Software smart bomb fired at Iranian nuclear plant: experts

Sep 24, 2010 by Glenn Chapman

Computer security experts are studying a scary new cyber weapon: a software smart bomb that may have been crafted to find and sabotage a nuclear facility in Iran.

Malicious software, or malware, dubbed "Stuxnet" is able to recognize a specific facility's control network and then destroy it, according to German computer security researcher Ralph Langner.

"Welcome to ," Langner said in a post at his website. "This is sabotage."

Langner has been analyzing Stuxnet since it was discovered in June and said the code had a technology fingerprint of the control system it was seeking and would go into action automatically when it found its target.

"It's pretty amazing," James Lewis, a senior fellow at the Center for Strategic and International Studies, told AFP on Thursday. "It looks like more than simple cyber espionage."

Stuxnet was tailored for Siemens supervisory control and data acquisition (SCADA) systems commonly used to manage water supplies, oil rigs, and other industrial facilities.

It traveled by sneaking onto USB memory sticks and was able to thereby hop from system to system without needing the Internet, according to Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab Americas.

Stuxnet is considered a malware "worm" because it burrows from machine to machine, replicating itself on the way.

Once in a computer system running on Windows software, Stuxnet checked for any of three Siemens SCADA programmable logic controllers (PLCs) that manage functions such as cooling or turbine speed, Schouwenberg told AFP.

If there was a match, Stuxnet automatically took over control of the PLC and hid any changes from workers operating or managing a system, according to Schouwenberg.

"When the operator looks at the plant, everything will look just fine," Schouwenberg said. "Meanwhile, the machine will be overloading. Its ultimate goal is cyber sabotage."

"Stuxnet manipulates a fast running process," Langner explained at his website. "We can expect that something will blow up soon. Something big."

The software saboteur has been found lurking on systems in India, Indonesia, Pakistan and elsewhere, but the heaviest infiltration appeared to be in Iran, according to software security researchers.

"This was assembled by a highly qualified team of experts, involving some with specific control system expertise," Langner said.

"This is not some hacker sitting in the basement of his parents' house. The resources needed to stage this attack point to a nation state."

The pattern of spread correlated somewhat with jobs handled by a firm commissioned to work at nuclear facilities, according to researchers.

Langner suspected Stuxnet's mark was the Bushehr nuclear facility in Iran. Unspecified problems have been blamed for a delay in getting the facility fully operational.

On August 31, Iranian atomic chief Ali Akbar Salehi blamed "severe hot weather" for a delay in moving fuel rods into its Russian-built first nuclear power plant.

"Look at the Iranian nuclear program," Langner said. "Strange -- they are presently having some technical difficulties down there in Bushehr."

There have been Stuxnet infections all over the world and it was impossible to be certain the target was Iran, Schouwenberg cautioned.

Stuxnet creators left plenty of clues in the malware, giving the impression they didn't fear being caught, according to Langner.

"The whole attack only makes sense within a very limited timeframe," Langner said. "After Stuxnet is analyzed, the attack won't work any more. It's a one-shot weapon."

Microsoft has already patched two of four Windows operating system vulnerabilities exploited by Stuxnet, according to Schouwenberg.

"For the most part, Stuxnet has been mitigated," the researcher said. "The question now is whether this is going to be a one-off thing or is it setting a precedent?"

Explore further: Students trust technology, but have concerns about privacy and robotics, poll shows

add to favorites email to friend print save as pdf

Related Stories

Russia: Iran's nuclear plant to get fuel next week

Aug 13, 2010

(AP) -- Russia will load fuel into Iran's first nuclear power plant next week despite U.S. demands to prevent Iran obtaining nuclear energy until the country proves that it's not pursuing a weapons capacity, ...

Worms infesting computers worldwide: Microsoft

Nov 02, 2009

A Microsoft security report released Monday warns that cyber crooks are digging into computers for weak spots to penetrate with worms -- malicious software that steals control or data.

Microsoft patches 'critical' crack in Windows

Aug 03, 2010

Microsoft released an emergency patch for a "critical" crack in Windows operating system software that could let hackers take control of computers over the Internet.

Microsoft probing new hole in IE security

Feb 03, 2010

Fresh from patching an Internet Explorer (IE) flaw exploited in cyberattacks on Google and other firms, Microsoft is looking into a newly exposed vulnerability in the browser software.

Recommended for you

Scots' inventions are fuel for independence debate

Sep 17, 2014

What has Scotland ever done for us? Plenty, it turns out. The land that gave the world haggis and tartan has produced so much more, from golf and television to Dolly the Sheep and "Grand Theft Auto."

White House backs use of body cameras by police

Sep 16, 2014

Requiring police officers to wear body cameras is one potential solution for bridging deep mistrust between law enforcement and the public, the White House said, weighing in on a national debate sparked by the shooting of ...

Chinese city creates cellphone sidewalk lane

Sep 15, 2014

Taking a cue from an American TV program, the Chinese city of Chongqing has created a smartphone sidewalk lane, offering a path for those too engrossed in messaging and tweeting to watch where they're going.

Coroner: Bitcoin exchange CEO committed suicide

Sep 15, 2014

A Singapore Coroner's Court has found that the American CEO of a virtual currency exchange committed suicide earlier this year in Singapore because of work and personal issues.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
5 / 5 (4) Sep 24, 2010
This is a red herring. Nuclear plants must not be controlled via Windows.