[QODLink]
Middle East
Cyber attack 'targeted Iran'
Malicious software discovered on systems around world could have been designed to target Bushehr reactor, experts say.
Last Modified: 24 Sep 2010 22:35 GMT
Experts have suggested that the Bushehr nuclear reactor could have been a target of the virus [File: EPA]

The discovery of so-called malicious software - malware - on systems in Iran and elsewhere across the world has prompted speculation of an attempted cyber attack on Iranian industry, possibly including the Bushehr nuclear reactor.

The Stuxnet "Trojan worm" was designed to attack industrial control systems produced by Siemen's AG, which are commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
 
It spreads from USB devices and exploits a vulnerability in Microsoft Corp's Windows operating system that has since been resolved. Once the worm infects a system, it sets up communications with a remote server computer that can be used to steal data or take control of the system, according to experts.

Symantec, a US-based computer security services company, said that 60 per cent of the computers infected worldwide were in Iran.

"It's pretty clear that based on the infection behaviour that installations in Iran are being targeted," Kevin Hogan, the senior director of Security Response at Symantec, told the Reuters news agency.
   
"The numbers [of infections in Iran] are off the charts," he said, adding Symantec had located the IP addresses of the computers infected and traced the geographic spread of the malicious code.

Hogan said the virus's target could be a major complex such as an oil refinery, a sewage plant, a factory or water works.

'Nation-state support'

Sean McGurk, who runs the National Cybersecurity and Communications Integration Center, part of the US department of homeland security, said he was unable to confirm if Bushehr had been targeted, but said Stuxnet was capable of taking over physical systems when a certain combination of Siemens software and hardware were present.

"Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world"

Kapersky Labs

"It's very hard to understand what the code was developed for," he said. "It looks for a particular combination of a software code, or an application, and a hardware platform.
   
"If it finds it, then it starts manipulating some of the settings" of devices known as programmable logic controllers. Such devices are used, for instance, to move robot arms that build cars, open elevator doors and control HVAC systems.

McGurk said Siemens systems were used by companies doing everything from pharmaceutical and chemical manufacturing to water purification and power. 

Kaspersky Labs, a European digital security company, said the attack could only be conducted "with nation-state support."
   
"Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world," it said in a statement.

Israel, which has admitted it has the capability to launch cyber attacks, has previously hinted it could attack Iranian facilities if international diplomacy fails to curb Tehran's nuclear ambitions. Western nations, including the US, are also at odds with Iran over its uranium enrichment programme.

Fred Burton, a former US counterterrorism agent and vice-president of risk consultancy Stratfor, said he suspected Stuxnet was a covert action on the part of a nation state intelligence service in an effort to disrupt Iranian military or nuclear efforts.
   
"Disinformation causes disruption and internal witchhunts lacing the seed of doubt as to who could have done this. The internal security blowback will cause chaos. Brilliant if true."

Ralph Langner, a German cyber expert, suggested in a blog posting last week that Bushehr may have been the target of the attack, possibly exploiting the plant's use of unlicensed Windows software.

Unspecified problems have been blamed for a delay in getting the nuclear facility fully operational.

On August 31, Iranian atomic chief Ali Akbar Salehi blamed "severe hot weather" for a delay in moving fuel rods into its Russian-built first nuclear power plant.

Stuxnet was identified by Belarussian firm Virusblokada in mid-June ater it emerged on the computer of one of its clients in Iran.

Source:
Agencies
Topics in this article
People
Country
Organisation
Featured on Al Jazeera
At least 25 tax collectors have been killed since 2012 in Mogadishu, a city awash in weapons and abject poverty.
Tokyo government claims its homeless population has hit a record low, but analysts - and the homeless - beg to differ.
3D printers can cheaply construct homes and could soon be deployed to help victims of catastrophe rebuild their lives.
Lack of child protection laws means abandoned and orphaned kids rely heavily on the care of strangers.
Featured
Booming global trade in 50-million-year-old amber stones is lucrative, controversial, and extremely dangerous.
Legendary Native-American High Bird was trained in ancient warrior traditions, which he employed in World War II.
Hounded opposition figure says he's hoping for the best at sodomy appeal but prepared to return to prison.
Fears of rising Islamophobia and racial profiling after two soldiers killed in separate incidents.
Group's culture of summary justice is back in Northern Ireland's spotlight after new sexual assault accusations.