Security expert Jeffrey Carr of Taia Global, who had previously proposed alternatives to the notion that the United States or Israel created the Stuxnet virus to target Iranian centrifuges, now strongly believes her has uncovered data that indicates the malware originated in China.
Stuxnet is a highly sophisticated designer-virus that wreaks havoc with Supervisory Control and Data Acquisition systems (SCADA) that provide operations control for critical infrastructure and production networks.
The evidence cited is as follows:
- China designed the Iranian centrifuges
- The Finnish Vacon frequency converter drives used in Siemens systems target by Stuxnet are actually produced in Suzhou, China
- RealTek, whose digital certificates were used in conjunction with Stuxnet, also has an office located in Suzhou, China
- Chinese officials had access to Vacon designs after the factory in Suzhou was raided in 2009
- Chinese officials also are known to have access to the Windows source code which was required to develop the virus
- Stuxnet was not reported to be present in China until months after it had spread elsewhere, although Siemens' systems are prevalent
- The timing of an announcement by the Chinese firm Rising Antivirus International their attempt to offer a remedy to the Stuxnet virus leads Carr to believe they may have been the ones who actually designed the virus
Carr concludes that while China is essentially Iran's ally and valued trade partner, the motivation behind creating Stuxnet is in the fact that they fundamentally oppose Iran's uranium enrichment activities.
Another theory might be that, given the prevalence of systems vulnerable to the Stuxnet virus and the ease at which the code could be altered, the targeting of Iranian nuclear development may be a good cover for later attacks against western nations.
Stuxnet may be evidence of the dawn of cyber warfare.
Source: http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/#more-2513