Thursday, April 21, 2011

Iran implicates Siemens in Stuxnet cyberattack

From Computerworld, April 18, 2011 by Gregg Keizer:

...Iran's Brigadier General Gholam Reza Jalali laid some of the blame for the Stuxnet worm that attacked his country's nuclear facilities, on Siemens.

...Jalali heads Iran's Passive Defense Organization, a military unit responsible for constructing and defending the country's nuclear enrichment facilities. He is a former commander in Iran's Revolutionary Guard.
Stuxnet, which first came to light in June 2010 but hit Iranian targets in several waves starting the year before, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH.

According to both Symantec and Langner, Stuxnet was designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its plants, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.

..."The investigations and research showed that the Stuxnet worm had been disseminated from sources in the U.S. and Israel," said Jalali, who added that the worm sent reports of infected systems to computers in Texas.

Jalali's allegations of U.S. and Israeli involvement were the first from an Iranian official, although President Mahmoud Ahmadinejad has repeatedly blamed the two countries for trying to destabilize his government.
In January, the New York Times, citing confidential sources, said that Stuxnet was jointly created by the U.S. and Israel, with the latter using its covert nuclear facility at Dimona to test the worm's effectiveness on centrifuges like the ones Iran employs.

According to the Times, Siemens cooperated in 2008 with the Idaho National Laboratory (INL) to help experts there identify vulnerabilities in the SCADA hardware and software sold by the German firm. The lab -- located about 30 miles east of Idaho Falls, Idaho -- is the U.S. Department of Energy's lead nuclear research facility.

...Symantec ...has said that Stuxnet was very successful. In a February update to its research on the worm, Symantec said the first attacks in June 2009 infected Iranian computers just 12 hours after the worm was compiled. The average time between compilation and infection was 19 days for the 10 successful attacks Symantec monitored over an 11-month span.
Post a Comment