I’m always alert when news of computer viruses hits the wires. I’ve been in the virus extraction business for years. This morning’s news of a Stuxnet virus targeting Siemens industrial machines was interesting, but didn’t seem relevant to any of my clients, except that the authors were getting more and more sophisticated. That a state agent was likely involved had serious implications beyond my small company clients.
The technology industry is being rattled by a quiet and sophisticated malicious software program that has infiltrated factory computers.
The malware, known as Stuxnet, was discovered by VirusBlokAda, a Belarussian computer security company in mid July, at least several months after its creation.
Security experts say Stuxnet attacked the software in specialized industrial control equipment made by Siemens by exploiting a previously unknown hole in the Windows operating system.
…Stuxnet has spread to plants around the world. Siemens said it has received 15 reports from affected customers, five of which were located in Germany..
Security researchers initially believed Stuxnet’s primary purpose was espionage because of its ability to steal design documents for industrial control systems. But more in-depth study of the program, which is extremely large and highly complex by malware standards, has revealed that it can also make changes to those systems.
malware experts say it could have been designed to trigger such Hollywood-style bedlam as overloaded turbines, exploding pipelines and nuclear centrifuges spinning so fast that they break. “The true end goal of Stuxnet is cyber sabotage. It’s a cyber weapon basically,” said Roel Schouwenberg, a senior antivirus researcher at Kaspersky, a security software maker.
By this afternoon the reporting has changed considerably. Not equipment in Germany but in Iran seemed to be the focus of the virus — likely state authored.
The government agency that runs Iran’s nuclear facilities and is suspected of playing a crucial role in a weapons program has reported that its engineers are trying to protect their facilities from a sophisticated computer virus that has infected industrial plants across Iran.
Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites. While it is not clear that Iran was the main target — the infection has also been reported in Indonesia, Pakistan, India and elsewhere — a disproportionate number of computers inside Iran appear to have been struck, according to reports by computer security monitors.
The virus does not spread through the Internet but requires a USB drive to be physically plugged into the computer, allowing it to attack machines that are disconnected from the Internet, usually in an effort to protect them. That requires human access to the affected systems.
the Iranians have reason to suspect they are high on the target list: in the past, they have found evidence of sabotage of imported equipment, notably power supplies to run the centrifuges that are used to enrich uranium at Natanz. The New York Times reported in 2009 that President George W. Bush had authorized new efforts, including some that were experimental, to undermine electrical systems, computer systems and other networks that serve Iran’s nuclear program, according to current and former American officials.
The program is among the most secret in the United States government, and it has been accelerated since President Obama took office, according to some American officials. Iran’s enrichment program has run into considerable technical difficulties in the past year, but it is not clear whether that is because of the effects of sanctions against the country, poor design for its centrifuges, which it obtained from Pakistan, or sabotage.
Based on what he knows of Stuxnet, Mr. Lewis said, the United States is “one of four or five places that could have done it — the Israelis, the British and the Americans are the prime suspects, then the French and Germans, and you can’t rule out the Russians and the Chinese.”