An even more dangerous upgrade of the power-station-attacking Stuxnet worm could be upon us soon, according to the latest gossip around cyberspace. The code for Stuxnet has now been posted on the internet, the implication being that other programmers can produce variations capable of causing breakdowns, and even perhaps explosions, in industrial plants that are attacked.
Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems of the type used to control and monitor industrial processes.
Kevin Hogan, senior director of security response at Symantec, has noted that 60 percent of the infected computers worldwide are in Iran, suggesting its industrial plants were the target. Russian digital security company Kaspersky Labs has concluded that the attacks could only have been conducted “with nation-state support”, making Iran the first target of real cyber warfare.
It was first found on the personal laptops of several employees at the Bushehr Nuclear Power Plant in Iran. In fact it has been estimated that 60% of the attacks are concentrated in Iran. Suspicion for responsibilty for the attack has inevitably focused on Israel and the US, and although there is little evidence to support this it’s hard to see what evidence would likely be left.
Iran’s security services immediately concluded that the virus came from Western government agencies working undercover with the goal of taking down Iran’s nuclear programme., and reacted by detaining several “spies” it claimed were behind the apparent attacks on its nuclear programme. The country’s intelligence minister, Heydar Moslehi, stated that western “spy services” were behind the complex computer virus that had by then infected more than 30 000 computers in industrial sites, including those in the Bushehr nuclear power plant, appearing to confirm the suspicion of computer security experts that a foreign state was responsible. Moslehi also claimed that “different ways to confront [the virus] have been designed and implemented”.
Notwithstanding these suspicions, it seems that United States power plants are also at risk of being infected by the worm, now that its code has been posted on the internet. If there was a national security or counter espionage agency that regarded the worm as a weapon, that agency would hardly make it available generally.
Attention has been inevitably centred on the Siemens company, a prominent manufacturer of SCADA systems for power generation management. Bushehr is believed to be controlled by a Siemens SCADA system and although the company has stated that it has sold no such system in Iran, it may have been supplied via an intermediary, probably in Russia.
Backing this claim is a report by German newspaper Der Spiegel which carried an item in June saying that Frankfurt Airport customs had seized Siemens-made switches and computer modules in a shipment headed for the Bushehr reactor via Moscow, although earlier this year the engineering giant had announced that it does not seek future relations with Iran. It became one of the first German corporations to align itself with the US bid to use financial pressure against Iran.
According to the Der Spiegel report, the equipment seized in Frankfurt was meant to reach a subsidiary of a Russian nuclear concern which was then intedned to complete the assembly and send it to Iran. The report further states that the assembling of the parts was deliberately planned to take place in Russia in order to avoid European Union inspection of technological export to Iran.
A Siemens spokesman stated at the time that the company was not aware of the incident and that the parts were most likely sold by a third party