Has the West declared cyber war on Iran?

Experts say the computer virus found in a nuclear plant is the work of a foreign power

Computers can go wrong, and everyone is used to it. But that's at home. We assume that the machines controlling the infrastructure that makes everything tick – power stations, chemical works, water purification plants – have rock-solid defences in place to deal with unexplained crashes or virus attacks by malicious strangers.

Now, though, a new kind of online sabotage has reached its zenith with a self-replicating "worm" that started on a single USB drive and has spread rapidly through industrial computer systems around the world.

So sophisticated that many analysts believe it can only be part of a state-sponsored attack, the Stuxnet worm - or "malware" – is the first such programming creation designed with the specific intention of causing real world damage. And if the experts are right, it could herald a new chapter in the history of cyber warfare.

The worm, designed to spy on and subsequently reprogramme industrial systems running a specific piece of industrial control software produced by German company Siemens, has now been detected on computers in Indonesia, India and Pakistan, but more significantly Iran; 60 per cent of current infections have taken place within the country, with some 30,000 internet-connected computers affected so far, including machines at the nuclear power plant in Bushehr, due to open in the next few weeks.

Yesterday Hamid Alipour, deputy head of Iran's Information Technology Company, warned that nearly four months after it was identified, "new versions of the virus are spreading". And he claimed that the hackers responsible must have been the result of "huge investment" by a group of hostile nations.

Despite intense scrutiny of the code by malware experts, they have so far been unable to discover exactly what the intended target of Stuxnet may be, or has been. But Alan Bentley, international vice president at security firm Lumension, is in no doubt that it's "the most refined piece of malware ever discovered".

The motive is certainly not, as is usual with such attacks, financial gain or simple tomfoolery; Stuxnet is intelligent enough to target specific kinds of industrial computer systems configured in a certain way and then, if it finds what it's looking for, seek new orders to disrupt them.

Two potential targets of the worm may have been nuclear facilities within Iran at Bushehr and Natanz; indeed, a document on the website Wikileaks suggests that a nuclear accident may have occurred at Natanz during early July 2009, followed shortly afterwards by the unexplained resignation of the head of Iran's Atomic Energy Organisation.

But if that was Stuxnet's intended target, it has continued to spread regardless, causing consternation at industrial facilities worldwide. Melissa Hathaway, a former US national cybersecurity coordinator, has expressed particular concern at the availability of Stuxnet's code and the techniques it employs to the wider internet community, saying: "We have about 90 days to fix this before some hacker begins using it."

Security software firm Symantec has estimated that Stuxnet would have taken between five and ten specialists around six months to compile – a resource not within the means of the average internet criminal. One of the engineers working on unpicking the code expressed his surprise at the sophistication of the project, adding: "This is what nation states build if their only other option would be to go to war."

Iran's deeply controversial nuclear ambitions throw up any number of likely suspects, but a number of fingers have pointed at Israel, and in particular its intelligence corps, Unit 8200. Last summer, Reuters reported on Israel's burgeoning cyber-warfare project, with a recently retired Israeli security cabinet member stating that Iran's computer networks were very vulnerable.

Scott Borg, director of the US Cyber Consequences Unit, added that "a contaminated USB stick would be enough" to commandeer the controls of sensitive sites such as uranium enrichment plants – a rather prescient prediction.

The ramifications of this incident are considerable. Not only are there worries about the effects of Stuxnet, a largely invisible piece of malware, upon computers that are critical to people's everyday lives, but there's also great concern over the poor level of computer security being employed by those operating such machines. Stuxnet made its way into computer systems via vulnerabilities in Microsoft's Windows operating system, before taking control of the Siemens software via its default password.

The fact that something as mundane as a password issue could have such a critical effect has also caused consternation amongst commentators and analysts – as has the unnerving announcement from Siemens to its customers not to change that password lest it "impact plant operations". Siemens has offered a free download on its website to remove Stuxnet; while this is a common procedure for many viruses, it's alarming that a nuclear facility would have to do such a thing to ensure its stability.

Stuxnet has kicked off an additional debate over exactly how prevalent this kind of cyber-attack may already be. This is far from the first incident where governments have found themselves under attack via computer.

Russian sites were attacked during the South Ossetia war in 2008. In 2007, the US suffered a vast data theft in what one senior official dubbed "an espionage Pearl Harbor". And when Israel attacked a suspected Syrian reactor in the same year, it may have used an " off switch" buried in the Syrian radar system to allow its aircraft to travel undetected.

And yet not every aspect of these attacks goes smoothly. For all the sophistication of the Stuxnet worm, one school of thought suggests that something actually went wrong; after setting itself a very particular task, it has accidentally spread to thousands of machines it never intended to attack, thus bringing it to wider attention and opening eyes to the possibility that this kind of activity may have been going on undetected for some time.

