LONDON (Reuters) - A computer virus that attacks a widely used industrial system appears aimed mostly at Iran and its sophistication suggests a state may have been involved in creating it, Western cyber security companies said on Friday.
Kevin Hogan, Senior Director of Security Response at Symantec, told Reuters 60 percent of the computers worldwide infected by the so-called Stuxnet worm were in Iran, indicating industrial plants in that country were the target.
European digital security company Kaspersky Labs said the attack could only be conducted “with nation-state support”.
“Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world,” it said in a statement about the virus which attacks Siemens AG’s widely used industrial control systems.
The companies’ remarks are the latest in a series of specialist comment stirring speculation that Iran’s first nuclear power station, at Bushehr, may have been targeted in a state-backed attempt at sabotage or espionage.
“It’s pretty clear that based on the infection behaviour that installations in Iran are being targeted,” Hogan said of the virus which attacks Siemens AG’s widely used industrial control systems.
“The numbers (of infections in Iran) are off the charts,” he said, adding Symantec had located the IP addresses of the computers infected and traced the geographic spread of the malicious code.
Diplomats and security sources say Western governments and Israel view sabotage as one way of slowing Iran’s nuclear programme, which the West suspects is aimed at making nuclear weapons but Tehran insists is for peaceful energy purposes.
Hogan said it was not possible to be categorical about the exact targets. It could be a major complex such as an oil refinery, a sewage plant, a factory or a water works, he said. But it was clear the worm’s creators had significant resources.
“We cannot rule out the possibility (of a state being behind it). Largely based on the resources, organisation and in-depth knowledge across several fields -- including specific knowledge of installations in Iran -- it would have to be a state or a non-state actor with access to those kinds of (state) systems.”
Siemens was involved in the original design of the Bushehr reactor in the 1970s, when West Germany and France agreed to build the nuclear power station for the former Shah of Iran before he was overthrown by the 1979 Islamic revolution.
Siemens, the world’s number one maker of industrial automation control systems, which are also the company’s bread-and-butter, says it has not supplied Iran with any industrial control systems usable for nuclear facilities.
However experts say such industrial control systems can be bought on the open market.
Western countries have been critical of Russia’s involvement in completing the long-mothballed Bushehr plant. Moscow says it is purely civilian and cannot be used for any weapons programme.
Israel, which is assumed to have the Middle East’s only atomic arsenal, has hinted it could attack Iranian facilities if international diplomacy fails to curb Tehran’s nuclear designs.
Israel has also developed a powerful cyberwar capacity. Major-General Amos Yadlin, chief of military intelligence, last year said Israeli armed forces had the means to provide network security and launch cyber attacks of their own.
Construction of two pressurised water nuclear reactors at Bushehr began in 1974 with the help of Siemens and French scientists. The plant started up finally last month after Iran received nuclear fuel for Bushehr from Russia.
Stuxnet is a “Trojan worm” -- malicious computer software, or malware, that disguises itself as a safe application -- which spread from USB “thumb drive” memory devices, exploiting a vulnerability in Microsoft Corp’s Windows operating system that has since been resolved.
The malware attacks software programmes that run Supervisory Control and Data Acquisition, or SCADA, systems. Such systems are used to monitor automated plants -- from food and chemical facilities to power generators.
Siemens, Microsoft and security experts who have studied the worm have yet to determine who created it.
In Washington, Vice Admiral Bernard McCullough, the head of the U.S. Navy’s Fleet Cyber Command, told Reuters on Thursday after testifying about cyber operations before a House of Representatives Armed Services subcommittee, that the worm “has some capabilities we haven’t seen before”.
In a blog posting last week, German cyber expert Ralph Langner said Bushehr may have been the target, with the attack exploiting the plant’s used of unlicensed Windows software.
“This is sabotage ... The attack involves heavy insider knowledge,” he said. “It seems that the resources needed to stage this attack point to a nation state.”
Fred Burton, a former U.S. counterterrorism agent and now vice president of risk consultancy Stratfor, said he suspected covert action on the part of a nation state intelligence service in an effort to disrupt Iranian military or nuclear efforts.
“Disinformation causes disruption and internal witchhunts lacing the seed of doubt as to who could have done this. The internal Security blowback will cause chaos. Brilliant if true.”
(Additional reporting by Jens Hack in Munich, Phil Stewart in Washington and Peter Apps in London)
(Editing by Paul Taylor)
(For more news, visit Reuters India)