Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Virus

The Stuxnet worm at war in Iran Add to ...

The intrigue and mystery read like the stuff of a spy novel, updated for the digital age.

There's theories of state-sponsored sabotage, coded biblical messages, and a real computer worm called Stuxnet.

Security experts around the globe have unearthed evidence that Stuxnet was able to penetrate industrial plants in Iran and may have been deliberately crafted to destabilize that country's controversial nuclear-enrichment operations.

Recent days have brought escalating suggestions of a covert cyber-operation.

On Monday, diplomats and nuclear inspectors disclosed that Tehran's nuclear program has been beset by major technical woes that have forced thousands of uranium-enriching centrifuges to shut down, with the worm in question cited as a main suspect.

The intrigue has intensified by intimations, yet unproven, that authorship of the worm might lie in Israel, which regards Iran's nuclear ambitions as a mortal threat.

Stuxnet was first detected in June and appeared to have infiltrated industrial systems in countries such as India, Indonesia and Iran. But nuclear analysts and computer-security experts now say they believe the worm was configured in such a way that could specifically make Iran's centrifuges spin out of control.

German computer-security expert Ralph Langner said last week the worm contained two "digital warheads" designed to strike at both the Bushehr nuclear power plant and the Natanz uranium-enrichment site in Iran.

Strategically, such an attack could destroy centrifuge facilities that are unknown to international nuclear inspectors, he said.

While both the target and source for the digital assault are still uncertain, experts say the notion of trying to attack a state through cyber-sabotage isn't far-fetched.

"There's an arms race in cyberspace," said Ron Deibert, director of the Canadian Centre for Global Security Studies at the Munk School of Global Affairs in Toronto. "Governments are competing against each other within this space. Part of that implies the development of techniques, such as these, that target advanced industrial control systems through computer worms."

For now, Prof. Deibert said, it remains an open question whether a government is behind this particular offensive.

But that hasn't stopped the speculation.

Mr. Langner discovered a file inside the computer code that could point to Israel's paternity. The file's name, Myrtus, is said to be an allusion to the Hebrew word for Esther, a biblical figure regarded as the saviour of the Jews during the time of Persian domination. The Old Testament's Book of Esther tells the story of the Jews' success in thwarting a Persian plot to kill them.

A series of numbers found in the program is also feeding guesswork. The seemingly random sequence - 19790509 - could be a reference to May 9, 1979. That's the day a prominent Iranian Jew, Habib Elghanian, was executed by Tehran after being charged with "corruption" and "contacts with Israel and Zionism."

Israel certainly has the motivation to destabilize Iran, whose nuclear program is seen as a threat to Israel's existence. The United States has also been fingered as having the sophistication and capability to spring such a cyber-attack.

But experts caution about getting bogged down in Dan Brown-like conspiracies about hidden codes, and say the Myrtus and other references might be red herrings to throw off detection of the true authors.

"If you're the Mossad doing this, are you going to include a Hebrew biblical reference to a piece of software that you're using to attack your mortal enemy?" asked Rafal Rohozinski, CEO of The SecDev Group in Ottawa. "We can say that the Israelis would have good reason to do it, we could say that it would have been in the interests of the Americans, but to say that this has their fingerprints on it, and could only be mustered with their kind of resources, is not true at all."

Either way, the malware has been described as first-of-its-kind for the way it jumps from Windows-based computers to systems that control industrial equipment.

"Whether it's a 16-year-old pimply kid in Murmansk or the best brains of the Mossad - the fact is, it did do something interesting," Mr. Rohozinski added.

For its part, Iran has acknowledged that Stuxnet did infect computers in its nuclear program, including some used by workers at the Bushehr plant. Last month, Tehran announced it had arrested a number of "nuclear spies."

Experts have given credence to the idea that Tehran's nuclear program could be vulnerable to technological skulduggery. U.S. cyber-security expert Scott Borg said last year that a computer worm could be inserted through a contaminated USB memory stick to disable sensitive sites such as Iran's uranium enrichment plants. "Israel can definitely be assumed to have advanced cyber-attack capabilities," he added.

And, in fact, Stuxnet is believed to have infected Iranian facilities through a USB memory stick.

"There's strong circumstantial evidence that Iran was the object of the attack," Mr. Rohozinski said. And while there are still many unanswered questions in this bit of industrial intrigue, he's not surprised by the fascination around it.

"This is the stuff that John le Carré novels were written about."

Follow on Twitter: @iperitz

 

In the know

Most popular videos »

Highlights

More from The Globe and Mail

Most popular