Stuxnet worm still active

28 March 2011

More countries affected as Iran’s nuclear plans delayed

The Stuxnet worm that attacked Iran’s nuclear plants in 2009 is still causing widespread problems in the country and the wider region.

Officials at Symantec, the US security firm that has been monitoring the worm, says it has continued to spread to more countries and is still not under control.

Stuxnet was first identified in July 2010 with almost 60 per cent of infections inside Iran. It targets specific programmable logic controllers (PLCs) in critical infrastructure made by German manufacturer Siemens. These are industrial control systems found in many automated systems from gas pumps to nuclear reactors. The worm had targeted the centrifuges at Iran’s Bushehr and Natanz nuclear plants and three other industrial facilities in the country. More than 12,000 of the infections in Iran were traced back to these five organisations. It had increased the pressure of the valves and rotors enough to cause damage, but not to raise any alarms. It therefore went undetected. It damaged about 1,000 centrifuges, which are used to enrich uranium for nuclear power.

“The intended target was clearly Iran. There were reports of the Iranians throwing out thousands of infected computers from the two plants,” says John Brigden, senior vice-president of Europe, Middle East and Africa, Symantec. Some analysts believe the attack has set back Iran’s nuclear programme by about two to five years, making it as effective as a military attack.

“It is a real threat that could result in the virtual world attacking the real world,” says Kevin Isaac, Dubai-based vice president for emerging regions, at Symantec.

Security expert Ralph Langer suggested at a TED conference in California on 3 March 2011 that Israel and the US were behind Stuxnet with input from Britain and Germany. “My opinion is that Mossad is involved, but the leading source is not Israel. There is only one leading source and that is the United States,” he said. There is still no hard evidence to confirm this.  

While US technology manufacturer Intel claims to have created silicon-based security that stopped Stuxnet “stone-cold”. the technology is not yet available and is still a few years away from commercial release.

Symantec is the only security firm that has been communicating with the worm. It has re-routed the traffic from two hosting servers in Malaysia and Denmark to monitor the way Stuxnet works.

While more countries and organisations are being affected, the worm lies dormant on the systems. It has a very specific target and only becomes active when it identifies the Siemens-made components.

Iran awarded Russia a $1bn contract in 1992 to build the Bushehr plant, which was scheduled to begin operations and go online in July 1999. Problems with construction and supply delayed the project and this cyber attack has set the plant back further.

A MEED Subscription...

Subscribe or upgrade your current package to support your strategic planning with the MENA region’s best source of business information. Proceed to our online shop below to find out more about the features in each package.

Get Notifications