Greetings, Professor Falken. The Stuxnet worm, "the most sophisticated malware ever," has been discovered infesting Iran's nuclear installations. There's growing speculation that these were indeed the intended targets of what the mainstream continues to call a "virus" -- it only infects certain Siemens SCADA systems in specific configurations. There's also speculation that it's state-sponsored malware, with fingers pointing at either Israel or the U.S.
A strange game; the only winning move is not to play. Let's take a look, in The Long View...
It must be said, our own Gregg Keizer has come in for some stick on this. He's been leading the reporting of suspicion that Stuxnet's authors deliberately targeted Iran's atomic energy systems. Also, by implication, targeting the nuclear weapons program that's suspected of running parallel to it.
However, evidence continues to pile up that Gregg was right on:
Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country ... the total number of infected Windows PCs may be considerably larger.
Iran's Atomic Energy Organization ... met this week to discuss how to remove the malware. ... Stuxnet has been attacking SCADA systems since at least January. ... Government officials said that "serious damage that caused damage and disablement" had been reported.
So, it's looking more and more like Gregg's angle was justified. Time will tell, I suppose.
It's hugely significant that Iran is in fact acknowledging the problem now. The worry is that this 30,000 datum is actually way under-played. As Richard Silverstein notes:
Until now, western security experts were the only ones reporting on ... Stuxnet. No Iranian sources were willing to speak publicly. ... But the fact that this article quotes Iranian nuclear experts confirms that the worm has infected Irans nuclear complexes. The only thing left to know is whether the most damaged site was Natanz, the only known plant enriching uranium which might be used in producing a nuclear weapon.
Why would anyone believe that the 30,000 figure is accurate? It's a reasonable assumption that the regime would under-report the extent of the infection.
Naturally, there are those who see the hand of Israel behind the curtain. The pseudonymous T.S. caused howls of rage in the Economist's comments section:
Its unusual sophistication ... has prompted speculation that it is the work of a well-financed team working for a nation state, rather than a group of rogue hackers. ... This, in turn, has led to suggestions that Israel, known for its high-tech prowess and (ahem) deep suspicion of Iran's nuclear programme, might be behind it.
If Stuxnet has been deliberately aimed at Iran, one possible target is its Bushehr nuclear reactor ... controlled by Siemens systems, including the WinCC software that Stuxnet targets. ... A rival theory is that the target was Iran's uranium-enrichment plant at Natanz, and that Stuxnet successfully shut down some of its centrifuges in early 2009.
Better than flying a couple of F16s over sovereign territory to drop bombs on it. Less risky, and far more plausibly deniable.
Still others look to American influence. Tariq Alhomayed writes from London:
Washington had previously considered initiating electronic warfare against the regime of Saddam Hussein ... to ensure that Iraqi defense systems were crippled, and to prevent resistance. ... The idea was shelved, but it is certain that experts have been working since then to develop the idea of electronic warfare.
When Ahmadinejad says that Iran is the second strongest force bar America in ... the Middle East, he is absolutely right. ... All the elements of subversion are in the hands of Iran. ... Iran effectively controls Gaza through Hamas ... it ensures that the Hezbollah front continuously confronts Israel. ... It is consolidating the Iraqi sectarian divide ... disrupting the formation of the next Iraqi government. ... Iranian intervention in Yemen ... its attempt to destabilize the Gulf region by awakening a sense of sectarianism ... funding and laying sleeper cells within Gulf states.
Scary stuff. Now, if you'll excuse me, I'm going to watch the Formula 1 night race from Singapore.
Feel free to leave a comment below (so long as it's not "FIRST!")...
|Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com.|
You can also read Richi's full profile and disclosure of his industry affiliations.