Was Iran Targeted by the Stuxnet Worm?

  • News
  • Thread starter lisab
  • Start date
In summary, it has been reported that Iran experienced a major cyber attack in June 2019, targeting its oil and gas infrastructure. The attack, believed to have been carried out by the United States, caused significant damage and disruption to critical systems. While Iran initially denied the attack, they later acknowledged and condemned it as an act of cyber warfare. The incident highlights the growing use of cyber attacks as a tool for political and military purposes, and serves as a reminder of the vulnerability of countries to such attacks.
  • #1
lisab
Staff Emeritus
Science Advisor
Gold Member
2,026
624
There's been speculation surrounding the "Stuxnet" worm for some time. Now the Christian Science Monitor (and others) are reporting the worm may have been targeted specifically to hit Iran's Bushehr nuclear power plant, or perhaps its Natanz nuclear centrifuge facility.

It blows my mind that Iran surrounded Bushehr with missiles, but allowed contractors to freely use USB memory sticks - apparently how the worm spreads.

It's an amazing article, a modern 'who dunnit?' which sounds like it's straight out of a Clancy novel.

http://www.csmonitor.com/USA/2010/0924/Stuxnet-worm-mystery-What-s-the-cyber-weapon-after

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
 
Last edited by a moderator:
Physics news on Phys.org
  • #2
And then we think Ahmadinejad is a crackpot...
 
  • #3
Cyberspace is naturally becoming a target for espionage.

Assuming this is due to the efforts of the CIA, or NSA, or what-have-you, was it a success mission, or bumbled probing that became noticed?
 
  • #4
Phrak said:
Cyberspace is naturally becoming a target for espionage.

Assuming this is due to the efforts of the CIA, or NSA, or what-have-you, was it a success mission, or bumbled probing that became noticed?

Well Bushehr was supposed to be up and running but it isn't, and they haven't told why. Also the centrifuge facility had several failures at the time this worm was active (according to the article, it had a halt date). So...maybe the attack was successful, but Iran certainly won't affirm that.

Your list of possible perpetrators is a good start...I'd add Israel, I think.
 
  • #5
Could it not be a case of the combined resources of the Wetern world's intelligence agencies failing where one maverick with the ability to write worm viruses succeeded?
 
  • #6
Maybe, a lot of wizzkids act alone, doing incredible things, anyway I read:

"Bushehr has all kinds of missiles around it to protect it from an airstrike," Langner says. "But this ..."

I have no idea why this was included in the writing. Could be suggestive of more hyperbole, missiles going off and hitting targets whereever, steered by the worm. The article does not state anything like that, but that interpretation is certainly not discouraged.

Maybe that the reporter had asked about such an scenario and got an 'don-t-worry' answer that he did not like, so he may have excluded that.

So let me give that don't-worry answer.

Air defense missiles are designed just to do that, with a limited range to strike air targets, also with a rather limited payload, a few kilograms rather than tonnes. This makes them virtually incapable of hostile action against groundtargets at longer range than one or two hunderd kilometers. Most point defence weapons are in the dozen kilometer order of magnitude range, if not less.

Just my two cents.
 
  • #7
Andre said:
I have no idea why this was included in the writing. Could be suggestive of more hyperbole, missiles going off and hitting targets whereever, steered by the worm. The article does not state anything like that, but that interpretation is certainly not discouraged.

It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.
 
  • #8
Office_Shredder said:
It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

That's how I read it.
 
  • #9
I think this is funny! We have been worried about the grid and defensive systems for a long time now. I forget how many cyber attacks the Pentagon fends off each day, but it's a big number. The notion that this same threat could keep ole looney toons in check for a time, is downright poetic.

It reminds a bit of the homing beacons that we hid in printers sold to Saddam - printers that we knew were going to defensive facilities! When the first Gulf War broke out, we just activated the beacons remotely and keyed missiles to the signals from the beacons.
 
Last edited:
  • #10
Office_Shredder said:
It's supposed to give you the impression that the place is bristling with defenses, and is intended to be impervious, except there's a gaping backdoor.

that's the obvious point. missed by some.
 
Last edited by a moderator:
  • #11
medgar said:
that's the obvious point. missed by some.
It's only obvious to those who find it obvious. :wink: When one doesn't say what one means, there is always the danger the meaning will get lost.
 
  • #12
Hurkyl said:
It's only obvious to those who find it obvious. :wink: When one doesn't say what one means, there is always the danger the meaning will get lost.

agreed. sorry if it seemed judgemental.
 
  • #13
Don't forget English is not a first language to many of PF posters, sometimes unexpected subtleties work against our understanding of seemingly obvious statements.
 
  • #14
lisab said:
There's been speculation surrounding the "Stuxnet" worm for some time. Now the Christian Science Monitor (and others) are reporting the worm may have been targeted specifically to hit Iran's Bushehr nuclear power plant, or perhaps its Natanz nuclear centrifuge facility.

It blows my mind that Iran surrounded Bushehr with missiles, but allowed contractors to freely use USB memory sticks - apparently how the worm spreads.

It's an amazing article, a modern 'who dunnit?' which sounds like it's straight out of a Clancy novel.

http://www.csmonitor.com/USA/2010/0924/Stuxnet-worm-mystery-What-s-the-cyber-weapon-after

http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices

Cool! It's about time someone other than our DOD, State Department or LANL gets cyberattacked!
 
Last edited by a moderator:
  • #15
skippy1729 said:
Cool! It's about time someone other than our DOD, State Department or LANL gets cyberattacked!

I was waiting for someone to point out that we're just about as dumbly unprepared as most other nations in this arena.

