The Glade 4.0

Thanks Taskiss, good read.

The basic Uranium enrinchment process goes like this:

1) Uranium yellow cake (U3O8) goes through several chemical process to convert it into Uranium Hexafluoride (UF6).

2) UF6 has an interesting phase diagram -- it has a triple-point at roughly 64 C, and 1.5 atm (22 psi). So you don't have to heat it up very much to make it sublime into a gas. You can then feed it into a cascade arrangement of gas centrifuges.

3) The gas centrifuges take advantage of the fact that there's only a single natural isotope of Fluorine on earth, and therefore that the UF6 molecules will vary in molecular weight based only on the isotope of Uranium they contain. Through centrifugal action and a slight thermal gradient, they can separate the UF6 that contains U-235 from that containing U-238.

The problem with MoF6 is that it's denser than UF6 and therefore has a slightly different phase diagram. At the operating temperature/pressure of the gas centrifuges, MoF6 will condense into a liquid, which the gas centrifuges aren't equipped to handle. Moreover, because of the cascade arrangement, one centrifuge failing can spew unexpected matter into downstream centrifuges, causing them to fail, etc.

I don't know whether the blogger was being literal when he said it "destroyed" their centrifuges, but it's certainly possible. The gas centrifuges used in Uranium enrichment are vacuum sealed and operate at 500-600 m/s, depending on your metallurgical skill (i.e. nearly Mach-2). Higher operating speeds are more energy efficient and, more importantly (if I'm not mistaken), also result in a higher yield of U-235. If Iran is already pushing the limits of their metallurgy* to maintain higher speeds, then it might be possible that injecting too much dense matter (i.e. MoF6) could over-stress the centrifuges and make them literally tear themselves apart.

Is this the work of Stuxnet as the blogger speculates? Eh...I don't know. Iran claims to have been producing their own UF6 since back in, like, 2005. But it's a dubious claim, and it seems more likely that they were just buying UF6 from Pakistan. In reality, they were probably hung up at the UF4 stage until relatively recently. But if I understand the process correctly (and maybe I don't), Mo and other impurities arise in the U3O8 -> ... -> UF4 process, which Iran probably has been playing around with since 2005-2006-ish. In which case, the MoF6 problems probably aren't the work of Stuxnet, at least not exclusively. Any way you turn it, though, I doubt it's helped.

* Edit: and by "their" metallurgy, I probably mean Pakistan. No one can prove it, but Iran's centrifuge design is suspiciously similar to Pakistan's. You can thank this guy for that.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

What of the possibility that Iran is simply blaming Stuxnet to hide its own failure to make the process work right?

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

Surely you'd never accuse IRAN of propaganda!

_________________

Of course not!

I merely suggest that it is a possibility. I make no claims of likelyhood either. I am sure, however, that such a course of action would occur to Iranian counterintelligence organs if they are experiencing problems making the process work.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

Has Iran even been complaining about Stuxnet sabotaging their processes? I thought the official line was that the virus hadn't done anything.

If this is Israel's work, I'm honestly very surprised that even they would risk this. Imagine if this virus got into something in Europe or the US and caused a major nuclear accident.

My understanding is that Stuxnet is a very refined virus with clear parameters it looks for before actually attacking a system.

_________________
Buckle your pants or they might fall down.

Yeah, that's what makes it interesting. Stuxnet is ... "well-behaved" for a rootkit unless you happen to be its target. It's infected a lot of systems, but there hasn't been any direct damage done because it doesn't really do anything other than spread itself around if your PLCs don't match its target.

As for Iran's official line, I'm not sure. I don't think they've said anything about it one way or the other.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

Stuxnet isn't completely understood, but one of the common beliefs is, that is has a specific target in mind, and that it will only attack that one target (it may already have done it).

To me, what is really scary is the potential of something as robust as stuxnet to be applied maliciously to attack other targets, or worse, any target.

Something that our own .mil doesn't seem to understand is, that if we relied less on the newest technology and still did more things old-school, we'd be much less vulnerable to "cybar waugh." Some people insist on always installing the newest sexiest gadget though, regardless if it makes sense or is good for the amount of money you spend supporting it.

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn

It doesn't even have to be a gadget, even basic websites are like that. Army Knowledge Online is a **** mess.

_________________
"Hysterical children shrieking about right-wing anything need to go sit in the corner and be quiet while the adults are talking."

Probably not a coincidence that the Iran has just notified the EU it would like to restart talks about its nuclear program.

