STUXNET CYBER ATTACK ON IRAN’S FACILITIES
The first organized state sponsored cyber attack on the infrastructure of a state enemy was carried out by Russian hackers against Georgia’s infrastructure in the Georgia Crisis of 08/2008 with limited success.
On Sunday 09/26/2010 the official IRNA news agency confirmed worldwide rumours that a complex computer worm has infected the personal computers of staff at Iran’s first nuclear power station in Busher.
However, the operating system at the Bushehr plant – due to go online in a few weeks – has not been harmed, project manager Mahmoud Jafari claimed.
Mahmoud Liayi Ministry of industries told the state-run Iran Daily newspaper that “An electronic war has been launched against Iran”. It was the first sign that Stuxnet, which targets systems made by the German company Siemens, has reached equipment linked to Iran’s nuclear programme. The West fears Iran’s ultimate goal is to build nuclear weapons. Iran says its programme is aimed solely at peaceful energy use. A working group of experts met last week to discuss ways of fighting the worm, which Mr Liayi said has now infected about 30,000 IP addresses in Iran.
Stuxnet is tailored to target weaknesses in Siemens systems used to manage water supplies, oil rigs, power plants and other utilities. A team is now trying to remove the malicious software, or malware, from several affected computers, he told IRNA. A working group of experts met last week to discuss ways of fighting the worm, which Mr Liayi said has now infected about 30,000 IP addresses in Iran.
But the official IRNA news agency quoted, on Monday 09/27/2010, Hamid Alipour, deputy head of Iran’s government Information Technology Company, as saying that the Stuxnet computer worm “is mutating and wreaking further havoc on computerized industrial equipment… the attack is still ongoing and new versions of this virus are spreading”, Stuxnet was no normal worm, Hamid Alipour said. As for the origin of the Stuxnet attack, Hamid Alipour said: The hackers who enjoy “huge investments” from a series of foreign countries or organizations, designed the worm, which has affected at least 30,000 Iranian addresses, to exploit five different security vulnerabilities. This confirmed the impressions of Western experts that Stuxnet invaded Iran’s Supervisory Control and Data Acquisition systems through “zero-day” access.
Alipour added the malware, the first known worm to target large-scale systems and industrial complexes control systems, is also a serious threat to personal computers. Foreign experts now believe over 1 million computers in the Iranian industry were affected by Stuxnet and in some cases all information from the affected computers was send to unknown locations outside Iran.
Another aspect of Stuxnet that stood out early on was that the actual purpose behind all the sophisticated penetration is to locate and take control of SCADA (Supervisory Control and Data Acquisition) systems. If it finds such systems, it attempts to steal code and design projects.
Stuxnet also looks for a programming interface to PLCs (Programmable Logic Controllers) to inject its own code in that PLC. It also monitors access to the PLCs so that when someone attempts to view the code on them, the injected code is not viewed. This makes Stuxnet a new kind of root kit.
It is believed to be the first-known worm designed to target major infrastructure facilities. Although USA intelligence community and cyber command are fully capable to carry out such attack USA firm policy is not to use such means as a preventive preliminary measure.
Iran, most likely, will blame primarily Israel and or Germany for the attack and will, no doubt, look for ways to retaliate and the Middle East is about to plunge to a new phase of electronic warfare (see also – Secret-War). Siemens experts said Stuxnet infected the part of the programme which controls the speed of rotation of any rotating part in their systems including the rotation of the Iranian centrifuges used to enrich uranium.
Although Iran insisted that Stuxnet worm had caused any damage the International Atomic Energy Agency – IAEA said, on Tuesday 11/23/2010, that Iran temporarily stopped enriching uranium earlier in November 2010. There are based speculations that Stuxnet might be the reason.
Read more ;