Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world’s attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next.

The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec’s Orla Cox.

The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five “industrial processing” organisations in Iran. “These were the seeds of all other infections,” said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]

Though Symantec isn’t naming the five targets in Iran, another security expert studying Stuxnet’s code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.

(more…)

While a certain bacterium that can thrive in arsenic has dominated the science press this week, the big story in the world at large is on the ongoing WikiLeaks saga. The release of an enormous trove of confidential documents from the U.S. State Department has provoked plenty of fall-out: there’s governmental embarrassment and anger, and WikiLeaks founder Julian Assange is now wanted in Sweden on alleged sex crimes. But we’re most interested in how the never-ending story touches several science and tech stories, some of which have unraveled here on 80beats.

Get That DNA

One embarrassing revelation of the leaked diplomatic cables was that American diplomats were supposed to be part spy; they were asked to try to gather genetic material from foreign governmental officials. Once the cables leaked, the State Department couldn’t exactly deny that this happened, but it now says that these suggestions came from intelligence agencies. And relax—the requests were voluntary.

A senior department official said the requests for DNA, iris scans and other biometric data on foreign government and U.N. diplomats came from American “intelligence community managers.” The official said American diplomats were free to ignore the requests and that virtually all do. [Washington Post]

China Source of Google Hack

Early in 2010 we reported on the large cyber-attack against Google. Though rumors swirled, the Chinese government denied its involvement; the country and the search engine giant went through months of tension before arriving at a truce in the summer. According to WikiLeaks, leaders of the Chinese Communist Party were directly connected to the hack.

China’s Politburo directed the intrusion into Google’s computer systems in that country, a Chinese contact told the American Embassy in Beijing in January, one cable reported. The Google hacking was part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government. [The New York Times]

(more…)

Between murders and leaked documents, there’s disarray and intrigue all around Iran’s burgeoning nuclear program.

Yesterday, two prominent nuclear scientists in Iran were attacked in car bombings.

According to [Iranian new service] Fars, scientists Majid Shahriari and Fereydoun Abbasi were parking their cars in separate locations near the university campus about 7:45 a.m. local time when they were attacked.Witnesses said each car was approached by a group of men on motorcycles, who attached explosives to the vehicles and detonated them seconds later, the news agency reported. Shahriari was killed instantly. Abbasi was wounded. Both men were with their wives, who were also wounded. [Washington Post]

Unsurprisingly, Iranian President Mahmoud Ahmadinejad quickly pointed the finger of blame at the West and Israel. Both of the targeted scientists are reportedly connected to the Iranian nuclear program, which the government maintains is for the purpose of energy, but the United States and other nations oppose out of fear of an Iranian bomb.

Abbasi-Davani, whose handful of publications on neutron physics are mainly in Iranian journals, is a key figure in Iran’s nuclear programme. He is reported to be a scientist at the country’s defence ministry, and a member of Iran’s revolutionary guards since the 1979 Islamic Revolution. He was also named as being among “Persons involved in nuclear or ballistic missile activities” in the 2007 UN Security Council Resolution 1747, which imposed sanctions on Iran over its refusal to stop enrichment of uranium. [Nature]

(more…)

It was late September when the world got wind of Stuxnet, the complex piece of malware that appeared to specifically target Iranian nuclear sites. Now, analysis of Stuxnet suggests it was almost perfectly designed to corrupt nuclear centrifuges, according to David Albright of the Institute for Science and International Security.

On Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart. In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed. [The New York Times]

Computer experts don’t know Stuxnet’s origin for sure, though the Times’ story drops a few cryptic hints of Israeli involvement. And further study of the attack shows that although Stuxnet appears calibrated to disrupt centrifuges, it could be easily adapted to seize the reins of other systems.

The widespread interconnection of corporate networks and use of SCADA systems [supervisory control and data acquisition] means that industrial infrastructure is increasingly vulnerable to software attack. Such control systems are used in virtually every industry—food production, vehicle assembly, chemical manufacturing—and are commonly exposed to insecure networks. This leaves them vulnerable to tampering, such as with Stuxnet, as well as intellectual property theft. [Ars Technica]

(more…)

After decades of development, Iran’s first nuclear power plant is close to operational. This week the country’s TV service announced that engineers have begun loading the fuel rods into the core of the Bushehr plant in southern Iran.

The 1,000-megawatt Bushehr plant has been under construction since before Iran’s 1979 Islamic Revolution. It was first contracted to a company that later became German industrial giant Siemens; more recently work was done with the help of Russia’s state-owned atomic energy company. [Los Angeles Times]

The plant’s 1000-megawatt capacity is comparable to the power put out by many of the nuclear plants scattered across the United States.

