While we, as many others, have believed for some time that Stuxnet’s goal would be to crash IR-1 centrifuges, code analysis of the 417 attack code shows that things are not that simple. Ok, this shouldn’t surprise anyone who followed the Stuxnet saga for a while; this damn virus just keeps coming up with new surprises. Besides cracking centrifuges, another major goal of the attack seems to be the reduction of LEU output (LEU = Low Enriched Uranium).

The following diagram shows four attack profiles of the 417 code that can be thought of as performance diagrams. The vertical axis denotes the number of centrifuges in a cascade. So does the horizontal axis, only that the attackers chose to group the 164 centrifuges that make up a cascade in 15 groups for ease of operation. For example, the 15 to the right end of the horizontal axis corresponds to centrifuges 161 to 164, for example, and the 10 corresponds to centrifuges 81 to 104. An IR-1 cascade is linear, meaning that 164 centrifuges are piped together in one line. UF6 is fed into centrifuge 1 and enriched. From there, it is passed to centrifuge 2, and so on, up to centrifuge 164, and from there to the next cascade.

Now let’s take a closer look at those attack profiles. In an ideal world, performance would probably be linear, resulting in a straight line from down left to up right. The next best thing to ideal seems to be profile 4 in the graph; that’s as good as it got in Natanz. Profile 2 and 3, almost identical, leave something to be desired. But profile 1 is really shitty. Every time profile 1 is activated, somebody is missing LEU output.

 | stuxnet-eats-leu