Iran's official IRNA news agency reports that only personal machines have been affected at the Bushehr plant, with the main operating system unaffected. It is nonetheless safe to say that the new potential for industrial sabotage could soon make an old-fashioned error message seem like very small fry indeed.

Life and Style
ebookNow available in paperback
ebookPart of The Independent’s new eBook series The Great Composers
Arts and Entertainment
Books should be for everyone, says Els, 8. Publisher Scholastic now agrees
booksAn eight-year-old saw a pirate book was ‘for boys’ and took on the publishers
Life and Style
Mary Beard received abuse after speaking positively on 'Question Time' about immigrant workers: 'When people say ridiculous, untrue and hurtful things, then I think you should call them out'
Life and Style
Most mail-order brides are thought to come from Thailand, the Philippines and Romania
Life and Style
Margaret Thatcher, with her director of publicity Sir Gordon Reece, who helped her and the Tory Party to victory in 1979
voicesThe subject is being celebrated by the V&A museum, triggering some happy memories for former PR man DJ Taylor
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: Head of IT - Hertfordshire - £90,000

    £70000 - £90000 per annum + bonus + car allowance + benefits: Ashdown Group: H...

    Ashdown Group: Application Support Analyst - SQL Server, T-SQL

    £28000 - £32000 per annum + Excellent benefits: Ashdown Group: Application Sup...

    Ashdown Group: Systems Analyst / Data Analyst (SQL Server, T-SQL, data)

    £28000 - £32000 per annum + Excellent benefits: Ashdown Group: Systems Analyst...

    Ashdown Group: European Recruitment Manager - Cheshire - up to £48,000

    £40000 - £48000 per annum + bonus and benefits: Ashdown Group: European Recrui...

    Day In a Page

    General Election 2015: Chuka Umunna on the benefits of immigration, humility – and his leader Ed Miliband

    Chuka Umunna: A virus of racism runs through Ukip

    The shadow business secretary on the benefits of immigration, humility – and his leader Ed Miliband
    Yemen crisis: This exotic war will soon become Europe's problem

    Yemen's exotic war will soon affect Europe

    Terrorism and boatloads of desperate migrants will be the outcome of the Saudi air campaign, says Patrick Cockburn
    Marginal Streets project aims to document voters in the run-up to the General Election

    Marginal Streets project documents voters

    Independent photographers Joseph Fox and Orlando Gili are uploading two portraits of constituents to their website for each day of the campaign
    Game of Thrones: Visit the real-life kingdom of Westeros to see where violent history ends and telly tourism begins

    The real-life kingdom of Westeros

    Is there something a little uncomfortable about Game of Thrones shooting in Northern Ireland?
    How to survive a social-media mauling, by the tough women of Twitter

    How to survive a Twitter mauling

    Mary Beard, Caroline Criado-Perez, Louise Mensch, Bunny La Roche and Courtney Barrasford reveal how to trounce the trolls
    Gallipoli centenary: At dawn, the young remember the young who perished in one of the First World War's bloodiest battles

    At dawn, the young remember the young

    A century ago, soldiers of the Empire – many no more than boys – spilt on to Gallipoli’s beaches. On this 100th Anzac Day, there are personal, poetic tributes to their sacrifice
    Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves

    Follow the money as never before

    Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves, reports Rupert Cornwell
    Samuel West interview: The actor and director on austerity, unionisation, and not mentioning his famous parents

    Samuel West interview

    The actor and director on austerity, unionisation, and not mentioning his famous parents
    General Election 2015: Imagine if the leading political parties were fashion labels

    Imagine if the leading political parties were fashion labels

    Fashion editor, Alexander Fury, on what the leaders' appearances tell us about them
    Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

    Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

    The architect of the HeForShe movement and head of UN Women on the world's failure to combat domestic violence
    Public relations as 'art'? Surely not

    Confessions of a former PR man

    The 'art' of public relations is being celebrated by the V&A museum, triggering some happy memories for DJ Taylor
    Bill Granger recipes: Our chef succumbs to his sugar cravings with super-luxurious sweet treats

    Bill Granger's luxurious sweet treats

    Our chef loves to stop for 30 minutes to catch up on the day's gossip, while nibbling on something sweet
    London Marathon 2015: Paula Radcliffe and the mother of all goodbyes

    The mother of all goodbyes

    Paula Radcliffe's farewell to the London Marathon will be a family affair
    Everton vs Manchester United: Steven Naismith demands 'better' if Toffees are to upset the odds against United

    Steven Naismith: 'We know we must do better'

    The Everton forward explains the reasons behind club's decline this season
    Arsenal vs Chelsea: Praise to Arsene Wenger for having the courage of his convictions

    Michael Calvin's Last Word

    Praise to Wenger for having the courage of his convictions