Featured A

Stuxnet researchers cautious about Iran's admission of centrifuge issues

Although Iran on Monday apparently confirmed that the Stuxnet worm disrupted the country's uranium enrichment efforts, one of the researchers who has dug deepest into the malware wasn't ready to call it a done deal.

"If that information is accurate, then, yes, it's very interesting," said Liam O Murchu, manager of operations on Symantec's security response team, in an interview Monday.

If it did affect the centrifuges, O Murchu continued, again stressing the word "if," then it would verify that Symantec's latest analysis of Stuxnet was on the mark. "But we'd like to get firm confirmation that Stuxnet was definitely used to disrupt centrifuges," he said.

Monday's announcement by Iran's President Mahmoud Ahmadinejad notwithstanding, that proof may never come.

Iran's story on Stuxnet has changed in the last several months, and it's possible Ahmadinejad's admission was a smokescreen for more prosaic problems.

O Murchu acknowledged that Stuxnet's target may never be known with certainty, even though the circumstantial evidence points toward Iran and its nuclear program.

"Stuxnet didn't give us direct proof that [it] targeted centrifuges," O Murchu said. "It only pointed toward that as one of the applications that it could have targeted."

Not that he doesn't have strong suspicions.

"Stuxnet targeted PLCs," O Murchu said, referring to the "programmable logic controllers" that the worm modified. "It targeted drive converters at the frequencies used for [uranium] enrichment. There really aren't a lot of options left other than uranium enrichment."

O Murchu, Eric Chien and Nicolas Falliere, all of Symantec, have spent months analyzing Stuxnet, a worm that others have called "groundbreaking" in its complexity and deviousness. Two weeks ago, the three said clues in the worm's code indicated that Stuxnet targeted industrial systems that control high speed electrical motors , like those used to spin gas centrifuges, one of the ways uranium can be enriched into bomb-grade material.

According to O Murchu, Chien and Falliere, Stuxnet looked specifically for devices called "frequency converter drives." Such drives take electrical current from a power grid, then change the output to a much higher frequency, typically 600 Hz or higher.

When the worm found converter drives operating between 807 Hz and 1210 Hz, Stuxnet reset the frequency to 1410 Hz, then after 27 days, dropped the frequency to just 2 Hz and later bumped it up to 1064 Hz. It then repeated the process.

After Symantec released its latest findings, experts noted that the 807-1210 Hz range was consistent with drive converters used to power gas centrifuges, and that the changes Stuxnet ordered could hamper enrichment efforts or cause the high-speed rotors inside the centrifuges to fly apart.

Symantec's analysis gained credence last week when the International Atomic Energy Agency (IAEA), the United Nations' nuclear watchdog, reported that earlier this month Iran had stopped feeding uranium hexafluoride gas to its centrifuges for about a week. Speculation quickly focused on problems created by Stuxnet as the reason for the shutdown.

But the same day that the IAEA report made news, Ali Akbar Salehi, the head of Iran's nuclear agency,denied Stuxnet had affected the country's atomic program . According to the Associated Press, which quoted the official IRNA news agency, Salehi said Iran's "enemies failed to achieve their goals" with the worm.

"We discovered the virus exactly at the same spot it wanted to penetrate because of our vigilance and prevented the virus from harming [equipment]," Salehi told the IRNA.

Since September, Iranian officials have acknowledged that Stuxnet had spread through Iran and infected tens of thousands of PCs, including several personal computers owned by employees at the Bushehr nuclear power plant.

But until Monday, Iran had repeatedly denied that malware had managed to infiltrate its nuclear program and caused any damage or disruption. Two months ago, for instance, the deputy head of Salehi's agency claimed Stuxnet had not penetrated Iran's nuclear facilities.

Google targeted by EU antitrust probe

Nov 30, 2010 06:51 am | IDG News Service

The European Commission is investigating allegations that Google has abused its dominant position in online search to promote its other services, such as price comparators, the Commission announced Tuesday.

Read More►

Logicworks marries managed hosting with new public cloud

Nov 30, 2010 05:32 am | IDG News Service

Logicworks is launching a public cloud offering that can be linked to its existing managed hosting service.

Like other infrastructure-as-a-service offerings from companies like Amazon, anyone will be able to sign up to use the infiniCloud compute services and pay for only what they use.

But Logicworks has what it hopes will be an edge over competitors, for its ability to tie its traditional managed hosting offering with the public cloud services.

That capability is something Logicworks' customers, who include media and financial companies, have asked for, said Kenneth Ziegler, president and chief operating officer of Logicworks. For instance, gossip news sites Radar Online and the National Enquirer use Logicworks' managed hosting services. "When Mel Gibson says something crazy or Charlie Sheen rips up a hotel room, traffic on those sites can go from 60 million page views to 100 million," he said. "Now the client can just spill over into this shared dynamic compute environment."

While companies may find a shared public cloud well-suited to handling such traffic spikes, they may not want to run all of their business in the public cloud. Content websites may use applications like Drupal or Joomla to manage their content. Those applications are so critical to maintaining their services that the companies often want them hosted on dedicated systems like Logicworks' managed hosting service, Ziegler said. With Logicworks, those companies can keep such critical applications on the managed servers but offload read-only traffic on the public infiniCloud.

While some cloud providers use the simplest, most low-end hardware, Logicworks says it built infiniCloud with reliable servers based on hardware including Xeon Westmere processors, 40G bps storage networking and the option for SATA or 15k SAS RAID 10 disk arrays.

Logicworks also hopes to attract customers with its support services. InfiniCloud customers can use application monitoring, firewall security, intrusion detection, load balancing and disaster recovery from Logicworks.

Some public cloud services, like those from Amazon, offer little in the way of support services, but others, typically those that cater to industry verticals, do offer such value added services.

Pricing for infiniCloud is designed to be competitive with that of Amazon, Ziegler said. The service is available now in beta, with a full release scheduled for January.

HP unifies application development management

Nov 30, 2010 04:50 am | InfoWorld

HP ALM 11 automates application modernization and covers requirement management, quality, and performance processes

Read More►

China blocks access to WikiLeaks

Nov 30, 2010 03:18 am | IDG News Service

China has blocked Internet access to WikiLeaks' release of more than 250,000 U.S. Department of State cables, with its Foreign Ministry saying that it does not wish to see any disturbance in China-U.S. relations.

Read More►