Thousands of Iranian computers have been infected by the so-called Stuxnet virus in what Tehran is describing as an “electronic warfare” attack aimed at disrupting its Bushehr nuclear power plant.
Tehran has blamed the West Sunday for a massive computer virus attack after a complex malicious software infected tens of thousands of Iranian computers, potentially threatening major industrial facilities throughout the country.
The so-called Stuxnet worm (malware) utilises security holes in Microsoft Windows and industrial control systems to wreak havoc on infected computerised industrial equipment.
Although the malware reportedly first appeared more than three months ago, Iranian authorities only acknowledged the cyber attack on Sunday, with the secretary of the Information Technology Council of the Industries Ministry Mahmoud Liayi identifying some 30,000 personal computers that have been infected with the self-replicating malware.
Iranian officials said the virus had not been able to “cause serious damage to government systems”, underlining that it didn’t disrupt its Bushehr nuclear power station. The Iranian authorities’ reaction confirms what several Western computer security experts had earlier described as a malware specifically designed to hit Iranian industrial installations.
Complex cyber attack
Unlike most computer virus, Stuxnet targets computer systems used to monitor automated plants, with the potential to disrupt major industrial infrastructures such as chemical facilities or power generators. The malware has been designed to infiltrate computer systems developed by Siemens AG, a German engineering firm whose software is routinely used in several sensitive infrastructures in Iran.
The Stuxnet virus was first discovered in June 2010 by a small Belarusian computer security firm, VirusBlokAda. The malware’s complex code quickly raised questions over the identity of worm’s programmers, with most researchers concluding that Stuxnet’s conception had required a well-funded team of highly-sophisticated hackers.
US computer security firm Symantec pointed to a private group with “political, nationalist, or religious” motivations, or a state-sponsored attempt at espionage or sabotage of Iran nuclear facilities.
Natanz enrichment-facility targeted
Iranian officials are convinced that the Stuxnet virus was designed to target Iranian industrial facilities “in line with the West’s electronic warfare”. Indonesia and India seem to have been collateral victims of the initial Stuxnet onslaught, with 60,000 thousands there computers infected when the virus first appeared.
Although Iranian officials have insisted the Bushehr nuclear power plant had not been affected, some experts believe the virus’ actual target was the major uranium-enrichment site of Natanz in central Iran.
“The Bushehr plant is dedicated to civilian nuclear activities whereas the Natanz facility could have military implications”, German researcher Frank Riegern told Wired, a website specialised in new technologies.
While Iranian authorities have kept quiet regarding any infection of its Natanz site, the BBC and the Iranian press reported the sacking of a top Iranian nuclear official in July 2010, raising suspicions of some “serious incident” at the country’s top enrichment facility during Stuxnet’s first wave of infection.
A YouTube video from SophosLabs showing how Stuxnet infection occurs
Photo credit: DonHankins (sur Flickr)
Date created : 2010-09-26