Iran Rips-and-Replaces Centrifuges Post-Stuxnet

By Fahmida Y. Rashid  |  Posted 2011-07-26

A new report suggests Iran's nuclear program has not recovered from the Stuxnet worm as previously believed. It appears Iran is still replacing thousands of expensive centrifuges that were damaged by the worm.

Stuxnet was not entirely purged from Iran's nuclear facilities and it resurfaced again to damage more systems, "Western intelligence sources" told DEBKAfile July 20. DEBKAfile claimed the government had replaced an estimated 5,000 centrifuges to remove the threat.

"Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones," according to the report, noting that a spokesperson from Iran's foreign ministry said July 19 it was installing newer and faster centrifuges at its nuclear plants to speed up operations.

Iran would "clearly not have undertaken" the complex and expensive task of replacing all its 5,000-6,000 centrifuges with new ones "if they were indeed functioning smoothly," the report said.

Iran may have had 8,700 centrifuges in operation at the Natanz facility when Stuxnet was released sometime in 2009. International Atomic Energy Agency officials claimed up to a quarter of those centrifuges were disabled as of January 2010.

The Institute for Science and International Security released a report in February that claimed the damage caused to Iran's uranium enrichment program was limited. Sources told DEBKAfile the opposite, that Iran's nuclear operations will never return to "normal operation."

Stuxnet is widely believed to have been created specifically to disable Iran's nuclear enrichment facilities, possibly with the involvement of the United States and Israel. When asked directly in a CNBC documentary that aired May 26 whether the United States was involved with creating Stuxnet, Deputy Defense Secretary William Lynn declined to deny or confirm the charge. "And this is not something that we're going to be able to answer at this point," Lynn said at the time.

ESET researchers have analyzed Stuxnet, and have concluded a team of highly talented developers with very sophisticated skills worked on the worm, Randy Abrams, director of technical education at ESET, told eWEEK. The team most likely had some kind of nation-state backing to fund the development effort, which would have been very expensive, Abrams said.

Countries around the world are beefing up their cyber-war capabilities and honing their tactics. There have been reports of North Korea's cyber-warrior program and China's elite cyber unit in its military.

"Expect this new brand of 'warfare' to become front-and-center in the national defense stance of various countries," said Cameron Camp, an ESET researcher.

The worm was among the most sophisticated pieces of malware ever discovered in the wild. It exploited the AutoRun functionality on Windows to infect computers from USB drives. It then used a hardcoded default password for Siemens management application to compromise the machine before taking over the specialized industrial-control computers that ran a proprietary operating system from Siemens. The worm also hijacked the facility's monitoring system to falsely show that the machines were functioning normally, preventing officials from catching on to what was really happening.

While Stuxnet specifically targeted Siemens industrial process control computers used in nuclear centrifuge operations, ESET's Camp noted there are "plenty other" industrial process automation and control systems being used on "modern critical infrastructure" and that network operators have to assess their threat exposure level and how to mitigate it.

Rocket Fuel