Stuxnet Worm: Orchestrated by What State?
THE MEMORY STICKS were scattered in a washroom at a US military base in the Middle East that was providing support for the Iraq war.
They were deliberately infected with a computer worm, and the undisclosed foreign intelligence agency behind the operation was counting on the fallibility of human nature. According to those familiar with the events, it calculated that a soldier would pick up one of the memory sticks, pocket it and – against regulations – eventually plug it into a military laptop.
It was correct.
The result was the delivery of a self-propagating malicious worm into the computer system of the US military’s central command – Centcom – which would take 14 months to eradicate.
That attack took place in 2008 and was acknowledged by the Pentagon only this August. It was strikingly similar to the recently disclosed cyber attack on Iran’s nuclear facilities using the Stuxnet worm, which also appears to have used contaminated hardware in an attempt to cripple Iran’s nuclear programme.
Like the attack on Centcom’s computers, the Stuxnet worm, which Iran admits has affected 30,000 of its computers, was a sophisticated attack almost certainly orchestrated by a state. It also appears that intelligence operatives were used to deliver the worm to its goal.
Its primary target, computer security experts say, was a control system manufactured by Siemens and used widely by Iran, not least in its nuclear facilities.
Yesterday, Iran confirmed that the worm had been found on laptops at the Bushehr nuclear reactor, which had been due to go online next month but has now been delayed. It denied the worm had infected the main operating system or caused the delay.
“I say firmly that enemies have failed so far to damage our nuclear systems through computer worms, despite all of their measures, and we have cleaned our systems,” Ali Akbar Salehi, the head of Iran’s atomic energy agency, told the Iranian Students News Agency.