x Abu Dhabi, UAEFriday 21 July 2017

Iranian nuclear programme targeted by malware

Tehran has not laid blame for the PC virus that was designed to transfer data about production to a network outside Iran.

TEHRAN // Iran revealed yesterday that a so-called computer worm - which experts say shows unprecedented ingenuity and is unique in its ability to seize control of industrial plants - has infected the personal computers of staff at its first nuclear power plant.

But Tehran said the so-called Stuxnet malicious computer program, which has been described as the world's first cyber-guided missile, has not damaged operations at the flagship facility in Bushehr, which is due to go online within weeks. Foreign experts suspect the worm is aimed at sabotaging Iran's nuclear programme, saving Tehran's enemies from having to resort to military strikes whose repercussions could destabilise the Middle East and beyond.

A team is inspecting the infected personal computers at Bushehr to remove the malicious software, Mahmoud Jafari, the plant's project manager, told Iran's official news agency, IRNA. But he added that the worm "has not caused any damage to major systems at the plant", where unspecified problems have been blamed for not getting it fully operational earlier. Iran has the bulk of Stuxnet infections. The Islamic republic has suffered 58.9 per cent of its attacks worldwide, compared with 18 per cent in Indonesia, eight per cent in India and less than two per cent in the United States, according to Symantec, the computer-security software maker, which has been monitoring the worm's global spread.

Stuxnet made few waves in Iran until the weekend, when Iranian media picked up on a BBC report. "An electronic war has been launched against Iran," Mahmud Lia'i, an official at the ministry of mines and industry, was quoted as saying by Iran's conservative Fars news website on Saturday. "This computer worm is designed to transfer data about production lines from our industrial plants to [locations] outside the country."

Until Mr Jafari, Bushehr's project manager, spoke yesterday, Iranian officials had not divulged what sites had been attacked. Nor has any yet accused a particular foreign state of orchestrating the cyberattacks. Mr Lia'i said Stuxnet was "likely a [foreign] government project". Iranian newspapers, however, have reported suspicions voiced in the western media that the United States and, more likely, Israel, are behind the malware.

Computer experts estimate that Stuxnet would have cost at least US$3 million (Dh11m) and taken months to devise by a team of highly expert programmers, making it likely that it was created by a country rather than by individuals. In a sign of the high-level concern in Iran, experts from the country's nuclear agency met last week to discuss ways of fighting the worm that has targeted industrial plants across the country.

Meanwhile, Reza Taqipur, a top official at the ministry of communications and information technology, said on Saturday that Stuxnet had infected about 30,000 internet provider addresses in Iran. But he insisted that Iranian engineers have the expertise to create anti-virus software to clean the systems that were attacked. No crashes or serious damage to Iran's industrial computer systems have been reported so far, Mr Taqipur told Fars.

"It [Stuxnet] is like nothing we've seen before … it has the potential to take control of industrial infrastructure throughout the world," said Bulent Teksoz, Symantec's Middle East security expert, who is based in Dubai. Most malware is designed to steal or manipulate data for financial gain. Stuxnet makes no attempt to extort money. This "is the first cyberattack we've seen specifically targeting industrial control systems", Mr Teksoz said.

"The highest incidence [of infection] is in Iran now, but there may be no direct correlation between this and the motive of the attack. We can't say it's deliberately aimed at Iran just because we're seeing a higher percentage there." Symantec believes "there aren't many groups who could pull something off on this scale", but Mr Teksoz could not say whether a state is behind Stuxnet. It is "very rare to identify the source of such a sophisticated worm".

Stuxnet, first identified in June, is aimed at industrial equipment made by Siemens that is commonly used to manage water supplies, electric utilities, oil rigs, power plants and other large industrial sites. Stuxnet is able to attack computers that are not linked to the internet - usually for security reasons - by, uniquely, infiltrating them instead on USB memory sticks. The worm then replicates itself within a computer network where it can lurk undetected while causing havoc.

That Bushehr was a Stuxnet target was first suggested recently by Ralph Langner, a German industrial computer expert in an analysis on his website. He speculated that it could have been introduced into the plant's system by someone working for AtomStroyExport, the Russian firm building Bushehr. Most nuclear experts regard Bushehr, which is under strict international supervision and runs on fuel imported from Russia, to be of little use to Iran in any alleged weaponisation drive.

A likelier Stuxnet target, they speculate, would be Iran's far more controversial nuclear facility at Natanz, where spinning centrifuges are producing low-enriched uranium for power plants. The heavily fortified, underground plant could produce the fuel for use in nuclear weapons. Iran insists its nuclear programme is solely to generate electricity. Serious technical snags have bedevilled work at Natanz in the past year, according to some western experts, although it is not clear whether alleged technical problems were the result of sanctions, poor design or sabotage.

The New York Times reported last year that the US former president, George W Bush, had authorised efforts to undermine electrical and computer systems and other networks that served Iran's nuclear programme. But proving the source of cyberattacks, particularly ones as sophisticated as Stuxnet, is very difficult. Analysts say most major states, particularly China, Russia and the US, have invested considerably in cyber warfare and defence in recent years, although details remain nebulous.