The Stuxnet computer virus, suspected to have been created by the CIA to impede Iran’s nuclear program, may have led to extensive collateral damage by affecting Siemens control software in India and Indonesia to a large extent and in over 100 other countries to a smaller extent.
Since first being detected in 2010, Stuxnet infected over 8,500 Indian systems in the first five days, another 5,000 in Indonesia and about 3,000 in Iran, according to media reports. In all Siemens control software systems in 115 countries are suspected to have been affected.
The sophisticated attacks on Iran’s Bushehr nuclear plant began by taking advantage of the Siemens SCADA (Supervisory Control And Data Acquisition) software which is widely used in industrial applications, allowing the centrifuge machines to work so slow that it did not yield any enriched uranium.
“This is how it worked; Centrifuge machines at the Bushehr plant were being controlled by standalone systems running SCADA. There are evidences that indicate that the Stuxnet worm found its way into the Bushehr nuclear plant through the infected laptops of maintenance engineers,” says Rakesh Kharwal, Director – Government Business, McAfee India.
According to Kharwal, maintenance engineers using Microsoft windows were the first target. The unsuspecting engineers took their infected pen drives to the plant (after a virus scan which was unable to spot Stuxnet) for running routine diagnostics on the control systems. “Once inside SCADA, it took control of all the systems. But, most interestingly, Stuxnet only targeted a system if it had Siemens software,” he explained.
Once Stuxnet entered SCADA, the bug did not take full control of systems making them go haywire but instead tweaked the controls ensuring that the centrifuge yielded very little without going defunct. “Subsequently, the centrifuge machines, during the productive period, worked so inefficiently that they hardly enriched any uranium quantity before going out of order,” said Kharwal.
Over time, vulnerabilities were introduced into critical infrastructure as the antiquated systems of power companies were hooked to the Internet for remote management and reporting purposes. Thus, allowing cyber attackers an entry point.
There is intense speculation that the Stuxnet was created by the CIA and the Israeli secret service as part of a cyber war waged against Iran. The way Stuxnet functioned could not have been the work of criminals as no attempt was made to hijack data for gain. Instead, the purpose seems to have been to cause damage to the Iranian nuclear program with little concern for collateral damage, again a CIA trait.
While declining to speculate if the CIA was responsible for creating the Stuxnet virus, Kharwal said, “It (Stuxnet) was designed for a specific purpose, for a specific country and it also impacted other countries, including India. Critical infrastructure will always get targeted in most countries and India is no exception to this. There is a thriving cyber crime industry, sometimes also state sponsored. Hence, all organizations & governments need to adopt appropriate counter measures to protect their infrastructure”.
McAfee is working on a smart grid security system to protect critical infrastructure such as power plants and utilities from devastating cyber attacks.
Stuxnet was designed to self-destruct in June 2012 and has sparked similar viruses. One called Duqu creates files to gain general remote access capabilities which help attackers to gather intelligence from a private entity to aid future attacks on a third party. Another virus called Flame is specifically designed to target Middle Eastern countries which upon entering computer systems, can release back-door programs, and gather intelligence from keyboard, screen, microphone, storage devices, networks, Wi-Fi, USB and system processes.
The Stuxnet worm is suspected to have the caused the Indian Space Research Organization’s (ISRO) failure to launch INSAT-4B satellite.
According to reports, the solar panels of India’s INSAT-4B satellite died after a technical glitch was found causing 12 of its 24 transponders shutting down. There is no official word on this from ISRO linking the failure to the Stuxnet virus.