I for one have no problem believing that this was the work of one person, or a small group of hackers or even script-kiddies with a bit of experience. Hell, it could even be a pissed of Iranian national or ex-pat with time and an education.
 
  • #16
nismaratwork said:
I was waiting for someone to point out that we're just about as dumbly unprepared as most other nations in this arena.

I for one have no problem believing that this was the work of one person, or a small group of hackers or even script-kiddies with a bit of experience. Hell, it could even be a pissed of Iranian national or ex-pat with time and an education.

I'm not so sure it's a single person or even a small group. Apparently the worm seeks a very specific process control fingerprint, made only by Siemens*. Once it recognizes the fingerprint, it launches and re-writes the process control software. That's pretty specific knowledge.

*I'm not sure if Siemens also uses that process control code for other industrial processes. If it's specific to nuclear reactors, that makes it even more likely that it was written by a nation state.
 
  • #17
lisab said:
I'm not so sure it's a single person or even a small group. Apparently the worm seeks a very specific process control fingerprint, made only by Siemens*. Once it recognizes the fingerprint, it launches and re-writes the process control software. That's pretty specific knowledge.

*I'm not sure if Siemens also uses that process control code for other industrial processes. If it's specific to nuclear reactors, that makes it even more likely that it was written by a nation state.

Or someone who works or worked for Siemens. Never underestimate the power of a pissed-off employee.
 
  • #18
I have read one thing the Chinese do is have whole specialized teams of elite hackers work together. And not just one team either. They'll have a team for one part of a major hack, then another team handle another part of the hack, and so on; this they believe is how the Chinese stole all sorts of information from some major American corporations without said corporations even being aware at first.
 
  • #19
CAC1001 said:
I have read one thing the Chinese do is have whole specialized teams of elite hackers work together. And not just one team either.

Do you think this is unusual amongst major nations?
 
  • #20
CRGreathouse said:
Do you think this is unusual amongst major nations?

...and here I thought the NSA was just there for show! *facepalm*

Then again, CAC1001 isn't wrong, china does in fact do just what he said. He's just... selective in his view.
 
  • #21
CRGreathouse said:
Do you think this is unusual amongst major nations?

No I don't think it is unusual, I was responding more to nismaratwork's post when he said he thought the Iran attack was the work of one person, so I thought I would mention that the Chinese attack was likely the work of whole entire teams.

I am well-aware that if the Chinese use hacker teams that the NSA and so forth probably do the same, but we know for sure that the Chinese attacked some major American corporations. We can only suspect via commonsense, that America does the same.
 
  • #22
CAC1001 said:
No I don't think it is unusual, I was responding more to nismaratwork's post when he said he thought the Iran attack was the work of one person, so I thought I would mention that the Chinese attack was likely the work of whole entire teams.

I am well-aware that if the Chinese use hacker teams that the NSA and so forth probably do the same, but we know for sure that the Chinese attacked some major American corporations. We can only suspect via commonsense, that America does the same.

Ahhh, the creation of a worm doesn't need to be a team effort; China and the USA (and others) tend to focus those group efforts on coordinated attacks, rather than the creation of a self-propogating bug. Much as so many viruses come out of places like Romania (education + no job prospects), but an actual "cyber attacK" takes coordinated work.
 
  • #23
Listening to the news this morning, apparently this same worm as affected a few other systems around the world, as well. It's surmised that its effect on the Iranian nuclear program was serious because their cyber security was so poor.

I understand their approach to security was "don't hook it up to the Internet," but when contractors are constantly plugging into the power station's LAN with thumb drives... (sneakernet)
 
  • #24
nismaratwork said:
Ahhh, the creation of a worm doesn't need to be a team effort; China and the USA (and others) tend to focus those group efforts on coordinated attacks, rather than the creation of a self-propogating bug. Much as so many viruses come out of places like Romania (education + no job prospects), but an actual "cyber attacK" takes coordinated work.

Ahh okay, I see what you were saying.
 
  • #25
CAC1001 said:
Ahh okay, I see what you were saying.

Yeah, the jargon is often mixed in the media, so there's no reason that you or anyone would assume anything other than what you did.
 

FAQ: Was Iran Targeted by the Stuxnet Worm?

What evidence is there to suggest that Iran sustained a cyber attack?

There have been reports from Iranian officials and cybersecurity experts that suggest Iran has been the target of a cyber attack. Additionally, there have been disruptions to Iran's internet and communication systems, which is a common sign of a cyber attack.

Who is believed to be responsible for the cyber attack on Iran?

The responsible party is not yet confirmed, but there have been reports that the United States and Israel may have been involved in the attack. However, both countries have denied any involvement.

What type of damage could a cyber attack cause to Iran?

A cyber attack could potentially cause significant damage to Iran's infrastructure, government systems, financial systems, and communication networks. It could also lead to the theft of sensitive information and disruption of daily operations.

Has Iran responded to the cyber attack?

Iran has not officially responded to the cyber attack, but there have been reports of Iranian officials stating they have successfully defended against the attack and are working to strengthen their cybersecurity measures.

Could this cyber attack lead to a larger conflict between Iran and other countries?

It is possible that a cyber attack on Iran could escalate tensions between Iran and other countries, but it is difficult to determine the exact impact at this time. It will depend on the severity of the attack and how Iran chooses to respond.

Similar threads

Stuxnet specifically to destroy a real-world target
Replies
1
Views
3K
Iran's Nuclear Weapons Program Crippled by Computer Worm
Replies
8
Views
4K
News Third Option For Dealing With Iran
2
Replies
35
Views
4K

Hot Threads

Recent Insights

Back
Top