Did the West attack Iran's nukes... with a Biblically encoded computer worm?
Iran's nuclear facilities have been hit with the powerful, cryptically structured Stuxnet worm. Will we ever know who committed this act of "electronic warfare"?
A few days ago, Iran acknowledged that computers in its nuclear power facilities had been infected with a mysterious and highly sophisticated worm known as Stuxnet. The country's leaders are treating it as an act of "electronic warfare" by the West — and now, reports The New York Times, a tantalizing clue has emerged that may or may not point to Israel's involvement. So what is this "precision, military-grade cyber missile"? And who has unleashed it on Iran — and the world? (Watch a CNN report about the computer worm)
What is the Stuxnet worm?A very sophisticated, very contagious, self-guided piece of computer malware designed to infiltrate and reprogram the control system of a specific industrial facility, like a nuclear plant, hydroelectric system, oil pipeline, or power grid. (A computer virus attacks computer code, while worms take over entire systems.) It only targets systems designed by Germany's Siemens AG, although it has spread to as many as 45,000 computer systems worldwide, mostly Windows-based PCs. Nobody is sure what type of sabotage Stuxnet is ultimately designed to carry out, but the U.S. Energy Department warned last month that Stuxnet could cause "catastrophic physical or property damage and loss."
What's the new clue?There are actually a couple of them. First, experts found what might be a "fleeting reference to the Book of Esther" embedded deep in the worm's code. "Myrtus," the name of one of the files, may be an allusion to "the Hebrew word for Esther." The biblical book of the same name "tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively." The file name may be intended as a sign of Israeli strength, but some think it could have been inserted as a piece of "deliberate misinformation" to "implicate Israel." Meanwhile, Politico reports that the software security company Symantec has found that "code written into the worm...corresponds to the date May 9, 1979," the day when Habib Elghanian, a prominent Iranian Jew, was executed by the country's post-revolution Islamic regime.
Was Stuxnet specifically designed to attack Iran?It looks that way. At least 60 percent of the known infected computers are in Iran, and several security experts openly speculate that it was designed to sabotage Iran's burgeoning nuclear power program, although there is no proof of that. "Maybe Iran is the target, but it may just be that they have less security in place on those types of systems," says Symantec cyber-security expert Sian Jean.
Who is responsible for the attack?It remains unclear, but Israel — and to a lesser extent the United States — are the leading suspects. NPR reports that, at a cybersecurity conference dominated by talk of Stuxnet, "many experts believe Israel may have developed the cyberweapon as an alternative to a physical attack on Iran." Symantec says the worm was probably compiled by five to 10 highly trained programmers in a well-funded, state-sponsored effort; other governments capable of such an attack include China, Russia, India, Britain, and Germany. While Israel has the most to gain, observers think sBut , experts "say the Stuxnet mystery may never be solved" given cyberwarfare programs' level of secrecy.
Is there further evidence that points to Israel or the U.S.?The perceived target, Iran's potentially weapon-producing nuclear program, is most strongly opposed by those two countries, and the U.S. and Israel have reportedly been working toward just such a technological strike on Iran for years. Israel is believed to have carried out a similar cyber-attack that shut down a Syrian radar installations during a 2007 air attack on a suspected nuclear reactor.
Has Stuxnet done any damage?It isn't clear. Siemens says none of the 15 infected (and disinfected) industrial plants worldwide it knows about have reported any related problems, and Iran says it hasn't caused any "serious damage." But security analysts are taking a second look at a July 17 report from WikiLeaks about a mysterious, unconfirmed accident at Iran's uranium enrichment plant in Natanz. Israel's Haaretz says that plant is the likely target of the Stuxnet worm, specifically its complex, precision-demanding series of centrifuges. In the end, though, "only the attacker knows what it wanted to achieve, and only the victims know what it has achieved," says Derek Reveron at the U.S. Naval War College.
Is Stuxnet dangerous to anybody else?That's a big, scary question. By design, or because the instigators were "so eager to stop the Iranian nuclear program" that "they simply didn't care," the Stuxnet worm has spread all over the world, even to the U.S., says John Markoff in The New York Times. And now that it's everywhere, governments and hackers are racing to figure out ways to co-opt the powerful worm for their own ends. The people in charge of safety at power plants and dams worldwide "are scared to death," says former U.S. cybersecurity coordinator Melissa Hathaway. "We have about 90 days to fix this before some hacker begins using it."