Second Cyber Attack on Iran?

Introducing the “Son of Stuxnet.”

The Stuxnet cyber attack on Iran’s nuclear program was a defining moment in the history of war, and now, the “Son of Stuxnet” has been discovered. Cyber security experts say the creator of the original worm, widely believed to be Israel and probably the U.S., also designed this one and “there is nothing out there available to stop it.”

The Stuxnet cyber attack rendered thousands of Iran’s centrifuges, around a fifth of all of them, useless. Over 1,000 damaged units were replaced at the Natanz centrifuge farm, and damaged the steam turbine at the Bushehr nuclear reactor. In 2009, only half of Iran’s centrifuges were being used and some of those operating were only enriching half as much uranium as they should. The Iranians have to replace all of the computers at Natanz, and it may take up to two years. It was later found out that Israel tested Stuxnet on centrifuges identical to those used by Iran at its nuclear site in Dimona.

The Iranians later announced in April 2011 that a second cyber attack was discovered, which they called “Stars.” All that the regime said was that it was found on government computers and caused little damage. Iran soon replaced its centrifuges at Natanz and began manufacturing more sophisticated centrifuges that can significantly speed up the nuclear program. The centrifuges were moved to an underground site in the mountains near Qom. In February, experts determined that Iran had recovered from the damage wrought by Stuxnet. And now, the “Son of Stuxnet” has emerged.

The new virus, also called Stuxnet 2.0 and Duqu, is broader in scope. It opens up a back door in the compromised computer systems for 36 days, and then disappears. It has been doing this as far back as last December, though the victims have not been publicly identified. The virus allows the creator to hijack the controlling computer systems, permitting the attacker to direct their operations or to even self-destruct. It also records keystrokes and sends back critical information about system vulnerabilities. The back doors have not been exploited, leading experts to conclude that a cyber attack is on its way.

“The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility,” Symanetec said in its announcement of the discovery. It called it a “precursor to a future Stuxnet-like attack.”

“It’s my personal belief that the guys who wrote Stuxnet knew exactly what they were doing, and if you thought they were good guys then, you probably don’t have anything more to worry about now. But if you didn’t, you probably have a lot to worry about,” said Vikrum Thakur of Symantec.

At the same time, sanctions and other likely covert operations are taking a heavy toll on the Iranian nuclear program. One issue still confronting Iran is faulty equipment. This may be connected to CIA-Mossad operations that began as early as 1998 to sell Iran booby-trapped equipment. Nuclear-related tools that the Iranians admitted were “manipulated” caused the destruction of 50 centrifuges in 2006, and the director of the Atomic Energy Organization was sacked in 2009 after a similar explosion happened at Natanz.

The creation of enriched uranium is still decreasing despite Iran’s use of newly-made centrifuges to replace the old and damaged ones. This is being attributed to the type of metal used in them, but covert operations cannot be ruled out given the history. The Institute for Science and International Security and U.N. inspectors say that Iran is producing more uranium than it did before the Stuxnet attack, but U.N. inspectors say this amount is declining as centrifuges break.

Iran must also overcome a critical shortage of raw uranium, a problem that has forced it to look to foreign suppliers such as Venezuela, Zimbabwe and North Korea. The black market equipment at the Isfahan uranium conversion site, which turns the raw uranium into gas so it can go into the centrifuges, has also suffered from technical errors. The facility must remove impurities from the uranium before it can be safely inserted into the units without damaging them. In a problem possibly related to covert operations, the equipment failed to do so.

There are a number of other mysterious incidents that have undermined Iran’s nuclear efforts. In the past two years, four Iranian nuclear scientists have been assassinated. In October 2010, a Revolutionary Guards base that housed Shahab-3 missiles suffered a massive explosion at an ammunition depot. There have been repeated explosions at important gas pipelines over the past year.

The problems that Iran is encountering are encouraging, but there is still not much room for comfort. It is still believed that Iran could make a nuclear weapon within 6 months if it tried. The scale of the Iranian nuclear program shows that the regime wants the ability to quickly produce multiple nuclear weapons, and does not want to build one and call it quits.

The “Son of Stuxnet” is almost certainly Israel’s answer to this continued threat. For once, it is Iran that is sitting, feeling helpless as it awaits the next attack.

Freedom Center pamphlets now available on Kindle. Click here.