Tag Archives: Iran’s nuclear program

Satellite imagery seems to prove Iran is removing evidence of nuclear activity. Bringing the region closer to war?

ISIS, an influential U.S. non-proliferation think tank has published a report with commercially available satellite images on its website that seems to suggest that authorities in Iran are performing a clean up operation around the Parchin military installation.

The images appear to show that two buildings have been demolished and certain areas of top soil have also been removed, most probably to mask previous activities that would leave a radioactive footprint.

The IAEA announced that Parchin was on its list of sites that could be developing technologies for use with a nuclear weapon and some news agencies said this would be development of a neutron trigger for a nuclear weapon.

To set off a successful thermonuclear explosion a well-timed self-sustaining nuclear chain reaction needs to be created. This is done when the fissile material (radioactive material) is brought to a critical mass, that is to say a density and shape that would allow spontaneous fission to take place at a very rapid pace.

This is normally done by placing normal high explosives (like C-4) in a certain way around the fissile material and then set off at exactly the same time  to compress the nuclear material into it’s critical mass which superheats and starts off the chain reaction of the nuclear explosion. (The simplistic explanation)

The trick of all of the above is getting the timing and shape of the initial explosion exactly right, hence the need to develop a way of doing so at will as it were and packaging it into usable device like a missile or bomb.

It is though by many analysts that this is what took place at Parchin before these experiments stopped, some 10 years ago, as some diplomatic sources say.

Analysts point out this potential activity is further evidence of the Iranian leadership’s attempts to hide its past nuclear intentions while some raised concerns that previous experiments could be the evidence that Tehran is nearer to develop nuke weapons than initially assessed.

Therefore, although a cyberwar on the Iranian nuclear program has already started with Stuxnet and Flame, the entire region could be closer to war.

A conventional war made of cruise missiles, bombers and PGMs (precision guided munitions).

David Cenciotti has contributed to this article.

Image credit: DigitalGlobe – ISIS

Computer viruses, mysterious bomb blasts, assassinations and PSYOPS: Israel's stealth war on Iran already begun?

When writing about Iran’s nuclear weapons program, many analysts and journalists seem to forget that, although not of the type one might expect, the attack against Tehran nuke sites has already kicked off. Many still believe that a conventional military action against Iran is a future possibility forgetting that a long lasting hi-tech war in the region is (most probably) already in progress.

Last October, about 20 military personnel were killed in a blast at a Revolutionary Guards annunition depot. On Nov. 12, an explosion at Bid Ganeh, a military base located in the outskirs of Tehran killed General Hassan Tehrani Moqaddam, head of Iran’s missile defense program along with 30 other people. Few days ago, another blast in Isfahan, Iran’s third-largest city, could have hit a uranium conversion site.

Israel is also widely held as responsible for using the Stuxnet virus to target Iran’s nuclear plants.

There also have been many other mysterious episodes: home and abroad assassinations and plane accidents as the one involving the Tupolev 134 that crashed near Petrozavodsk on June 21 while carrying five Russian scientists who assisted in the design of Iran’s Bushehr nuclear power plant.

Even if some of these incidents have been denied by the ayatollahs’ regime, their frequency and effectiveness is causing frustration among Iranians, appearantly unable to react to an invisible, unknown and sophisticated multi-directional and multi-dimensional attack. Hence, the new kind of war is also having the same psychological effects of a complex PSYOPS mission.

Israel has never confirmed its direct involvement in it but it is quite likely that the hi-tech stealth war is the only way to sabotage Ahmadinejad’s program preventing Iran’s “fierce, protracted and multi-pronged” retaliation.

Still, what tech was used to attack the nuclear plants remains an unanswered question. An intriguing theory (no more than that, please!) that was inspired by a talk with Giuliano Ranieri is that some killer Micro Air Vehicles, or MAVs, known to be under development by Israel for counter-terrorism activities could have been developed and used against the Iranian sites, even if such drones are not be capable to perform long range missions and could not be used for this kind of covert ops unless they are launched from the vicinity of the target or from a sort of “mothership” (another larger drone). By the way, did you know that Israeli UAVs can be remotely controlled by flying F-15s or AH-64 Apaches?

It is also possible that the recent attacks involved one or more Dolphin Class submarines in the Red Sea (or Persian Gulf) capable of launching Popeye Turbo cruise missiles at 1,500 km from underwater.

Anyway the use of Israeli combat planes, “normal” drones and so on,  is probably a “last resort” option, not only because it would cause an almost certain retaliatory attack using medium-range ballistic missiles, possibly armed with chemical, biological or radiological warheads, but also because it would be an extremely complex operation to plan and execute, even for a combat proven air force, with past experience on long range raids.

Too many combat aircraft, too many air-to-air refueling planes and support planes to go unnoticed.

And what about the route? Even if the US withdrawal from Iraq would give clearance to a raid on that direction, it’s hard to believe that a strike package would pass undetected by an air defense on a heightned readiness status during ingress and egress from their targets. Unless the Israeli have improved their already effective EW capabilities, the same that during Operation Orchard, on Sept. 6, 2007, let the 10 F-15Is attack a nuclear facility being built in Syria completely undetected.

An attack that Israel has never publicly confirmed.

