Stuxnet worm targets Iranian nuclear infrastructure

Posted by Aharon Etengoff

A high-ranking Iranian official recently acknowledged that at least 30,000 computers belonging to classified "industrial units" have been infected and subsequently disabled by the enigmatic Stuxnet worm.

The official, who is responsible for overseeing Iran's industrial computer servers, also confirmed that Stuxnet was coded to specifically target Siemens control systems and transfer classified data abroad.

According to DebkaFile, Stuxnet is currently categorized as the "most destructive" virus ever designed to attack major industrial complexes, reactors and infrastructure.

Stuxnet worm targets Iranian nuclear infrastructure"Experts say it is beyond the capabilities of private or individual hackers and could have [only] been [developed] by a high-tech state like America or Israel, or its military cyber specialists," explained DebkaFile staff.

"[And] some security specialists speculate that the virus was devised specifically to target part of the Iranian nuclear infrastructure, either the Bushehr nuclear plant activated last month (which has not been confirmed) or the centrifuge facility in Natanz."

Indeed, unknown "technical problems" have significantly slowed the country's enrichment processing capabilities by disabling thousands of centrifuges in Natanz, which Iranian and Russian nuclear technicians are currently unable to repair.

Frank Rieger, a German researcher with GSMK, attributes the Natanz slowdown to Stuxnet's ability to assume control over the site's identical programmable logic controllers (PLCs) in a "cookie-cutter fashion."

"[The facility] has identical centrifuges and identical PLCs, tiny computers for each centrifuge that oversee the centrifuge's temperature, control valves, operating speed and flow of cooling water," Rieger told the Christian Science Monitor.

"[And] it seems like the parts of Stuxnet dealing with PLCs have been designed to work on multiple nodes at once - which makes it fit well with a centrifuge plant like Natanz."

As TG Daily previously reported, the Israel Defense Forces (IDF) has already conducted a number of successful cyber-warfare campaigns, including hacking into Syrian air-defense radars during an operation against the country's nascent nuclear weapons program.

Stuxnet worm targets Iranian nuclear infrastructureNevertheless, despite Israel's formidable cyber-warfare capabilities, senior Sophos security researcher Graham Cluley noted that positively identifying Stuxnet's creators will likely be extremely difficult - if not impossible. 

"Although there's been lots of speculation in the papers, the truth is that we don't know if Stuxnet was created by, say, Israel. It's [certainly] very hard to prove 100% that Stuxnet was done with the blessing of a government, army or secret service.

"It's also tricky to positively confirm that Iran was the target of Stuxnet either. It was, after all, seen in a number of other countries. [So], I think we need to be careful about pointing fingers without proof."

However, Cluley emphasized that countries will undoubtedly use "every trick in the book" to spy upon each other and disrupt activities to gain a strategic advantage.

"[So], we shouldn't [really] be surprised if military and intelligence agencies are engaged in this kind of behavior. 



"And we mustn't fool ourselves into thinking that our own nations aren't above using the Internet to further their own ends [as well]."


Eugene Kaspersky of Kapersky Labs seemed to concur with Cluley's analysis.

"[Although] we have not seen enough evidence to identify the attackers or the intended target, we can confirm [Stuxnet] is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled team with intimate knowledge of SCADA technology.

"This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems.

"[So], I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-weapons and cyber-wars."