A sophisticated computer virus that targets solely Siemens SCADA, or "supervisory control and data acquisition," systems, has infiltrated systems across the globe, and has hit Iran "very hard." The Stuxnet virus has reportedly struck industrial sites throughout Iran, including its nuclear facilities.
SCADA systems are commonly used to manage oil rigs, power plants, water facilities, and other industrial plants. Stuxnet was first identified this summer, but the Windows vulnerability exploited by the malware was first described
in April of 2009. Microsoft confirmed earlier this week that it "overlooked" the vulnerability when it was revealed last year. Two of the four vulnerabilities exploited by the worm were patched in this month's Patch Tuesday.
At the same time, on Saturday, it was reported
that the United States knows neither the source nor the purpose of Stuxnet. It should be noted that for some time there has been concern that attackers may one day hack into or attack (via malware) the infrastructure of countries, and the attack on Siemens systems fits right into that mold.
The vulnerability of these Windows
-based systems that aren't personal computers, but have the same exploits available has been expressed before as well. Often, these systems, which also include print servers and anything Windows-based, are not protected by antivirus software, and are not regularly patched.
Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC) said,
"One of our hardest jobs is attribution and intent. We've conducted analysis on the software itself. It's very difficult to say 'This is what it was targeted to do.'
"We know that it's not doing anything specifically malicious right now. It would be premature to speculate at this time.
"We're not looking for where it came from but trying to prevent the spread."
McGurk added that Siemens is "reaching out to their customer base" to help deal with the infection.
The sophistication of the malware has led to some speculation by security experts that it was created by state-sponsored developers or some sort of state secret service. Based on its state-sponsored hackers or a state secret service. The malware has also been reported in Indonesia, Pakistan, India and more and thus, it is unclear that Iran was a primary target. However, the sheer number of systems in Iran that have been hit by Stuxnet is out-of-bounds with the rest of the infection statistics.
One Iranian official, Mahmud Liai of the Ministry of Industry and Mines, was quoted
as saying that 30,000 Iranian computers had been affected. He added that Stuxnet was “part of the electronic warfare against Iran.”
According to German computer security researcher Ralph Langner, who has been analyzing Stuxnet since it was discovered in June, Stuxnet is able to recognize a specific facility's control network and then destroy it. He believes Stuxnet's primary target was the Bushehr nuclear facility in Iran. That plant was built with Russian help, but unspecified problems have delayed its operation.