Was Stuxnet built to attack Iran's nuclear program?

1 2 Page 2
Page 2 of 2

Peterson believes that Bushehr was possibly the target. "If I had to guess what it was, yes, that's a logical target," he said. "But that's just speculation."

Langner thinks it's possible that Bushehr may have been infected through the Russian contractor that is now building the facility, JSC AtomStroyExport. Recently, AtomStroyExport had its Web site hacked, and some of its Web pages are still blocked by security vendors because they are known to host malware. This is not an auspicious sign for a company contracted with handling nuclear secrets.

Byres Security Chief Technology Officer Eric Byres is an industrial systems security expert who has tracked Stuxnet since it was discovered. Initially he thought it was designed for espionage, but after reading Langner's analysis, he has changed his mind. "I guessed wrong, I really did," he said. "After looking at the code that Ralph hauled out of this thing, he's right on."

One of the things that Langner discovered is that when Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations -- things that need a response within 100 milliseconds. By messing with Operational Block 35, Stuxnet could easily cause a refinery's centrifuge to malfunction, but it could be used to hit other targets, too, Byres said. "The only thing I can say is that it is something designed to go bang," he added.

Whoever created Stuxnet developed four previously unknown zero-day attacks and a peer-to-peer communications system, compromised digital certificates belonging to Realtek Semiconductor and JMicron Technology, and displayed extensive knowledge of industrial systems. This is not something that your run-of-the-mill hacker can pull off. Many security researchers think that it would take the resources of a nation-state to accomplish it.

Last year, rumors began surfacing that Israel might be contemplating a cyberattack on Iran's nuclear facilities.

Bushehr is a plausible target, but there could easily be other facilities -- refineries, chemical plants or factories -- that could also make for valuable targets, said Scott Borg, CEO of the U.S. Cyber Consequences Unit, a security advisory group. "It's not obvious that it has to be the nuclear program," he said. "Iran has other control systems that could be targeted."

Iranian government representatives did not return messages seeking comment for this story, but sources within the country say that Iran has been hit hard by the worm. When it was first discovered, 60% of the infected Stuxnet computers were located in Iran, according to Symantec.

Now that the Stuxnet attack is public, the industrial control systems industry has come of age in an uncomfortable way. And clearly it will have more things to worry about

"The problem is not Stuxnet. Stuxnet is history," said Langner in an e-mail message. "The problem is the next generation of malware that will follow."

Robert McMillan covers computer security and general technology breaking news for the IDG News Service. Follow him on Twitter at @bobmcmillan. His e-mail address is robert_mcmillan@idg.com.

Copyright © 2010 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon