Monday, September 27, 2010

"The Stuxnet worm, 'the most sophisticated malware ever,' has been discovered infesting Iran's nuclear installations'" (SI)

From ComputerWorld:
Iran nuke SCADAs saturated with Stuxnet infection
Let's play... Global Thermonuclear War. The Stuxnet worm, "the most sophisticated malware ever," has been discovered infesting Iran's nuclear installations. There's growing speculation that these were indeed the intended targets of what the mainstream continues to call a "virus" -- it only infects certain Siemens SCADA systems in specific configurations. There's also speculation that it's state-sponsored malware, with fingers pointing at either Israel or the U.S. Let's take a look, in The Long View...
It must be said, our own Gregg Keizer has come in for some stick on this. He's been leading the reporting of suspicion that Stuxnet's authors deliberately targeted Iran's atomic energy systems. Also, by implication, targeting the nuclear weapons program that's suspected of running parallel to it.

However, evidence continues to pile up that Gregg was right on:
Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country ... the total number of infected Windows PCs may be considerably larger.
...
Iran's Atomic Energy Organization ... met this week to discuss how to remove the malware. ... Stuxnet has been attacking SCADA systems since at least January. ... Government officials said that "serious damage that caused damage and disablement" had been reported.
So, it's looking more and more like Gregg's angle was justified. Time will tell, I suppose.

It's hugely significant that Iran is in fact acknowledging the problem now. The worry is that this 30,000 datum is actually way under-played. As Richard Silverstein notes:
Until now, western security experts were the only ones reporting on ... Stuxnet. No Iranian sources were willing to speak publicly. ... But the fact that this article quotes “Iranian nuclear experts” confirms that the worm has infected Iran’s nuclear complexes. The only thing left to know is whether the most damaged site was Natanz, the only known plant enriching uranium which might be used in producing a nuclear weapon.
Why would anyone believe that the 30,000 figure is accurate? It's a reasonable assumption that the regime would under-report the extent of the infection....MORE
From HotHardware:
Stuxnet 'Industrial Virus' Hits Iran Hard
A sophisticated computer virus that targets solely Siemens SCADA, or "supervisory control and data acquisition," systems, has infiltrated systems across the globe, and has hit Iran "very hard." The Stuxnet virus has reportedly struck industrial sites throughout Iran, including its nuclear facilities.

SCADA systems are commonly used to manage oil rigs, power plants, water facilities, and other industrial plants. Stuxnet was first identified this summer, but the Windows vulnerability exploited by the malware was first described in April of 2009. Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year. Two of the four vulnerabilities exploited by the worm were patched in this month's Patch Tuesday.

At the same time, on Saturday, it was reported that the United States knows neither the source nor the purpose of Stuxnet. It should be noted that for some time there has been concern that attackers may one day hack into or attack (via malware) the infrastructure of countries, and the attack on Siemens systems fits right into that mold....MORE
Debka has been on top of it for a while but I was afraid to sole source.
Here's the latest:
Tehran confirms its industrial computers under Stuxnet virus attack
Here are some other headlines:
Iran Confirms Stuxnet Has Infected Nuclear Power Plant- ConceivablyTechIran confirms Stuxnet attack on nuclear site- ZDNet UKIran: Computer Malware Attacked, Failed to Harm Nuclear Plant- Voice of America