Super-Sophisticated Computer Virus Apparently Targeted Iran's Power Plants

By Jennifer Welsh | September 27, 2010 6:58 pm

hackerA virus has been popping up in industrial plants and personal computers worldwide, and is now posing a looming threat over Iran, where more than 60 percent of the computers infected with the virus are located.

Some experts believe that virus, first discovered in June, was developed by high-level government programmers (possibly from the US, Israel, or Germany), and is directed toward a specific target, most likely Iran’s Bushehr nuclear power plant. It is believed to have been around for over a year.

The virus was written to exploit five security vulnerabilities (four of which were previously unknown, and only two of which have been patched) in a piece of software used in many different industrial systems. The virus is inserted into the system using a thumbdrive, then spreads from computer to computer.

The malware was so skillfully designed that computer security specialists who have examined it were almost certain it had been created by a government and is a prime example of clandestine digital warfare. While there have been suspicions of other government uses of computer worms and viruses, Stuxnet is the first to go after industrial systems. [The New York Times]

To get that damage the virus works by specifically attacking a piece of Siemens software running on Windows computers in industrial operations ranging from electric grids and traffic lights to factories and power plants. The Iranian government is currently wiping the virus from computers at Bushehr, but claims that the virus hasn’t caused any damage.

The Iranian government confirmed this week that computers at Bushehr were infected by the worm, but representatives claim that the infection was isolated to a handful of noncritical systems and hasn’t disrupted the plant, which is in the final stages of construction and is expected to become operational in October. [Ars Technica]

And while its still up in the air as to if the virus has had the intended effect, its widespread presence worries some because it could be adapted by hackers, though currently the virus requires a specific configuration designed to cause damage to specific systems.

“Proliferation is a real problem, and no country is prepared to deal with it,” said Melissa Hathaway, a former United States national cybersecurity coordinator. The widespread availability of the attack techniques revealed by the software has set off alarms among industrial control specialists, she said: “All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it.” [The New York Times]

And some experts, like Eugene Kaspersky, co-founder and CEO of the Russian cyber-security firm Kaspersky, worry that this is just the first of a string of government-mediated software attacks.

“This malicious program was not designed to steal money, send spam or grab personal data. This piece of malware was designed to sabotage plants, to damage industrial systems. I am afraid this is the beginning of a new world. I am afraid now it is a new era of cyberwars and cyberterrorism.” [The Inquirer]

Related content:
80beats: Massive Spanish Botnet Busted, but Hacker Mastermind Remains Unknown
80beats: “Soupnazi” Hacker Pleads Guilty to Stealing Millions of Credit Card Numbers
80beats: Iran Blocks Gmail; Will Offer Surveillance-Friendly National Email Instead
80beats: Dueling Videos: Is Iranian Nuclear Scientist a Defector or Kidnap Victim?
Discoblog: Today’s Demonstration: How to Hack an ATM—With Video!
Discover Magazine: 20 Things You Didn’t Know About… Computer Hacking

Image: Flickr/Davide Restivo

  • Rhacodactylus

    Sweet, I’ve seen this movie, this is the one where Angelina Jolie gets topless right?

  • Vermont Hermit

    Why do I get sick to my stomach, thinking about the possibilities? Next major terrorist attack on country “x” sends chemical plants out of control. Thousands die, plant still spewing toxins. Mass evacuations. Ok mabye a bit on the melodramatic side but you get the point.

  • nick

    “Thousands die, plant still spewing toxins.” Yeah, it is a bit on the melodramatic side because we’ve seen what happens. It happened in Russia a couple years back, it happened in the Gulf of Mexico this summer. A few people died, there was a cleanup effort.

    “And some experts, like Eugene Kaspersky, co-founder and CEO of the Russian cyber-security firm Kaspersky, worry that this is just the first of a string of government-mediated software attacks.”

    Same thing was said about atomic bombs. Somehow, despite all the hand wringing and pants-sh***ing, we survived.

    [moderator’s note: edited the cuss word.]

  • Jennifer Welsh

    The real question is: Why are they using Windows to control our infrastructure?


  • Dante The Canadian

    THAT is a GREAT Question Jennifer. If it is so susceptible to viruses and malware why is it still being used? Especially for infrastructure and military needs?

    Does anyone doubt that the US had a hand in this? For a nation which has sworn a ‘war on terror’ this sure stinks of terrorism.

  • HW

    There exists many Human-Machine Interfaces that are designed to run on Windows. These (Windows based) intefaces are very common in almost every industry.

  • vel

    why do people use Windows? Because it’s out there and it has people supporting it that are paid to work on its problems, rather than freeware where you have to hope someone gets around to your particular bug.

  • Brian Too

    It’s been a few years, but if the old methods still hold, Windows is less of a problem in these environments than you’d think. And process control is a pretty conservative business area.

    These are SCADA environments. The Windows OS and SCADA application functions as a Command & Control system. However it isn’t what runs the plant on a moment-to-moment basis, the PLC’s do that. The PLC’s are independent logic units that can run just fine for hours (or days, or weeks) without any contact whatsoever from the C&C system. You want the large scale oversight of course, it’s just that you are not wholly dependent upon it.

    With a layered control system like this you can suffer minor outages in any layer and the remaining layer can remain functional. Not that systems failures are good of course! However this is a very strong fault tolerant system design.

    Also, and to be fair, Windows is much better than it used to be. I speak from experience. It’s fully auditable, event logged and reasonably secure. If you have a non-BS SCADA deployment, you can easily add ECC DRAM, RAID mass storage, test environments, application whitelisting, driver signing, even clustering. All these go a long, long way to improving uptime performance.

    On the other hand, if you are targeted by a spook as the OP suggested, chances are your security will be seriously tested. Weak links exist in any system and a pro knows how to find them.

  • Jennifer Welsh

    Thanks everyone, for reading and leaving your comments. I hope this all works out in the end, but the more I learn about this virus, the more the idea scares me.



Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar