was in fact sabotage of the cities in what was basically an accident.
Eric and his team became involved in a real-life International Spy Thriller complex. The militia's complex code had been written specifically to destroy Iran's nuclear facilities while its authors remained. In the shadows, in 2002, the world discovered that Aan had been building a secret uranium enrichment facility near the city of Nutans. The stuck computer virus has a direct link to this controversial
plant
. The fact that Iran never declared the plant raised suspicions of infringement. of Iran's obligations James Acton knows nuclear policy inside out he also controls the work of the ie a or the international atomic energy agency the world's nuclear watchdog can you tell me what the climate was around the discovery of nans?You know that Iran is a member of the non-proliferation treaty and one of the requirements of that is that you can do practically anything you want in the nuclear field, except build a bomb, but you have to declare it and not declaring nuclear facilities is a violation. From your agreement with the AI you found activities that look a lot like what you wanted to do if you were building a nuclear weapon and why were you so interested in the N, for example, why was it the last straw? Controversial plant because, first of all, you know that any enrichment is inherently sensitive, it is inherently dual-use, you can use it for fuel production or you can use it for nuclear weapons production, the size of the plant was suspicious, the plant in It's actually too small for a civilian, er, military plant.
The plants do not need to be as large as civilian plants, so they were expanded as if they were suitable for producing enriched uranium for weapons, but they were not sized for enriched uranium for nuclear reactors and the discovery of the Iranian program caused much concern. . I mean, there were a lot of countries that are really afraid and very afraid of Iran getting the bomb and afraid of the consequences of doing so. Iran aggressively pursues these weapons and exports terrorist states like these. and their terrorist allies constitute an AIS of evil weapons to threaten the peace of the world.
Iran denied that nans were being used to produce nuclear weapons, but its government bowed to pressure in 2003 and temporarily suspended uranium enrichment and processing activities at nans and then again in 2005. President-elect Mahmud Amadin Jad defiantly restarted the program. Within months, the Nans facility was up and running and uranium enrichment once again raised concerns about sanctions imposed by the UN in 2009. Israeli Prime Minister Benjamin Netanyahu challenged the United States to stop Iran's nuclear program, the most urgent challenge you face. This body today is to prevent the tyrants of Teran from acquiring nuclear weapons. Netanyahu was privately considering airstrikes against Nans.
It is during this high-stakes political confrontation that a trapped network was detected in June 2010; In fact, a net was found trapped in countries around the world, but infection rates in Iran were off the charts and at the plant, at N tons, centrifuges were breaking down at an unprecedented rate. Stu Net's design is complex but its operation is deceptively simple like a security camera. The virus logs 30 days of normal operation at the shelter center while hiding. in the system, when the student attacks the centrifuges, it plays the pre-recorded data so that outside operators cannot see the infection spreading inside the centrifuges and those 30 days were not a coincidence, that is how long it basically takes for a cascade Basically, the centrifuges are fully loaded with uranium gas, so they basically wanted their sabotage effects to occur right at the peak moment and cause the most damage, so the centrifuges in your hands will normally spin at 1000 Hertz and what made the threat was to speed up the centrifuges to 1400 Herz to make them really fast or reduce them to two Herz to make them really slow and what would happen is that when they spin very, very fast, the centrifuge would basically vibrate uncontrollably and it would just break and you would literally have flying aluminum fragments.
The room was perhaps a domino effect of centrifuges falling and collapsing on top of each other and uranium gas dripping everywhere, eventually they would press the big red button to trigger a shutdown. Stet was smart enough to also hijack that that big red button also went through a computer and they hijacked that code and would basically ignore it and allow its payload to take effect once it was inside. It was unstoppable. They were doomed. Yes. The operators were convicted. The plant was doomed. The Stuck Network was the first digital weapon known to physically destroy its targets, but the Nans computer systems were not connected to the Internet, so how did the Stuck Network get into the system?
In 2010 it became clear that someone had decided that measures more drastic than sanctions and less spectacular than airstrikes were needed to curb Iran's nuclear program because Out of nowhere, a mysterious surveillance virus called Sticked Net was sabotaging an Iranian nuclear facility. , but the computers at the facility were not online, so the question remained how the virus got into the system. I went to Darknet J, an operational security expert, to understand how. The stuck web could have infected them, so how did the stuck web jump the air gap and infect Niton? It jumped the air gap traveling on a USB stick that someone placed in the computer.
Darket J replicated the USB exploit to show me how the stuck network was infected. computers and N tons are fine, so what happens is you put the USB in and open the folder. Windows looks for an icon that is a malicious payload that can write to the system. I have it opening the calculator, so once the desired target opens the folder with Stu net inside it, what happens next, essentially you can have complete control of your computer, meaning you can type anything into the hard drive, it can obtain Internet credentials if you enter them at that time, it can also spread within your premises. wow area network, it's the Keys to the Kingdom, meaning that someone got in physically trapped in the network at the Iranian facility, probably an unwitting engineer with an infected USB inside the virus wreaked havoc.
The fuses in the center were destroyed and the Iranians had no idea, butthen Eric Chen and his team at Sanch. announced to the world the details of the jammed network in a blog post and then Naton shut down most assumed Iranian authorities finally understood the mess they were in and we are trying to clean it up after two Ronan nuclear scientists were attacked by assailants on motorcycle. whoever slipped a sticky bomb into one of their cars one died the other was seriously injured apparently whoever was behind the trapped network moved to plan B shortly after the Iranian president admitted that a virus caused the closure of nans he blamed Israel but couldn't back it up By presenting some hard evidence, the murder sent a chill through the cybersecurity community, did it make you a little nervous?
