Iran Acknowledges Stuxnet Worm Infection

By Alexis C. Madrigal

Most of the what we know about the Stuxnet worm, which some consider the most sophisticated malware ever, has come from independent security researchers. They noted it could attack the Siemens industrial systems that control power plants, oil pipelines and the like. And they also pointed out that a disproportionate number Iranian computers were infected. Taking those facts together, speculation ran rampant that some state-backed entity created the worm to hamper Iran's nuclear push.

Now, various Iranian agencies have acknowledged the worm's presence, even though (as you might expect) they provided little detail about particular targets or defenses. The Mehr News Agency ran a story with headline, "Iran Successfully Battling Cyber Attack."

One interesting thing to note is that Mehr described the worm as "designed to transfer data about production lines from our industrial plants to (locations) outside of the country." International security researchers went quite a bit farther, noting that what made Stuxnet special was its ability to control industrial systems, not just snoop on them.

The Bushehr nuclear power plant project manager denied that Stuxnet had any impact on the "main systems of the Bushehr power plant," on Iran's Arabic-language Al-Alam television network."All computer programmes in the plant are working normally and have not crashed due to Stuxnet," the manager said.

Here's Computer World with a roundup of other activity by Iranian government officials:
 

According to the Tehran-based Mehr News Agency, Mahmoud Alyaie, an IT official with Iran's industries and mines ministry, said that 30,000 IP addresses in the country had been infected with Stuxnet. Multiple computers can access the Internet via a single IP address, so the total number of infected Windows PCs may be considerably larger.

A working group composed of experts from several Iranian government ministries has been established to deal with the Stuxnet infection, Alyaie said.

Other sources quoted by Mehr claimed that Iran has the capability to craft the necessary antivirus tools to detect and destroy the worm. Also on Saturday, the Associated Press (AP) news service said that experts from Iran's nuclear energy agency met last Tuesday to plan how to remove Stuxnet from infected PCs. Citing the ISNA news agency, another Tehran-based organization, the AP said no victimized plants or facilities had been named.

Speculation about Stuxnet's likely target has focused on the Bushehr reactor. Saturday, the Web site of Iran's Atomic Energy Organization included a link to a lengthy Mehr story on Stuxnet. That story noted that government officials said that "serious damage that caused damage and disablement" had been reported to officials.

Read the full story at Computer World, the Iranian news agency story, and a good summary at The New York Times.

This article available online at:

http://www.theatlantic.com/technology/archive/2010/09/iran-acknowledges-stuxnet-worm-infection/63563/