Sunday, September 26, 2010

Stuxnet worm hits Iran nuclear plant staff computers

Guard at Bushehr nuclear power plant, Iran - 21 August 2010A complex computer worm has infected the personal computers of staff at Iran's first nuclear power station, the official IRNA news agency reported.

However, the operating system at the Bushehr plant - due to go online in a few weeks - has not been harmed, project manager Mahmoud Jafari said.

The Stuxnet worm is capable of seizing control of industrial plants.

Some Western experts say its complexity suggests it could only have been created by a "nation state".

It is the first sign that Stuxnet, which targets systems made by the German company Siemens, has reached equipment linked to Iran's nuclear programme.

The West fears Iran's ultimate goal is to build nuclear weapons. Iran says its programme is aimed solely at peaceful energy use.

Stuxnet is tailored to target weaknesses in Siemens systems used to manage water supplies, oil rigs, power plants and other utilities.

'Electronic war'

The fact that Stuxnet has now been detected on the personal computers of staff will have no impact on plans to make the Bushehr plant operational next month, Mr Jafari said.

A team is now trying to remove the malicious software, or malware, from several affected computers, he told IRNA.

It is believed to be the first-known worm designed to target major infrastructure facilities.

"An electronic war has been launched against Iran", Mahmoud Liayi, head of the information technology council at the ministry of industries, told the state-run Iran Daily newspaper.

A working group of experts met last week to discuss ways of fighting the worm, which Mr Liayi said has now infected about 30,000 IP addresses in Iran. ...

via BBC News - Stuxnet worm hits Iran nuclear plant staff computers.

Once within a network-initially delivered via an infected USB device-Stuxnet used the EoP vulnerabilities to gain administrative access to other PC's, sought out the system running the WinCC and PCS 7 SCADA management programs, hijacked them by exploiting either the print-spooler or MS08-067 bugs, then tried the default Siemens passwords to commandeer the SCADA software.

They could then program the so-called PLC (programmable logic control) software to give the machinery new instructions.

On top of all that, the attack code seemed legitimate because the people behind Stuxnet had stolen at least two signed digital certificates....

So scary, so thorough was the reconnaissance, so complex the job, so sneaky the attack, that (all the experts consulted) believe it couldn't be the work of even an advanced cybercrime gang.

via American Thinker

Israel whistles and shuffles its feet innocently.

No comments: