Site icon MacTech.com

Greg’s bite: the Stuxnet virus attack on Iran

Gregsbite.jpg

By Greg Mills

Apple computer became the second most valuable company in the world. The valuation has a long ways to go as the market share of Apple products are still small compared to the overall market. Buy Apple stock folks …

Departing from my normal focus on things Apple, there are stories around the web on an interesting virus or worm attack that some very well funded hackers have unleashed upon Iran’s nuclear weapons program. The Stuxnet virus was able to concentrate on infecting and spreading on control servers, not connected to the Internet, by way of hiding on USB thumb drives used to transfer other data from server to server. The virus is of course a Windows bit of malware, so Macs are unaffected.

I was somewhat surprised that Israel and the Untied States allowed the Iranian nuclear reactor, built by our good friends the Russians, to go on line a few weeks ago. The threat of an Islamic bomb under the control of radicals is a chilling thought, indeed. As I read the news stories about the reactor going on line, I thought at the time, there has to be more to this than what is in the press.  

Sabotage and dirty tricks have long been used to slow down the doomsday rush to nuclear arms in Iran. The US and Israel have led the secret attacks that led to bad industrial designs, flawed critical parts and high tech disinformation that has led to serious setbacks in the enrichment of weapons grade plutonium.  

Rather than attack with the military and risk an all-out war, that would put the oil supply of the world at risk, the US has used every method of sabotage in the book. It is entirely likely that the reactor has serious problems built in that could trigger a malfunction rendering it radio active for a thousand years.  Sealed up inside it’s concrete dome, the radio activity wouldn’t contaminate civilians, yet make the entire site safely out of commission. Smart plan if it works.

The centrifuges that spin at breathtaking speeds to spin down radioactive gas to remove plutonium atoms have been a problem for Iran, all along. These highly sophisticated spinning devices are prone to failure and must be controlled by computers.  

The control system software used was a Siemens control system running on Windows OS servers — specifically, Siemens’ S7 industrial system controller. Gosh, someone failed to tell the Iranians to get a Mac. Well, sure enough, someone introduced a virus that used a very sophisticated bit of programing that was so specific it only launches when it detects that specific flavor of Siemens control software that Iran was using to control their centrifuges. Odd coincidences do occur …

The infection is virtually limited to Iran, with an estimated 60% of the infected servers with a few in India, Indonesia and Pakistan. Interestingly, the transfer of the virus from Iran to India and Pakistan is information of some sort of involvement, in and of itself.  So far, only Iranian servers have been destroyed. Siemans is in hot water for leaking the control software through a Russian middleman.

This virus is incredibly nasty.  Some viruses cause the hard drive to malfunction, erase itself, the system to freeze and a few actually destroy, beyond fixing, the entire server. This virus is the self-destructing kind. Reports have leaked out that as many as 3,000 Iranian centrifuges have gone down and many more might be shut down to avoid further damage. Indeed, some experts think the Stuxnet virus is the most advanced and dangerous piece of Malware ever devised.  While screwing around with Iranian heads is a very likely intent, some have concluded the culprit is China for industrial espionage reasons. What ever the case, the threat to the power grid, oil pumping and refineries and much more are quite serious.

The Stuxnet virus is so sophisticated experts think only the US, Israel or China could have produced it. The virus or worm can give false reading to operators while giving wrong information to the machine it is running. The malware exploits as many as four previously unknown holes in Windows, a remarkable breakthrough pointing to an incredibly sophisticated attack.  

The incredibly specific conditions that allow the virus to activate limit it’s destruction to Iranian computers used to run atomic weapons infrastructure make it a first in the history of malware. The virus, it if finds specific configurations of the Siemens control software, then steals digital certificates and then authenticates new software, which burrowed even more deeply.  Exactly all it does is still a mystery.

Expert think as many as 45,000 industrial control systems have been infected but only the ones in Iran have activated. That is virus sophistication of previously unanticipated complexity. More on this story is sure to come out. That’s Greg’s Bite for today. 

(Greg Mills, is a Faux Artist in Kansas City. Formerly a new product R&D man for the paint sundry market, he holds 11 US patents. He’s working on a solar energy startup, www.CottageIndustrySolar.com using a patent pending process of turning waste dual pane glass into thermal solar panels used to heat water. Greg writes for intellectual web sites and Mac related issues. See Greg’s art web site at www.gregmills.info ; His email is gregmills@mac.com )

Exit mobile version