Iran Confirms Nuclear System Hit By Virus

Analysis of a major worm virus that specifically targets industrial control systems shows that three-fifths of the infected machines were in Iran. There's now speculation that the country's nuclear program was the target -- and that a national government might have been the culprit.

It has been known since July that the Stuxnet virus targeted Iran. Over a three-day period that month, 58.85 per cent of all Stuxnet-infected machines were in the country. (Source: symantec.com)

Infrastructure Under Attack

The virus is carefully crafted to breach SCADA (supervisory control and data acquisition) systems used for infrastructure such as large scale communications, distribution, manufacturing and power generation.

What's changed recently is that Iran has confirmed the infection and even admitted its Atomic Energy Organization has had special meetings to discuss how to remove Stuxnet.

Windows "Shortcut Flaw" Exploit The Key

There's something of a consensus in the security community that Stuxnet is among the most sophisticated pieces of malware ever recorded.

PCMag's Larry Seltzer explained that it was the first known attack to exploit the recently discovered "shortcut" flaw in Windows: whenever Stuxnet gets onto a machine, it copies itself to any removable media such as USB drives, creating a shortcut file that will then open as soon as the drive is inserted into another machine, installing the virus. (Source: pcmag.com)

Stuxnet also exploits three other Windows bugs to spread itself, and has compromised at least two digital certificate systems to bypass security checks. Once it gets onto a SCADA system, it attempts to insert malicious code directly into the system's programs, but uses a technique that can't easily be detected.

Zero Day Flaws Exaggerate, Amplify Attacks

It's not just the level of sophistication that suggests this is not the work of an ordinary hacker. The fact that it also uses four different zero day attacks (those which exploit bugs before even Microsoft knows about them and begins working on a fix) has also raised eyebrows.

Normally, a hacker discovering a zero day bug would put their efforts into exploiting it because of the limited time available before a fix was issued; working on two zero-days at the same time is considered wasteful because it divides resources which could otherwise be used to resolve one of the issues sooner.

Invasive Hackery Not Considered Amateur

Some sources have suggested that only a national government might have the resources to carry out such an attack. That theory is gaining ground thanks to rumors that the attack was targeted at Iran's first nuclear power plant, due to open in October of this year.

It should be noted that these two ideas might be self-perpetuating: people may be assuming that if a national government is the attacker, the nuclear power plant must be the target, and vice-versa.