War With Iran? Stuxnet May Be First Cybersalvo

Stuxnet, a sophisticated computer worm, was aimed (perhaps) at Iran’s nuclear program — welcome to the 21st century.

The last time a Middle Eastern government hostile to Israel came close to building a nuclear bomb, the Israelis reacted with a swift, clandestine air raid that destroyed the reactor in question (Saddam Hussein’s Osirak plant) before it could enrich uranium. Advance rumors of a similar raid by Israeli or American planes on Iran’s nuclear facilities have been circulating, of course, for years.

But some computer experts wonder if a new form of warfare — namely the computer worm called Stuxnet — hasn’t been launched against Iran already, either by Israel or the United States.

Guessing the target is “purely speculative,” software analyst Ralph Langner writes on his website, but “it is hard to ignore the fact that the highest number of [Stuxnet] infections seems to be in Iran. … Strange — they are presently having some technical difficulties down there in Bushehr,” where the Iranians have built their first nuclear reactor. “There also seem to be indications that the people in Bushehr don’t seem to be overly concerned about cybersecurity.”

The Stuxnet worm has spread by USB stick to thousands of computer networks in Germany, North America and various parts of south Asia. But about 60 percent of the infected networks lie in Iran, and what looked until recently like a sophisticated form of espionage now looks to Langner like an act of high-level sabotage. Langner and the security firm Symantec, among other groups, have been studying the worm since June.

“Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world,” Langner told the Christian Science Monitor after he studied the computer virus. “This is not about espionage, as some have said.”

EUROPEAN DISPATCH
Michael Scott Moore complements his standing feature in Miller-McCune magazine with frequent posts on the policy challenges and solutions popping up on the other side of the pond.

Stuxnet aims to corrupt a certain brand of Siemens industrial software used to control pipelines and factories and power plants. It exploits flaws in Windows to seek out the software and control it. The more closely a computer network resembles the target, the more damage the virus may do, in theory. Langner believes the worm was designed to bring down exactly one system.

“Stuxnet is the key for a very specific lock,” Langner told the Christian Science Monitor. “In fact, there is only one lock in the world that it will open. … The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process.”

The worm has reportedly spread to 45,000 PC networks worldwide, caused problems in about 14 industrial control systems, and caused serious “critical infrastructure” trouble nowhere — according to Siemens.

But little is known about Iran’s nuclear program. The Russian Federal Atomic Energy Agency says the Bushehr reactor was loaded with nuclear fuel in August, but something has delayed its startup by at least a few weeks. On Aug. 31, Iranian atomic chief Ali Akbar Salehi blamed the trouble on “severe hot weather.”

Stuxnet is so complex and well written that Langner believes a government must have designed it. “This was assembled by a highly qualified team of experts,” he writes on his site, “involving some with specific control system expertise. This is not some hacker sitting in the basement of his parents’ house. To me, it seems that the resources needed to stage this attack point to a nation-state.”

Other experts agree, and speculation has settled on Israel, the U.S. and China (as a wild card). Israelis were publicly speculating about an electronic attack on Iran’s nuclear program via USB stick in mid-2009. Another German analyst, Frank Rieger, suggests the real target was not Bushehr but Iran’s centrifuge farm at Natanz, which enriches uranium and saw a major accident in early 2009.

Symantec, in any case, will release a full report with more of Langner’s findings at a conference on Sept. 29.

“This will all eventually come out, and Stuxnet’s target will be known,” Langner told the Monitor. “If Bushehr wasn’t the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that.”

Related Posts