Stuxnet just seems awfully.... big... to be a computer weapon. For what its looking to do, and the level of sophistication required... think about this, the software would either have to be so massive that it can uniquely identify not only the hardware its connected to but then make a decision as to what would cause the damage.
It would have to mask its functions to the OS, have 'check in with home' capabilities, Seek-and-infect capablities, and drivers to actually manipulate hardware, on top of all this it has to be undetectable to have gone under the radar.

Thats got to be one huge virus....I dont understand how it could go unnoticed by AV programs.

Every reason you listed why you don't believe it could be has been addressed in this thread.

True, but he's not entirely wrong about the size. Stuxnet is a fat virus at about 0.5MB. But that in and of itself doesn't really have any effect on whether it would be detected by AV software. AV programs don't generally discover new viruses. Heuristics are still largely crap at this point. New viruses are still discovered and cataloged mostly by human analysis. There's several ways this can happen: 1) someone can discover the virus running on their system "in the wild" and submit it to an AV company for analysis, or 2) the virus infects one of many "honeynets" set up by the AV companies and other security experts just to see what's out there.

But beyond that, once a virus has kernel-level access, it's all over for anti-virus programs, whether the virus has been discovered or not. Per the wiki article, Stuxnet gets "root" access by using one of four(!) "zero-day" exploits in Windows, in addition to a couple known exploits. A zero-day exploit, if you don't know, is a previously-unknown vulnerability (hence, it's being used on the "0th" day of the developer's response to the bug).

That's interesting because normally you would call that incredible hubris. Virus writers -- assuming that they even discovered that many 0-day vulns at once, wouldn't use them all in one go. They know it's just a matter of time before someone discovers their virus, at which point they've basically just done Microsoft (or whoever) the huge favor of identifying 4 new exploits at all once. Better to ration them out one at a time, switching to a new vulnerability whenever the virus was discovered and the exploit patched.

Still, if you really are just that good that you can feel certain that either 1) your virus won't be detected for a long, long time or 2) even if detected, your virus will resist analysis well enough to keep its exact methods secret (or some combination of the two), then using 4 at once makes a certain sort of evil genius sense. Even though your exploit may be 0-day, that doesn't necessarily mean that it will work on every system it encounters. There are usually some mitigating factors that you can't control for. So having multiple exploits greatly increases the odds of infection. As well, you may not be the only person on earth who knows about your chosen exploit(s). What happens if some other douchebag writes a far less stealthy virus that happens to use the same exploit? The hole gets closed and your virus get shut down without anyone ever knowing about it. But if you already have backup contingencies...

And that's exactly what happened with Stuxnet. If I'm not mistaken, two of its zero-day exploits were discovered and patched before Stuxnet itself was ever discovered. Even if you're a whitehat in the A/V business, you have to have a certain amount of respect for anyone who can pull that gambit off.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

They probably have more future day 0's that are unused.

Stathol - are you government?

For what it's worth, I attended a party very recently with a bunch of NSA folks (everyone around here works for NSA). I brought this up. 1 of 3 NSA employees left immediately. The other 2 did the "I know something cool" dance. They all "knew where it came from". One said "it's not us". He could have meant NSA or the US, I'm guessing he meant NSA. It was about a 1-minute conversation. Everyone is cleared around here and I don't like to push.

Anyway, the implication was that 1) it's classified (which suggests to me that it's government of some sort), and 2) it's not that highly classified if all 3 knew about it.

For what it's worth.

I can neither confirm nor deny...

_________________
In time, this too shall pass.

No, I'm not government.

That's interesting, though. Regardless of who "us" refers to, the implication is definitely that Stuxnet was somebody's state project, and if you've read their demeanor right, somebody who isn't hostile to us.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

Yeah I am pretty sure I know one of hte mathematicians onthat.

_________________
"...but there exists also in the human heart a depraved taste for equality, which impels the weak to attempt to lower the powerful to their own level and reduces men to prefer equality in slavery to inequality with freedom." - De Tocqueville

Huh?

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

Minor necro to provide some updates from Symantec (via a 3rd party).

Apparently they've determined more specifics in stuxnets target definition.

http://www.techeye.net/security/symante ... +(Tech+Eye)

Holy ****. That's incredible.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.

Both very nifty and pretty scary at the same time.

actually tying to the freqency of the power supply is on one hand clever. It certainly wouldn't have occured to me that that would be a valid way of uniquely identifying the target.

That said, that makes StuxNet's wider practicallity somewhat less, unless there are other ways to uniquely target hardware. Heck, I sometimes can't find drivers for some hardware when I have the physical card in front of me. Most equipement doesn't have a unique power signature like a high energy centrifuge (and turning up the frequency can't do as much damage as it can to a centrifuge)