Cyber attack ‘targeted Iran’

Malicious software discovered on systems around world could have been designed to target Bushehr reactor, experts say.

Computer screen showing virus
undefined
Experts have suggested that the Bushehr nuclear reactor could have been a target of the virus [File: EPA]

The discovery of so-called malicious software – malware – on systems in Iran and elsewhere across the world has prompted speculation of an attempted cyber attack on Iranian industry, possibly including the Bushehr nuclear reactor.

The Stuxnet “Trojan worm” was designed to attack industrial control systems produced by Siemen’s AG, which are commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
 
It spreads from USB devices and exploits a vulnerability in Microsoft Corp’s Windows operating system that has since been resolved. Once the worm infects a system, it sets up communications with a remote server computer that can be used to steal data or take control of the system, according to experts.

Symantec, a US-based computer security services company, said that 60 per cent of the computers infected worldwide were in Iran.

“It’s pretty clear that based on the infection behaviour that installations in Iran are being targeted,” Kevin Hogan, the senior director of Security Response at Symantec, told the Reuters news agency.
   
“The numbers [of infections in Iran] are off the charts,” he said, adding Symantec had located the IP addresses of the computers infected and traced the geographic spread of the malicious code.

Hogan said the virus’s target could be a major complex such as an oil refinery, a sewage plant, a factory or water works.

‘Nation-state support’

Sean McGurk, who runs the National Cybersecurity and Communications Integration Center, part of the US department of homeland security, said he was unable to confirm if Bushehr had been targeted, but said Stuxnet was capable of taking over physical systems when a certain combination of Siemens software and hardware were present.

“Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world”

Kapersky Labs

“It’s very hard to understand what the code was developed for,” he said. “It looks for a particular combination of a software code, or an application, and a hardware platform.
   
“If it finds it, then it starts manipulating some of the settings” of devices known as programmable logic controllers. Such devices are used, for instance, to move robot arms that build cars, open elevator doors and control HVAC systems.

McGurk said Siemens systems were used by companies doing everything from pharmaceutical and chemical manufacturing to water purification and power. 

Kaspersky Labs, a European digital security company, said the attack could only be conducted “with nation-state support.”
   
“Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world,” it said in a statement.

Israel, which has admitted it has the capability to launch cyber attacks, has previously hinted it could attack Iranian facilities if international diplomacy fails to curb Tehran’s nuclear ambitions. Western nations, including the US, are also at odds with Iran over its uranium enrichment programme.

Fred Burton, a former US counterterrorism agent and vice-president of risk consultancy Stratfor, said he suspected Stuxnet was a covert action on the part of a nation state intelligence service in an effort to disrupt Iranian military or nuclear efforts.
   
“Disinformation causes disruption and internal witchhunts lacing the seed of doubt as to who could have done this. The internal security blowback will cause chaos. Brilliant if true.”

Ralph Langner, a German cyber expert, suggested in a blog posting last week that Bushehr may have been the target of the attack, possibly exploiting the plant’s use of unlicensed Windows software.

Unspecified problems have been blamed for a delay in getting the nuclear facility fully operational.

On August 31, Iranian atomic chief Ali Akbar Salehi blamed “severe hot weather” for a delay in moving fuel rods into its Russian-built first nuclear power plant.

Stuxnet was identified by Belarussian firm Virusblokada in mid-June ater it emerged on the computer of one of its clients in Iran.

Source: News Agencies