Targeting Iran's nuclear program with Stuxnet virus

I must confess that I hadn’t heard about Stuxnet until my close friend, colleague, ICT security expert and blogger Paolo Passeri, discussing about my recent visit to Decimomannu airbase for the Vega 2010, an exercise attended by Israeli Air Force aircraft (for the report, wait until Nov. 26), explained me the complexity of this virus and its potential catastrophic effects.
Stuxnet is a malware whose aim is to target industrial control systems implying a sabotage strategy that foresees speeding up and slowing down physical machinery at a plant. It was discovered for the first time in June in Iran and, since then, it has already infected more than 100.000 computers all around the world. Initially believed to be a “normal virus”, Stuxnet contains code designed to attack SCADA (Supervisory Control and Data Acquisition) control systems that manage pipelines, nuclear plants and various utility and manufacturing equipment. According to researchers at Symantec, Stuxnet was most probably aimed at sabotaging Iran’s nuclear power plant in Bushehr or Natanz.
Below you can read an excerpt from a detailed article published by Wired.com (full article available at http://www.wired.com/threatlevel/2010/11/stuxnet-clues/). For the Italian readers, I suggest a look at the post on Paolo Passeri’s blog titled “Come ti impoverisco l’uranio con un virus“.

According to Symantec, Stuxnet targets specific frequency-converter drives — power supplies used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.

The malware, however, doesn’t sabotage just any frequency converter. It inventories a plant’s network and only springs to life if the plant has at least 33 frequency converter drives made by Fararo Paya in Teheran, Iran, or by the Finland-based Vacon.

Even more specifically, Stuxnet targets only frequency drives from these two companies that are running at high speeds — between 807 Hz and 1210 Hz. Such high speeds are used only for select applications. Symantec is careful not to say definitively that Stuxnet was targeting a nuclear facility, but notes that “frequency converter drives that output over 600 Hz are regulated for export in the United States by the Nuclear Regulatory Commission as they can be used for uranium enrichment.”

“There’s only a limited number of circumstances where you would want something to spin that quickly -– such as in uranium enrichment,” said O Murchu. “I imagine there are not too many countries outside of Iran that are using an Iranian device. I can’t imagine any facility in the U.S. using an Iranian device,” he added.

The malware appears to have begun infecting systems in January 2009. In July of that year, the secret-spilling site WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz. Information published by the Federation of American Scientists in the United States indicates that something may indeed have occurred to Iran’s nuclear program. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 around the time the nuclear incident WikiLeaks mentioned would have occurred.

Researchers who have spent months reverse-engineering the Stuxnet code say its level of sophistication suggests that a well-resourced nation-state is behind the attack. It was initially speculated that Stuxnet could cause a real-world explosion at a plant, but Symantec’s latest report makes it appear that the code was designed for subtle sabotage. Additionally, the worm’s pinpoint targeting indicates the malware writers had a specific facility or facilities in mind for their attack, and have extensive knowledge of the system they were targeting.

The worm was publicly exposed after VirusBlokAda, an obscure Belarusian security company, found it on computers belonging to a customer in Iran — the country where the majority of the infections occurred.

German researcher Ralph Langner was the first to suggest that the Bushehr nuclear power plant in Iran was the Stuxnet target. Frank Rieger, chief technology officer at Berlin security firm GSMK, believes it’s more likely that the target in Iran was a nuclear facility in Natanz. The Bushehr reactor is designed to develop non-weapons-grade atomic energy, while the Natanz facility, a centrifuge plant, is designed to enrich uranium and presents a greater risk for producing nuclear weapons.

The new information released by Symantec last week supports this speculation.

As Symantec points out in its paper, frequency-converter drives are used to control the speed of another device -– for example, a motor at a manufacturing facility or power plant. Increase the frequency, and the motor increases in speed. In the case of Stuxnet, the malware is searching for a process module made by Profibus and Profinet International that is communicating with at least 33 frequency-converter drives made by either the Iranian firm or the Finnish firm.

Stuxnet is very specific about what it does once it finds its target facility. If the number of drives from the Iranian firm exceeds the number from the Finnish firm, Stuxnet unleashes one sequence of events. If the Finnish drives outnumber the Iranian ones, a different sequence is initiated.

Once Stuxnet determines it has infected the targeted system or systems, it begins intercepting commands to the frequency drives, altering their operation.

“Stuxnet changes the output frequency for short periods of time to 1410Hz and then to 2Hz and then to 1064Hz,” writes Symantec’s Eric Chien on the company’s blog. “Modification of the output frequency essentially sabotages the automation system from operating properly. Other parameter changes may also cause unexpected effects.”

“That’s another indicator that the amount of applications where this would be applicable are very limited,” O Murchu says. “You would need a process running continuously for more than a month for this code to be able to get the desired effect. Using nuclear enrichment as an example, the centrifuges need to spin at a precise speed for long periods of time in order to extract the pure uranium. If those centrifuges stop to spin at that high speed, then it can disrupt the process of isolating the heavier isotopes in those centrifuges … and the final grade of uranium you would get out would be a lower quality.”

O Murchu said that there is a long wait time between different stages of malicious processes initiated by the code — in some cases more than three weeks — indicating that the attackers were interested in sticking around undetected on the target system, rather than blowing something up in a manner that would attract notice.

“It wanted to lie there and wait and continuously change how a process worked over a long period of time to change the end results,” O Murchu said.

Stuxnet was designed to hide itself from detection so that even if administrators at a targeted facility noticed that something in the facility’s process had changed, they wouldn’t be able to see Stuxnet on their system intercepting and altering commands. Or at least they wouldn’t have seen this, if information about Stuxnet hadn’t been released last July.

The conclusion is that the sophistication of Stuxnet is such that only a few hackers could be capable of producing this kind of weapon suggesting that resources required to develop such a malware could only have been provided by highly specialized cyber warfare-capable organizations, as the US Cyber Command or the Mossad (that’s why Paolo Passeri began talking about Stuxnet when I recalled of the Israeli Air Force F-15Ds and F-16Ds deployed to Decimomannu…….).