How Stuxnet Took Down an Iranian Nuclear Facility

Dan Gavin 17, Jan, 2025

Uncategorized

How Stuxnet Took Down an Iranian Nuclear Facility

Back around the beginning of the century, way out in the middle of the Iranian desert there was this irrigation facility (or so the Iranians called it). But there was something oddly suspicious about it. Not that there was an irrigation facility in the desert, but that it seemed to be misplaced. There appeared to be no farms served by it. And it had significant air defenses.

In reality, it had nothing to do with irrigation, or agriculture.

The name of the facility was the “Natanz Fuel Enrichment Plant”. Enrichment? Yes, but not agricultural enrichment. Instead, it was a uranium enrichment facility. Like for nuclear fuel; or weapons. The enrichment facility housed centrifuges.

To enrich uranium, the centrifuges have a large tube running down the center. The tube spins – at 63,000 revolutions per minute (RPM). But it spins off-center. So yes, that would make it unstable. So much so that the straight tube will bend in the middle and take on a banana shape. Because of this design, the speed HAS TO BE tightly controlled. Too fast and it will blow apart. The rate of spin is controlled by a small, embedded computer called a Programmable Logic Controller (PLC).

PLCs aren’t only found in uranium enrichment. They are in every industrial application on the planet. You find them anywhere robotics are used. Like manufacturing and warehousing; water, gas, oil, and electric distribution; etc. And they are INCREDIBLY vulnerable to viruses. Like the one discovered in 2010.

Back in 2010 some antivirus researchers found this malware. It was unlike anything they had ever seen. They named it Stuxnet. On this website “Wilders Security Forum” a researcher named Sergey Ulasen disclosed that he had found this virus on 17 June 2010. He had looked through the extensive code and found much that was atypical of run of the mill viruses. For one, there were no bugs. It seems normal viruses are riddled with them. Lack of quality control, I guess. But Stuxnet was entirely bug free. Weird. According to the researchers, only a Nation State would have this level of QC.

The Stuxnet virus (way before 2010) had found its way (or was specifically targeting) the Natanz plant. It was designed to spend the first 13 days recording normal centrifuge operations. Then when it attacked, it simply played back the normal recordings to the operators. To the operators, everything looked normal. In reality, the centrifuges were spinning at about 80,000 RPM. Until BOOM. The centrifuges began to blow apart.

The International Atomic Energy inspectors noticed these centrifuges were suddenly and quietly removed. Certain people working at the facility were just gone.

Researchers found that the virus was designed so that on January 11, 2009 at 3:25 PM the heartbeat of Stuxnet came to a grinding stop. Coincidentally just a few days before President Obama’s inauguration. There was a kill date in the code. Ostensibly because the Bush administration couldn’t have an attack of this magnitude crossing administrative boundaries. It would need to be reauthorized by the new President of the United States. And it was.

The accusation it seems, was that the code was written by the National Security Agency (NSA). They were authorized to so by Title 10 (operations for the US military) Computer Network Operations (CNO) under USCYBERCOM direction and legal authority and had a budget of 52.6 Billion dollars. Mostly for offensive cyber operations.

But the NSA wasn’t alone. They had built the code for the Israeli Intelligence. Mossad. When Stuxnet (the NSA didn’t call it that, by the way. They called it “Olympic Games”) was released to Mossad, it was stealthy. It was surgical. A little too much it seems for Mossad. Remember, the earlier code had a kill switch. This was an updated version under the Obama administration. And in 2010 Mossad changed the code.

It was noisier. It as less surgical. And it escaped. Once in the wild, it flooded the earth. For the last decade or so it has been altered by Russia, China, North Korea, Iran, and anyone else with the technical capability. And then it was sent to the US. To our infrastructure.

A few months ago we informed you here that our critical national infrastructure was infiltrated by enemy nation states. It is quite probable that this is how it happened.

It’s like the old Cold War days of Mutually Assured Destruction. But this time it’s a silent killer. There won’t be any bombs. There will just be … nothing. The power one day might just turn off. And never turn back on.

The original article was published in the Sierra Vista Herald and can be found here.