Iran‘s power plant was reportedly one target of the Stuxnet computer virus that emerged several weeks ago, but apparently that didn’t impair the final steps of preparing Bushehr.

(more…)

A virus has been popping up in industrial plants and personal computers worldwide, and is now posing a looming threat over Iran, where more than 60 percent of the computers infected with the virus are located.

Some experts believe that virus, first discovered in June, was developed by high-level government programmers (possibly from the US, Israel, or Germany), and is directed toward a specific target, most likely Iran’s Bushehr nuclear power plant. It is believed to have been around for over a year.

The virus was written to exploit five security vulnerabilities (four of which were previously unknown, and only two of which have been patched) in a piece of software used in many different industrial systems. The virus is inserted into the system using a thumbdrive, then spreads from computer to computer.

The malware was so skillfully designed that computer security specialists who have examined it were almost certain it had been created by a government and is a prime example of clandestine digital warfare. While there have been suspicions of other government uses of computer worms and viruses, Stuxnet is the first to go after industrial systems. [The New York Times]

(more…)

The software tool called Haystack was supposed to protect dissidents in Iran who wanted to use the Internet free of the government’s censorship. If third-party software testers are correct, though, flaws in the system meant to help those dissidents could have led authorities right to them. The Censorship Research Center, the San Francisco-based organization that created Haystack, has now pulled it back and asked users to destroy the existing copies.

“We have halted ongoing testing of Haystack in Iran pending a security review,” HaystackNetwork.com said in a brief statement. “If you have a copy of the test program, please refrain from using it.” [AFP]

Jacob Appelbaum, a security expert who volunteers with WikiLeaks, sounded the alarm.

(more…)

Shahram Amiri is at the Pakistani embassy in Washington D.C. Unless he’s not.

The missing Iranian nuclear scientist is no stranger to intrigue and indecision: Last month we covered dueling YouTube videos in which two men, both claiming to be Amiri, say that either he was being held against his will in the United States or was studying freely and happily here. Today his case took more strange turns, as government officials in Pakistan claimed that Amiri is currently at their embassy in Washington, awaiting a return trip to Iran.

Today Amiri was quoted by Iranian official media as claiming that the US government had intended to return him to Iran to cover up his kidnapping in Saudi Arabia. “Following the release of my interview in the internet which brought disgrace to the US government for this abduction, they wanted to send me back quietly to Iran by another country’s airline,” he told state radio from the Iranian interests office in Washington. “Doing so, they wanted to deny the main story and cover up this abduction. However, they finally failed” [The Guardian].

(more…)

Have you seen this man? If so, please ask him to make up his mind.

Shahram Amiri, a 32-year-old Iranian nuclear scientist, is at the center of an episode of United States-Iran intrigue that just got weirder, thanks to YouTube. Amiri disappeared during his pilgrimage to Saudi Arabia last year, and anonymous U.S. officials confirmed that he defected, presumably bringing information about Iran’s nuclear program. Now he—or someone purporting to be him—appears in two contradictory videos that claim he was either abducted and tortured by the United States or is living happily here and going about his studies.

The first video:

The dark-haired man, appearing unshaven and disheveled, said he was being held against his will in Tucson. “I was kidnapped in a joint operation by the American intelligence, CIA terror and kidnap teams, and Saudi Arabia’s Istikhbarat” spy service, the man said in a grainy video aired in Iran on Monday night. He said he had been drugged before being smuggled out of Saudi Arabia, adding that he had been subjected to “severe torture” and “psychological pressures” [Washington Post].

A very different Amiri showed up in a second video today. He, or someone like him, appears in a professionally shot video sitting in front of some parlor with a globe and a chess board, as if he wants to have a few minutes of our time to talk about life insurance.

(more…)

The Iranian government announced yesterday that Google’s email service, Gmail, will be permanently shut down in the country, and will be replaced by a new state-run email service.

The announcement from the Iranian telecommunications agency came on the eve of the 31st anniversary of the Islamic Republic, when anti-government protesters were expected to take to the streets. Less than a year ago, thousands of protesters came out in huge rallies protesting the disputed June presidential election. The protests plunged Iran into its biggest internal crisis since the victory of Islamic revolution in 1979 which toppled the Shah [Reuters]. The opposition rallies were watched across the world on YouTube videos, and protesters not only blogged about the events but were also very vocal on social networking sites like Facebook and Twitter.

