A sophisticated piece of malware is giving Iran’s nuclear program some major troubles. I previously wrote about U.S. and Israeli covert operations to stall the program, including the use of cyber warfare.
According to this article, the Stuxnet worm is being called a “cyber superweapon” and it includes data matching a specific site. The worm enters computer systems until it finds its match and then it gets to work. The majority of the Stuxnet infections are in Iran, so it’s clear that whoever made the weapon was focusing on that country. One expert says that the virus appears to be designed to infiltrate Siemens SCADAS Systems, and it can’t be a coincidence that the Bushehr reactor uses Siemens technology. Most interestingly, the virus is spread through memory cards put into a USB port.
The cyber expert also made this observation, which I haven’t heard before:
A journalist’s photo from inside the Bushehr plant in early 2009, which Langner found on a public news website, shows a computer-screen schematic diagram of a process control system – but also a small dialog box on the screen with a red warning symbol. Langner says the image on the computer screen is of a Siemens supervisory control and data acquisition (SCADA) industrial software control system called Simatic WinCC – and the little warning box reveals that the software was not installed or configured correctly, and was not licensed. That photo was a red flag that the nuclear plant was vulnerable to a cyberattack, he says.
On the contrary, another cyber expert argues the target of the weapon is Natanz, where the centrifuges are stored. He says Struxnet is designed to use the same infiltration process across identical units, so if one centrifuge’s cyber door is broken into, the rest will follow. The expert also notes evidence of prior sabotage at Natanz.
According to The Guardian, 60 percent of the infections are happening in Iran. It quotes an expert describing Struxnet as “the most refined piece of malware ever discovered.” It is estimated that Struxnet took at least six months, up to 10 experts and $3 million to make.
Well, that explains why the projected date for when Iran will get a nuke keeps getting pushed back.