Little by little scientists are beginning to understand Stuxnet a computer worm developed with the sole purpose of doing what sanctions were not able to do, slow down the Iranian march to nuclear weapons. During the past year, Stuxnet the computer worm with a biblical calling card, not only crippled Iran's nuclear program but has caused a major rethinking of computer security around the globe (if you want to know how Stuxnet works click here)
“It will take two years for Iran to get back on track,” Langer said in a telephone interview [with Jpost] from his office in Hamburg, Germany. “This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”
Langer spoke to the Post amid news reports that the virus was still infecting Iran’s computer systems at its main uranium enrichment facility at Natanz and its reactor at Bushehr.Last month, the International Atomic Energy Agency (IAEA), the United Nation’s nuclear watchdog, said that Iran had suspended work at its nuclear-field production facilities, probably as result of the Stuxnet virus.
Because it benignly hides in computers and back up systems, some scientists have claimed that there is only one way of getting rid of the virus, throw out every computer involved with the Iranian nuclear program and get new ones, otherwise they will continually be re-infecting themselves. Langer agrees.
According to Langer, Iran’s best move would be to throw out all of the computers that have been infected by the worm, which he said was the most “advanced and aggressive malware in history.” But, he said, even once all of the computers were thrown out, Iran would have to ensure that computers used by outside contractors were also clean of Stuxnet.It is unlikely that Iran would take the time (a year or more) to take that drastic step.
“It is extremely difficult to clean up installations from Stuxnet, and we know that Iran is no good in IT [information technology] security, and they are just beginning to learn what this all means,” he said. “Just to get their systems running again they have to get rid of the virus, and this will take time, and then they need to replace the equipment, and they have to rebuild the centrifuges at Natanz and possibly buy a new turbine for Bushehr.”
Widespread speculation has named Israel’s Military Intelligence Unit 8200, known for its advanced Signal Intelligence (SIGINT) capabilities, as the possible creator of the software, as well as the United States.
No one knows for sure where the virus came from, but there is evidence that Israel is probably behind the Stuxnet worm, evidence of biblical proportions. If not Israel maybe the virus is a sign from God. Computer Scientists who are analyzing the computer worm have found a file name that seemingly refers to the Biblical Queen Esther, the heroine from the Book of Esther the Old Testament narrative in which the Jews pre-empt a Persian plot to destroy them (ancient Persia is today's Iran).
Langer said that in his opinion at least two countries – possibly Israel and the United States – were behind Stuxnet.
Israel has declined comment on its suspected involvement in the Stuxnet virus, as they traditionally decline to comment on any possible military action, whether they are involved or not.
“We can say that it must have taken several years to develop, and we arrived at this conclusion through code analysis, since the code on the control systems is 15,000 lines of code, and this is a huge amount,” Langer said.Last week we reported that Stuxnet was still damaging the computers running the Iranian nuclear computers.
“This piece of evidence led us to conclude that this is not by a hacker,” he continued. “It had to be a country, and we can also conclude that even one nation-state would not have been able to do this on its own.”
How do we know? Because a US site that has been studying the Stuxnet worm has been inundated with requests for information from Iran:
Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.Perhaps more significantly, traffic from Tehran to the company's site is now double that of New York City.
“The effort has been stunning," Byres said. "Two years ago American users on my site outnumbered Iranians by 100 to 1. Today we are close to a majority of Iranian users.”
He said that while there may be some individual computer owners from Iran looking for information about the virus, it was unlikely that they were responsible for the vast majority of the inquiries because the worm targeted only the two nuclear sites and did no damage to the thousands of other computers it infiltrated.
At one of the larger American web companies offering advice on how to eliminate the worm, traffic from Iran has swamped that of its largest user: the United States.
Ron Southworth, who runs the SCADA (the Supervisory Control and Data Access control system that the worm specifically targeted) list server, said that until two years ago he had clearly identified users from Iran, “but they all unsubscribed at about the same time.” Since the announcement of the Stuxnet malware, he said, he has seen a jump in users, but few openly from Iran. He suspects there is a cat-and-mouse game going on that involves hiding the e-mail addresses, but he said it was clear his site was being searched by a number of users who have gone to a great deal of effort to hide their country of origin.
Byres said there are a growing number of impostors signing on to Stuxnet security sites.
“I had one guy sign up who I knew and called him. He said it wasn’t his account. In another case a guy saying he was Israeli tried to sign up. He wasn’t.”Who ever created the Virus, the fact that it has set back the Iranian nuclear program without requiring a military strike should earn them a massive bonus. No matter what country they come from.
The implication, he says, is that such a massive effort is a sign of a coordinated effort.
1 comment:
Not quite understanding why a US site would want to give out information on STUXNET that could be used by Iranian intelligence to de-infect their nuclear networks.
Post a Comment