We looked in River's mirrors all the time and you know if he saw a motorcycle and watched them closely, it definitely wasn't one. We didn't know we were in the middle of a big geopolitical issue. Iran openly accused Israel in the US of being the masterminds of the gridlocked network. I want to talk to someone who was trying to prevent the crisis from escalating further. Beautiful day Jamal Abdi is a Foreign Policy Analyst for the National Iranian American Council and has advised members of Congress on relations with Iranian people like me who were trying to negotiate a diplomatic solution trying to find a way out of these escalating movements.
I really thought that this is an extremely bad term. What was the reception of the network caught in Iran? How did people feel about it? I I I think the Iranians lied very credibly that Israel was behind this and then there was also the fact that there were all these other sabotage efforts that they believed Israel was connected to since Israel was in many ways the driving force against the Iran's nuclear program and then we have a hardline government like Amad is essentially inflaming the issue. The question was how to slow it down as much as possible because we know we can't stop it, but it wasn't until two years later that the New York Times published an explosive story revealing the United States was behind the gridlock.
Anonymous officials told the newspaper that the United States created the virus with help from Israel. It was part of a covert operation called the Olympic Games. The allegation set off a political storm, so a federal investigation was launched to investigate the leak, but in 2015, the investigation was frozen for fear of what might come out in court. For me it always comes down to the leak investigation not you launch a leak investigation for a sting operation you didn't do Kim Zeter has been covering the network stuck story for Wired since the virus was first discovered in the United States, as they did, they got stuck in the network.
I don't think there's a question that the US is behind this, I mean, it's not even something that I think we, you know, have to debate. Stu net was a precision weapon so it would never destroy anything except what matched a very specific configuration and you can see that the lawyers have fingerprints all over them. Stu net. I think this is the first time I've heard someone say that lawyers' fingerprints were all over the place. You can see that while designing this, the lawyers would have had very strict restrictions to control this, they would have told the developers that this can only affect the systems it targets.
You have to write this in such a way that it will probably crash. two important nation states that could have been done by China and Russia. I'm not sure they would have cared too much about the legal implications. This was exactly, so this was one of the reasons why people were so sure it was all of us. Available clues suggested that the busted network was a joint US-Israeli operation, but government officials have gone to great lengths not to acknowledge this as evidence is lacking. I think there is no clear and complete evidence or even a complete indication that it was a single country. or another To this day, the US government neither confirms nor denies its role in the jammed network.
The architects of the jammed network may want to remain in the shadows, but around the world other governments realized the cyber weapon they unleashed when security researchers found Ned and published the discovery of the destructive malware. They inadvertently brought a covert operation to a premature end. When we discovered it, it is believed to have already delivered its payload at least once, so I'm sure the attackers would prefer it not be discovered. um because maybe they could have continued or continued with more operations but at least it achieved its goal at least according to the Ia documents which showed that a few thousand centrifuges were destroyed just before 2010, but what effect did it have on the nuclear standoff between Iran, Israel and the West, you know, looking back, there's no doubt that it slowed down the program, it was a successful attack, in that sense, it depends partly on what you mean by success.
I think Stu Net probably played a role in convincing Israel not to attack Iran and giving diplomacy more opportunities. It was effective, you know, one step forward, two steps back, it delayed Iran's program, certainly I think several months, maybe a year, but also politically he convinced Iran that they were under siege, he presented an argument to explain why Iran needed to have capabilities to counter cyber warfare, as well as capabilities to defend the country, if Iran wants to develop nuclear weapons, they can do it with nuclear weapons. This is not a technical decision, it is a political decision and the jammed network was a technical response that perhaps on a technical level slowed down the program. fell, but on a political level it actually helped accelerate the program, so I think in that sense, if you're trying to prevent Iran from developing nuclear weapons or convince it not to go down that path, the stalled network was ultimately a failure. after years of paralysis.
UN sanctions Iran agreed to limit its nuclear program in 2015 in exchange for a partial lifting of sanctions, but by deploying barriers, the United States and Israel had triggered a different kind of arms race. This was an active war and it was an active war without there being a war. In war, if you drop a bomb on someone, they will know that they have been attacked, but in digital warfare you may never know that you are under attack. The US opened a door that everyone is going to go through now in Iran was trapped in it. The scene as an act of war in Iran was seen as an act of war and there was a kind of question that was opened: Did the United States just declare war on Iran? um it's such a gray area so I think even now people are still trying to figure out if this constitutes a war or not but technically it was and I think inside Iran it really was seen that way and I think it really opened up many eyes within Iran's establishment that they needed.
To get Savvy in this field to be able to defend and attack, then you have the formation of the Cyber Army within Iran, which was initially really aimed at activists within the country, but then after the tallow it became even more formalized everything was reversed. kind of money on it because now this was not just an internal threat but an external threat. It spurred Iran to be more offensive. It stimulated everyone to be more offensive. That's what Iran is not. There are other people. We have to worry more than Iran. All of this together has created this arms race for other countries.
Would you agree that it was the beginning of a new chapter in cyber warfare? The expected response is that many other countries are now establishing offensive cyber operations. I don't want to be left behind. The stagnant network had launched the race to militarize cyberspace and the more connected the world is, the more targets there are for attacks. Countries around the world are racing to design new malware for the next generation of warfare. It will become another tool in the toolbox of war. Absolutely trapped for me was the Trinity moment and by that I mean the first Trinity explosion, you know, demonstration of a nuclear detonation in New Mexico, we demonstrated a capability that, uh, you could have. devastating physical impacts through cybernetic means was a bit like the bomb once the secret came to light people began to understand it for themselves we began to recognize that there is no way to reverse this you know the key was turned, the lid was opened and everything in Pandora's Box was now out in the open and there was no way to get it back into the stuck network.
It was the world's first known cyberweapon and set the stage for a new type of war that will unfold in a digital battlefield
If you have any copyright issue, please Contact
