Who's behind the Stuxnet cyber attack on Iran? (Feature)

By Christoph Dernbach and Pat Reber Sep 26, 2010, 9:10 GMT

Berlin - The report about a cyber attack on Iran's nuclear programme by the computer worm Stuxnet reads like a chapter from a modern spy novel.

The sophisticated, complicated computer virus has targeted, of all places, controversial nuclear facilities in Iran, a country that the United States has described as a state sponsor of terrorism.

But Stuxnet is not fiction - rather, it's a worrisome reality.

Security experts have known for months about the vulnerabilities to Stuxnet of computerized control equipment that manage oil pipelines, electric utilities and nuclear plants - particularly software and equipment from Germany's high tech Siemens.

As early as July, Siemens made virus-scanning software available to its clients after learning of the bug, according to The New York Times. Siemens said the malware appeared designed to extract data from industrial companies using Siemens software, and had been detected during a routine update of its software with a German industrial client.

On Saturday, Iran confirmed that its industrial computer system had become a victim of cyber-terrorism and that numerous computers were infected with Stuxnet. An IT official of Iran's mines and metals ministry told the Mehr news agency that 30,000 computers belonging to industrial units made by Siemens had been infected.

While officials did not mention Iran's nuclear plants - which include the power plant in Bushehr and the enrichment facility in Natanz - the ISNA news agency reported that the Iranian Atomic Organization had held a seminar in recent days to improve defences against Stuxnet.

'Stuxnet is the most refined piece of malware ever discovered,' said Alan Bently, vice president of the US security firm Lumension.

'The worm is significant because mischief or financial reward wasn't its purpose. It was aimed right at the heart of a critical infrastructure,' he said.

Stuxnet was first publicly identified in July, by Belarussian and German security experts, sources and media reports say. It accessed mainly Siemens control equipment by using four critical flaws in Microsoft Windows.

The flaws were identified by German security expert Ralph Langner with a team that identified Siemens as the special target. In early August, Microsoft issued an emergency patch to correct the flaw. Windows is used by up to 80 per cent of the world's computers.

Langner spoke of the 'hacker of the decade.' On a blog, he offered possible reasons for an attack aimed at Iran. He claimed the virus was developed by insiders who wanted to sabotage such facilities, and noted it was no accident that Iran has had technical problems with its plants in recent weeks.

Further alarm was raised when it was discovered that the Bushehr facility was using an un-licensed version of Siemens' special industrial control software. To make matters worse, it was not properly configured.

'I have never seen anything like that, not even in the smallest cookie plant,' an appalled Langner said, after seeing evidence of the violations in a press photo of a Bushehr central control monitor screen that registered a clear systems error.

Frank Rieger of the Chaos Computer Club, a German-based organization of hackers, proclaimed: 'The first strike of digital warfare has been made.' Writing in the Frankfurter Allgemein newspaper, he claimed that Stuxnet had sabotaged Iran's nuclear enrichment programme.

Another expert, author Arne Schoenbohm, says such a scenario is quite possible: 'Cyberspace has become the fifth military battlefield, after land, air, water and space.'

There's little surprise that internet rumours speculate that Israel or the US government was behind the attack. There were charges that the US was testing its newly-organized cyber warfare command at the Pentagon.

Derek Reveron, a professor of national security and expert in information technology at the US Naval War College, refuted such speculation in a broadcast interview Saturday.

He acknowledged that Stuxnet's sophistication invited such speculation. But he noted that government is way behind the =specialized private sphere, upon which it draws for expertise.

He said Stuxnet has spread around the US, to Indonesia, Malaysia, and Pakistan, and has prompted inter-governmental cooperation in defeating it.

'The worst scenario would give hackers the ability to control a system where they could impact regulation ... and cause physical destruction of a plant,' he told broadcaster Al Jazeera. 'That's why governments around the world are coming together.'

But experts from Symantec and other security firms believe that individual hackers would never have been able to develop such a sophisticated virus. Given the amount of resources and know-how that would go into developing such malware, there must be a government or at least a state-sponsored private firm behind the attacks, they said.