Looks
like another country – not China or North Korea this time – is launching a
cyber attack. A highly sophisticated computer worm that has spread through
Iran, Indonesia and India was built to destroy operations at one target:
possibly Iran’s Bushehr nuclear reactor. That’s the emerging consensus of
security experts who have examined the Stuxnet worm. In recent weeks, they have
broken the cryptographic code behind the software and taken a look at how the
worm operates in test environments. Researchers agree that Stuxnet was built by
a very sophisticated and capable attacker — possibly a nation-state — and it
was designed to destroy something big. Though it was first developed more than
1 year ago, Stuxnet was discovered in July 2010, when a Belarus-based security
company found the worm on computers belonging to an Iranian client. Since then
it has been the subject of ongoing study by security researchers, who say they
have never seen anything like it before. Now, after months of private
speculation, some of the researchers who know Stuxnet best say that it may have
been built to sabotage Iran’s nukes. Last week a well-respected expert on
industrial systems security published an analysis of the worm which targets
Siemens software systems, and suggested that it may have been used to sabotage
Iran’s Bushehr nuclear reactor. The Siemens expert simulated a Siemens
industrial network and then analyzed the worm’s attack.
Tweet
your comments to Security Magazine at http://twitter.com/securitymag