Infiltrator Posted October 2, 2010 Share Posted October 2, 2010 A WORM attacking computers in Iran and threatening to shut down the country's first nuclear facility just weeks before it is due to open may have been developed in Israel. The Stuxnet worm sparked awe and alarm in the world of digital security when it was first identified in June, with analysts claiming it was so powerful, the wealth of resources needed to develop it made a nation-state the most likely culprit. According to security software experts and analysts, Stuxnet may have been designed to target the Iranian facility at Bushehr and suspicions have fallen on the US as well as Israel. Iran said this week that Stuxnet is mutating and wreaking havoc on computerised industrial equipment there but denied the Bushehr plant was among the facilities penetrated. No one has claimed credit for Stuxnet and a top US cybersecurity official said last week that the United States does not know who is behind it or its purpose. Now the New York Times reports that a piece of code dug out of the worm includes a reference to the Book of Esther, the Old Testament story in which the Jews pre-empt a Persian plot to destroy them, and is a possible clue of Israeli involvement. A file inside the Stuxnet code is named "Myrtus", an allusion to the Hebrew word for Esther, and is a possible Israeli calling card, the Times said. The other possibility is the reference was placed there as a "red herring" designed to throw investigators off the track or stir political tensions between the two countries. The Times said the US has also "rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program". It noted that there was no consensus among security experts about who may be behind Stuxnet but said "there are many reasons to suspect Israel's involvement". Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and Stuxnet may be a "clear warning in a mounting technological and psychological battle" with Iran over its nuclear program, the newspaper said. The Times said Ralph Langner, a German computer security consultant, was the first to note that "Myrtus" is an allusion to the Hebrew word for Esther. Shai Blitzblau, head of the computer warfare laboratory at Maglan, an Israeli company specialising in information security, told the Times he was "convinced that Israel had nothing to do with Stuxnet". "We did a complete simulation of it and we sliced the code to its deepest level," he said. "We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment." Stuxnet specifically attacks Siemens supervisory control and data acquisition, or SCADA, systems commonly used to manage water supplies, oil rigs, power plants and other industrial facilities. The self-replicating malware has also been found lurking on Siemens systems in India, Indonesia and Pakistan, but the heaviest infiltration appears to be in Iran, according to researchers. Once resident inside a system, Stuxnet simply waits, checking every five seconds to see if its target parameters are met. Once they are, it triggers a sequence - the code DEADF007 - that forces the network's industrial process to self-destruct. "After the original code (for the entity's regular process) is no longer executed, we can expect that something will blow up soon," Mr Langner told The Christian Science Monitor earlier this week. "Something big." Source code: http://www.news.com.au/technology/who-is-m...0-1225932665892 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.