An industrial control security researcher in Germany who has analyzed the Stuxnet computer worm is speculating that it may have been created to sabotage a nuclear plant in Iran.
The worm, which targeted computers running Siemens software used in industrial control systems, appeared in July and was later found to have code that could be used to control plant operations remotely. Stuxnet spreads by exploiting three holes in Windows, one of which has been patched.
The high number of infections in Iran and the fact that the opening of the Bushehr nuclear plant there has been delayed led Ralph Langner to theorize that the plant was a target. Langner gave a talk on the subject at the Applied Control Solutions' Industrial Control Cyber Security conference today and published details of his code analysis on his Web site last week.
As one of his data points, Langner refers to a UPI screenshot of a computer screen at the Bushehr plant running the targeted Siemens software.
"With the forensics we now have, it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge," he wrote. "The attack combines an awful lot of skills--just think about the multiple zero-day vulnerabilities, the stolen certificates, etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise. This is not some hacker sitting in the basement of his parents' house. To me, it seems that the resources needed to stage this attack point to a nation state."
Langner does not say he has evidence to support his speculation as to the target, nor does he say exactly what the code is designed to do on the target's system.
The presentation shocked attendees of the cybersecurity conference, Joe Weiss, the organizer of the event, told CNET. As a result, "there are a whole slew of recommendations coming out of this to address control system cybersecurity that had not been addressed before," he said.
"The implications of Stuxnet are very large, a lot larger than some thought at first," Michael Assante, former security chief for the North American Electric Reliability Corp., told The Christian Science Monitor. (IDG News Service also covered the news.) "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses--much more quickly."