By William Tucker
About mid-June 2010, a small computer security company in Belarus discovered a new piece of malware that targeted four zero-day vulnerabilities in the Microsoft Windows Operating System. Never before had a single computer worm sought to exploit so many vulnerabilities in an operating system, but that wasn’t all – the worm was designed to specifically target software from the German electronics giant Siemens. This new worm, called Stuxnet, was designed to target supervisory control and data acquisition, or SCADA, systems that run everything from power plants to oil pipelines. Stranger still is the way the worm works. Stuxnet doesn’t look to infect any SCADA system from Siemens, but instead only targets systems with specific settings. This means that the worms target set is really narrow, but with such a narrow target it is harder to detect. Because of the sophistication and narrow target set it is unlikely that this worm was developed by a run of the mill hacker, but rather by a nation-state.
Once the worm was discovered the following analytics, conducted by Symantec and Kaspersky, discovered that 60 percent of the systems infected with the worm resided in Iran. Furthermore, the Bushehr reactor and other command and control systems within Iran’s nuclear program are based upon Siemens systems. Prior to the Islamic revolution, the Iranian government under the Shah had contracted with Germany to build many of the nuclear sites including the Bushehr reactor. When the Russians ultimately replaced the Germans following the change in government the Siemens equipment was left in place for cost cutting reasons. Recently, the Russian contractors working on the Bushehr reactor installed the fuel rods needed for operation.
Iran has not released any information related to the actual infection of a nuclear system, but it does appear that this worm was designed to disrupt the program. It is interesting that a security firm in Belarus was the first to discover the virus as the European nation is quite literally owned by Russia. It is possible that Russian engineers working on Iran’s nuclear program discovered the worm and used the company in Belarus as an outlet for public dissemination, but at this point that is merely conjecture. Whatever nation-state decided to engage in this type of cyber-warfare certainly put a lot of effort into creating this worm and it is unlikely that they will quite after this effort.