A lot of people in the Middle East have heard of the Stuxnet worm in newspapers, TV, and on the Internet. Many experts and security professionals are still writing their thoughts and analysis about this type of worm. But Frank Rieger, a German security expert believes that this worm is not something normal. He stated that “This is a game for nation state-sized entities, only two handful of governments and maybe as many very large corporate entities could manage and sustain such an effort to the achievement level needed to build Stuxnet”.
Many experts believe that this worm is built specifically to target the SCADA systems of either Bushehr reactor or the Uranium enrichment plant in Natanz and both in Iran. But is anyone able to determine the true target of this worm? Let’s see few facts about this worm and then we can answer such question.
This report revealed important information about the worm and how it exploits the Zero-Day vulnerabilities of Microsoft Windows Operating system.
The worm specifically targets vulnerabilities in Siemens WinCC which is part of the SCADA system. This system is so called “Human Machine Interface” or HMI. The system is running on Windows OS. Siemens announced on its website “Siemens is taking all precautions to alert its customers to the potential risks of this virus. We have reached out to our sales team and will also speak directly to our customers to explain the circumstances. We are urging customers to carry out an active check of their computer systems with WinCC installations.
“There are already three virus scan programs recommended for Siemens systems from Trend Micro, McAfee and Symantec, the latest versions of which can detect the Trojan. The effect of deploying these programs on the Runtime environment is currently being analyzed and an approval will be issued shortly”. The problem with this worm is that it is designed to infect the vulnerable OS using flash USB sticks. Once you insert the USB Stick and start browsing, it is triggered! Even disabling the Autorun feature in Windows OS will not help at all! Being a worm it can be propagated easily using networks and the Internet from one infected PC to another.
A Canadian security expert published a whitepaper that summarizes the information about the worm and how to avoid the infection on SCADA system. Siemens also published this information which means that this is a real and serious problem!
Symantec which is the one of the giant security firms revealed in this report that Iran has the most infections! While Microsoft also revealed that 45,000 Computers around the world is infected by this worm!
Many speculations say that this worm is mainly targeting Iran and especially Bushehr reactor. But theoretically and practically, this worm is designed to infect SCADA systems at large. Reactors are using SCADA systems for sure but there is no evidence that this worm is specifically designed to target the Bushehr reactor. According to Iranian officials there are at least 30,000 computers infected with the worm. However other Iranian officials stated that Bushehr reactor is not using SCADA systems from Siemens!!! It looks that the worm is exploiting both Windows and Siemens SCADA systems…
Other Iranian officials said that “Iran is under Cyber-Attack”
Although many experts believe that this worm is supported by USA, Israel, or NATO. There is no evidence until now that this worm is designed there or even that it was designed to target Iranian critical infrastructure!
I believe that more information will be revealed soon when this Worm is analyzed. And we might see that USA or Israel is truly involved. In the other hand, we can’t neglect the conspiracy theory, Iranian or Western propaganda, or even real cyber attack!
In the world of politics we can expect anything! Don’t forget the problems between Iran and the Western countries. However there are always underground information, relations, covert channels, or scenarios!
The problem with this type of worm if security professionals are able to reverse engineer it, we will face new generation of worms or malware. This worm might find its way to the hands of cyber-criminals, cyber terrorists, or even script kiddies. In addition that PLCs or programmable logic controllers are widely used in everything from cars up to nuclear reactors. In this case we will be facing new generation of “Cyber Terrorism”.