Stuxnet Attack on Iran…the Worm that Keeps on Giving

Monday, February 28, 2011
(photo: U.S. Air Force)
Iran has been forced to delay the startup of its first nuclear power plant over problems that may stem from the cyber attack that was first launched nearly two years ago against the country to thwart its attempt to develop nuclear weapons.
Iranian officials reported to the International Atomic Energy Agency that it was unloading nuclear fuel from its Bushehr reactor, but without any explanation for why. The country previously admitted that some of its nuclear facilities were infected by the Stuxnet computer worm, leading computer experts to speculate whether the malware was still causing trouble for Iran. Reports say engineers have been forced to remove from the reactor core 163 fuel rods that had been provided by Russia.
The news about Bushehr followed the release of a report by computer security software company Symantec that shed light on what Stuxnet did. Symantec says there were three waves of attack between June 2009 and May 2010 that managed to infect five industrial facilities before hitting the uranium enrichment complex at Natanz.
A Symantec official said the authors of the report were able to chart the path of the infection because of Stuxnet’s unusual feature that recorded information on the location and type of each computer it infected—information that the creators of the malware could use to determine if they had been successful in their attack. Stuxnet caused the nuclear plant’s centrifuges to spin so fast that they could break, while at the same time sending false signals that would trick the plant operators into not realizing anything was wrong.
-Noel Brinkerhoff
Iran Reports a Major Setback at a Nuclear Power Plant (by William Broad and David Sanger, New York Times)
Malware Aimed at Iran Hit Five Sites, Report Says (by John Markoff, New York Times)
W32.Stuxnet Dossier (by Nicolas Falliere, Liam O Murchu and Eric Chien, Symantec)


Leave a comment