Iran Still Struggling With Stuxnet Virus Infestation

Thursday, July 21, 2011



Iran is still struggling with the aftermath of the Stuxnet virus attacks more than a year after the infestation was discovered. The virus specifically targeted Siemens Programmable Logic Controllers (PLCs) used to control uranium enrichment centrifuges.

According to a report by DEBKAfile, "Tehran never did overcome the disruptions caused by Stuxnet or restore its centrifuges to smooth and normal operation as was claimed. Indeed, Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones."

Stuxnet was first identified in 2010, and both the New York Times and a German researcher have indicated the source of the malicious code was a joint program administered by the U.S. and Israel.

Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA systems which provide operations control for critical infrastructure and production networks, and leading theories indicate that the malware was probably produced to stifle Iran's nuclear warhead ambitions.

The Stuxnet virus attacks are thought to have caused severe damage to Iranian uranium enrichment facilities and reportedly set back the nation's nuclear program by as much as several years.

"Iran provided confirmation of this Tuesday, July 19 in an announcement that improved and faster centrifuge models were being installed. Iran would clearly not have undertaken the major and costly project of replacing all its 5,000-6,000 centrifuges with new ones if they were indeed functioning smoothly," DEBKAfile reports.

As would be expected, Iranian officials made attempts to spin the setback by stating that "the installation of new centrifuges with better quality and speed is ongoing... this is another confirmation of the Islamic republic's successful strides in its nuclear activities," according to an Iranian Foreign Ministry spokesman.

British and French officials took the opportunity to further condemn Iranian efforts to establish a nuclear arsenal in violation of six UN Security Council Resolutions and ten International Atomic Energy Agency determinations, stating "confirmed suspicions that the Iranian nuclear program had no credible civilian application."

The emergence of the Stuxnet virus two years ago was merely the first volley in what may amount to a cyber arms race, according to security consultant Eric Byres. Byres made the comments while addressing attendees at the AusCERT 2011 conference in Australia in May.

The commonly held belief that Stuxnet was manufactured by a state actor to further geo-political interests leads Byres to believe we will see an escalation in the production similar designer malware.

In April, Iranian officials indicated they may pursue legal action in the aftermath of the Stuxnet attack, including taking on the company whose equipment was the target of the virus.

Gholam-Reza Jalali, head of the Iranian Passive Defense Organization, suggested Iran should seek legal remedy for the millions of dollars in damages to Iranian equipment.

Jalali suggested that the German-based Siemens corporation was responsible for providing the intelligence necessary for the development of the Stuxnet virus, and should be held liable in the matter.

"Iran's Foreign Ministry should probe into the political and legal aspects of the cyber attack while other Iranian bodies should pursue and complain to international circles... Siemens should explain why and how it provided the enemies with the codes for the SCADA software," Jalali suggested.

Possibly Related Articles:
Viruses & Malware
SCADA malware Iran Stuxnet Headlines Siemens Cyber Warfare Programmable Logic Controllers Nuclear
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked