Stuxnet 'running wild' at vital Bashehr and Nanantz facilities... may be all but unstoppable
Iran's nuclear program is still in chaos despite its leaders' adamant claim that they have contained the computer worm that attacked their facilities, cybersecurity experts in the United States and Europe say.
The American and European experts say their security websites, which deal with the computer worm known as Stuxnet, continue to be swamped with traffic from Tehran and other places in the Islamic Republic, an indication that the worm continues to infect the computers at Iran's two nuclear sites.
The Stuxnet worm, named after initials found in its code, is the most sophisticated cyberweapon ever created. Examination of the worm shows it was a cybermissile designed to penetrate advanced security systems. It was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bashehr. Stuxnet was designed to take over the control systems and evade detection, and it apparently was very successful.
Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled.
The second part of that claim, experts say, doesn’t ring true. Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed.
The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz. “The effort has been stunning," Byres said.
"Two years ago American users on my site outnumbered Iranians by 100 to 1. Today we are close to a majority of Iranian users.” He said that while there may be some individual computer owners from Iran looking for information about the virus, it was unlikely that they were responsible for the vast majority of the inquiries because the worm targeted only the two nuclear sites and did no damage to the thousands of other computers it infiltrated.
At one of the larger American web companies offering advice on how to eliminate the worm, traffic from Iran has swamped that of its largest user: the United States. “Our traffic from Iran has really spiked”...
Ralph Langner, the German expert who was among the first to study and raise alarms about Stuxnet, said he was not surprised by the development. “The Iranians don’t have the depth of knowledge to handle the worm or understand its complexity,” he said, raising the possibility that they may never succeed in eliminating it.
“Here is their problem. They should throw out every personal computer involved with the nuclear program and start over, but they can’t do that. Moreover, they are completely dependent on outside companies for the construction and maintenance of their nuclear facilities. They should throw out their computers as well. But they can’t,“ he explained. “They will just continually re-infect themselves.”
“With the best of expertise and equipment it would take another year for the plants to function normally again because it is so hard to get the worm out. It even hides in the back-up systems. But they can’t do it,” he said.
And Iran’s anti-worm effort may have had another setback. In Tehran, men on motorcycles attacked two leading nuclear scientists on their way to work. Using magnetic bombs, the motorcyclists pulled alongside their cars and attached the devices. One scientist was wounded and the other killed. Confirmed reports say that the murdered scientist was in charge of dealing with the Stuxnet virus at the nuclear plants...