Cyber War at the MidEastern Front

I remarked last month on James Barber’s post on Eye Current about a Seimens virus. The virus or more properly known as the Stuxnet worm affected the computers that are the Man Machine Interface (MMI) and the supervisory control and data acquisition (SCADA) systems. Word is out in the street that this worm is nation state sponsored.

Nobody knows who’s behind Stuxnet, but recently Kaspersky Lab researcher Roel Schouwenberg said that it was most likely a nation state.

Symantec’s O’Murchu agrees that the worm was done by particularly sophisticated attackers. “This is definitely not your typical operation,” he said.

The worm has mostly been found in Iran and it is believed to be targeting the Iran’s nuclear program.

Computers in Iran have been hardest hit by a dangerous computer worm that tries to steal information from industrial control systems.

According to data compiled by Symantec, nearly 60 percent of all systems infected by the worm are located in Iran. Indonesia and India have also been hard-hit by the malicious software, known as Stuxnet.

Iran seems to indicate that the damage done may have been major.

The experts have stated, the Stuxnet worm plants itself in an industrial computer system and then later activates itself. It tries to find the Siemens Industrial software which runs the machineries in an industry, and reprograms the system, and it provides the machinery equipments with dangerous commands which also include self destruction.

The Iranian Ministry has stated that some 30000 industrial computers have been infected by Stuxnet. One of the main operations done by Stuxnet is that it extracts vital information from these systems and then sends it somewhere abroad. Iran has termed this virus as a spy virus, as it is deploying vital data to other countries. On the other hand it is said, a similar attack has been reported from Iran’s latest nuclear power plant facility, but these reports have not yet been confirmed.

So, who is behind this attack?

How did it all start?  The conjecture is that someone stuck a thumb drive in a USB port and off went the malware to infect the network.  This, of course, suggests an inside job of some sort (more of that in a moment). As for whodunit,  among many others, Richard Falkenrath of the Chertoff Group says the attack was too extensive for hackers and was most likely the work of “state actors.”  Falkenrath suggests Israel, because he theorizes the U.S. would not take such a bold step.

That makes sense. But did the Israelis tell the US administration what they were up to — or did they just surprise us, as they did with the raid on Saddam’s Osirak reactor?  As you will recall, when Reagan’s national security adviser, in high dudgeon, reported on that Israeli action to the president, Reagan famously shrugged it off with a “boys will be boys.”  It’s hard to imagine Obama being so blase about anything where Israel is concerned, but some CIA or other U.S. intelligence  involvement in what has occurred remains a possibility.

In all likelihood Israel did not act entirely alone — there were too many moving parts to this attack — and I am going now to suggest another ally — the German electronics giant Siemens AG.

Iranian computers are PCs operating on Windows 7. The minds behind Stuxnet apparently discovered four new vulnerabilities in the latest Windows operating system previously unknown to Microsoft, two of which have reportedly already been plugged. (Nuclear weapons controlled by Windows?  Let’s not even go there.) The actual industrial equipment, however, is controlled by software specially designed for the Iranian by another company — the aforementioned Siemens.

Can this possibly be true? They are using Windows 7 to control a critical  nuclear process. Don’t we have a blockade against Iran? While Roger L. Simons points to Siemens, I suspect that a systems integrator might be involved here. Someone financed and developed this worm, and someone planted it.  We can be be sure our current administration didn’t approive of such an anti-Iranian attack, and Israel won’t be forthcoming about taking credit.  There are clues  though in an article posted last year, that fortold of this attack and predicted how such an attack would be implemented.

Such attacks could be immediate, he said. Or they might be latent, with the malware loitering unseen and awaiting an external trigger, or pre-set to strike automatically when the infected facility reaches a more critical level of activity.

As Iran’s nuclear assets would probably be isolated from outside computers, hackers would be unable to access them directly, Borg said. Israeli agents would have to conceal the malware in software used by the Iranians or discreetly plant it on portable hardware brought in, unknowingly, by technicians

“A contaminated USB stick would be enough,” Borg said.

Ali Ashtari, an Iranian businessman executed as an Israeli spy last year, was convicted of supplying tainted communications equipment for one of Iran’s secret military projects.

Iranian media quoted a security official as saying that Ashtari’s actions “led to the defeat of the project with irreversible damage.” Israel declined all comment on the case.”Cyberwar has the advantage of being clandestine and deniable,” Borg said, noting Israel’s considerations in the face of an Iranian nuclear program that Tehran insists is peaceful.

“But its effectiveness is hard to gauge, because the targeted network can often conceal the extent of damage or even fake the symptoms of damage. Military strikes, by contrast, have an instantly quantifiable physical effect.”

Although the cyber attacks are effective, they don’t have the permanent results of a thermonuclear attack. Maybe the Israelis are just buying time.