Tehran insists locking down Gmail is meant to boost local development of Internet technology and to build trust between people and the government [Wall Street Journal]. Meanwhile, Google confirmed a sharp drop in traffic in Iran and announced that many Iranians appeared to be having trouble accessing Gmail. The company added that Google strongly believes that people everywhere should be able to communicate freely online.

(more…)

The street protests in Iran will be not be televised–how passé. Instead, they are being tweeted.

The microblog service Twitter has become a critical way to get out information about the tumult in Iran‘s capital, Tehran, where people have poured into the street to protest the disputed results of last Friday’s presidential election. And the whole world is watching. The U.S. State Department has confirmed that over the weekend officials reached out to Twitter and asked them to delay a network upgrade that was scheduled for Monday night. The reason? To protect the interests of Iranians using the service [Time].

The vast majority of Twitter messages support the leading opposition candidate, Mir Hussein Moussavi, and argue that he was the true winner of the presidential election. Twitter users are posting messages, known as tweets, with the term #IranElection, which allows users to search for all tweets on the subject. On Monday evening, Twitter was registering about 30 new posts a minute with that tag. One read, “We have no national press coverage in Iran, everyone should help spread Moussavi’s message. One Person = One Broadcaster. #IranElection” [The New York Times]. Since then, the Iranian government has restricted the movements of foreign journalists and has cracked down on blogs and Web sites within the country, but the flow of information on Twitter has only increased.

(more…)

Israeli researchers say they’ve developed a way to modify nuclear fuel so that it can be used only in power plants, and can’t be recycled later to build nuclear weapons. Lead researcher Yigal Ronen says the work could help “de-claw” some countries if nuclear fuel producers – the US, Russia, Germany, France and Japan – agree to put the denaturing additive they have proven effective into all plutonium [Jerusalem Post]. 

Israeli scientists suggest in their study that the element americium be added to the fuel at a level of 0.1 percent [Israel National News]. According to their research, the addition would neutralize the fissile plutonium produced by nuclear reactors, making that “denatured” plutonium unusable in a weapon. The research will be published in the journal Science and Global Security next month.

Ronen explains that when a country purchases a nuclear reactor from one of the five nuclear fuel producers, the sale includes nuclear fuel for the reactor. “Thus, if the five agree to insert the additive into fuel for countries now developing nuclear power – such as Bahrain, Egypt, Kuwait, Libya, Malaysia, Namibia, Qatar, Oman, United Arab Emirates, Saudi Arabia and Yemen – they will have to use it for peaceful purposes rather than warfare” [The Register], says Ronen. However, the researchers say that countries with more advanced nuclear programs, like Iran, have other ways to produce weapons-grade fuel.

(more…)

Iran says it has successfully launched a domestically built satellite into orbit using a rocket that was also made in Iran, marking the country’s entry into the league of spacefaring nations on the 30th anniversary of the 1979 Islamic Revolution. Iranian state television showed footage of a rocket blasting off from a launchpad and lighting up the night sky as it streaked into space…. “Dear Iranian nation, your children have placed the first indigenous satellite into orbit,” President Mahmoud Ahmadinejad said in a televised message [Reuters].

The announcement may prompt new concerns from the United States and Europe, as experts say that the rocket Iran used to blast its satellite into space could also be used to launch a ballistic missile. But the rocket launch was viewed in a different light by the Iranian government, which sees the accomplishment as an important milestone along the road to reclaiming Persia’s ancient claim to major power status, which it feels the jealous west is trying to deny it [The Guardian]. On Wednesday, senior diplomats from six nations will meet in Frankfurt to discuss Iran’s nuclear fuel enrichment program, which many fear could lead Iran to developing nuclear weapons.

(more…)

On Sunday, the Iranian state television network showed impressive footage of a slender white rocket blasting off from a launch pad, leaving behind billows of smoke. Iranian officials say that the rocket, named Safir, or “ambassador,” successfully reached orbit, demonstrating the technological known-how to send up satellites. The rocket released equipment that beamed flight data back to ground control, said Reza Taghipoor, the head of Iran’s Space Agency, in a live television interview [AP].

Yet shortly after Iranian officials boasted of their fledgling space program, unnamed sources from the U.S. Defense Department began disputing those claims of a successful launch. “The Iranians did not successfully launch the rocket,” a senior U.S. defense official told CNN Monday. The two-stage rocket could have been capable of launching a satellite into space, but the U.S. intelligence assessment shows that the second stage “was erratic and out of control,” said the official, who declined to be identified because of the sensitivity of the intelligence. The rocket “did not perform as designed,” the official said [CNN].

(more…)