Wednesday, September 29, 2010

Stuxnet in Iran: 2 from Debka

An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm

DEBKAfile Exclusive Report September 29, 2010, 10:07 AM (GMT+02:00)

Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers. debkafile's intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.

None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression debkafile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch."

Looking beyond Iran's predicament, he wondered whether the people responsible for planting Stuxnet in Iran - and apparently continuing to offload information from its sensitive systems - have the technology for stopping its rampage. "My impression," he said, "is that somebody outside Iran has partial control at least on its spread. Can this body stop malworm in its tracks or kill it? We don't have that information at present, he said.

As it is, the Iranian officials who turned outside for help were described by another of the experts they approached as alarmed and frustrated. It has dawned on them that the trouble cannot be waved away overnight but is around for the long haul. Finding a credible specialist with the magic code for ridding them of the cyber enemy could take several months. After their own attempts to defeat Stuxnet backfired, all the Iranians can do now is to sit back and hope for the best, helpless to predict the worm's next target and which other of their strategic industries will go down or be robbed of its secrets next.

While Tehran has given out several conflicting figures on the systems and networks struck by the malworm - 30,000 to 45,000 industrial units - debkafile's sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.

Cyber attack on Iran expands: Tehran threatens long-term war in reprisal

DEBKAfile Exclusive Report September 27, 2010, 6:13 PM (GMT+02:00)

Iran admitted Monday, Sept. 27 it was under full-scale cyber terror attack. The official IRNA news agency quoted Hamid Alipour, deputy head of Iran's government Information Technology Company, as saying that the Stuxnet computer worm "is mutating and wreaking further havoc on computerized industrial equipment."


Stuxnet was no normal worm, he said: "The attack is still ongoing and new versions of this virus are spreading."

Revolutionary Guards deputy commander Hossein Salami declared his force had all the defensive structures for fighting a long-term war against "the biggest and most powerful enemies" and was ready to defend the revolution with more advanced weapons than the past. He stressed that defense systems have been designed for all points of the country, and a special plan devised for the Bushehr nuclear power plant. debkafile's military sources report that this indicates that the plant - and probably other nuclear facilities too - had been infected, although Iranian officials have insisted it has not, only the personal computers of its staff.

The Stuxnet spy worm has been created in line with the West's electronic warfare against Iran," said Mahmoud Liayi, secretary of the information technology council of the Industries Minister.

As for the origin of the Stuxnet attack, Hamid Alipour said: The hackers who enjoy "huge investments" from a series of foreign countries or organizations, designed the worm, which has affected at least 30,000 Iranian addresses, to exploit five different security vulnerabilities. This confirmed the impressions of Western experts that Stuxnet invaded Iran's Supervisory Control and Data Acquisition systems through "zero-day" access.

Alipour added the malware, the first known worm to target large-scale systems and industrial complexes control systems, is also a serious threat to personal computers.

debkafile's Iranian and intelligence sources report that these statements are preparing the ground for Tehran to go beyond condemning the states or intelligence bodies alleged to have sponsored the cyber attack on Iranian infrastructure and military industries and retaliate against them militarily. Iran is acting in the role of victim of unprovoked, full-scale, cyber terror aggression.

4 comments:

Pastorius said...

Heh, that's funny.

I just hope it doesn't spread into Western computers.

Alexander Münch said...

Nothing to worry Pasto,

This is a Farsi speaking & self fucking worm!... I know them... they are tasty!

Epaminondas said...

I looked up these security experts on 'Jewgle'. Seymour Shineberg from Brookline Mass and his cousin Shoshana are on the way to Teheran right now.

cjk said...

Go Israel!!!!!!!!!!