BBC BLOGS - Today: Tom Feilden
« Previous | Main | Next »

Cyber war or science fiction?

Tom Feilden | 09:19 UK time, Tuesday, 5 October 2010

An Iranian security man stands next to journalists outside the reactor building at the Russian-built Bushehr nuclear power plant in southern Iran

The announcement, from Iran's intelligence minister Heidar Moslehi, that the authorities in Tehran have arrested a number of "nuclear spies" and defeated attempts to sabotage the country's civil nuclear programme, has thrust Stuxnet - a mysterious computer virus - into the media spotlight. Could this be the first salvo in a new form of warfare - cyber war?

The programme, which targets industrial control systems in big infrastructure projects, first appeared last year.

It's caused problems in India, Indonesia and the US, but the country worst affected seems to be Iran, where 60% of all reported incidents have occurred and where the virus has been found on laptops belonging to staff at the Bushehr nuclear power plant, due to come online later this year.

Who created Stuxnet, and exactly what it does or how it works, remains shrouded in mystery. But the size and complexity of its coding has surprised computer experts, fuelling speculation that this is an orchestrated, hostile act designed to bring an enemy to its knees without a shot being fired. Inevitably suspicion has focused on the Unites States and Israel.

The idea of cyber war - disrupting the electricity grid or water supply system, or interfering in computer operated programmes like the air traffic control systems of an enemy - has long been a staple of science fiction.

But while there have been one or two examples of entire computer networks suspiciously crashing (in Estonia for instance in 2007, when banks, government departments and national media outlets found their websites swamped by massive amounts of spam), there's been no clear evidence of deliberate sabotage.

Stuxnet seems to fit the bill for the first act in a new form of cyber warfare because it specifically targets these infrastructure control systems.

As one analyst involved in trying to reverse engineer the virus put it. "This is what a nation state would do if the only other option was to go to war."

Despite the fact that no-one is even sure if there is such a thing as cyber war a number of countries, including the US, have invested heavily in combating the threat of attack.

In order to see this content you need to have both Javascript enabled and Flash installed. Visit BBC Webwise for full instructions. If you're reading via RSS, you'll need to visit the blog to access this content.

Speaking on the programme this morning the man who coined the term cyberspace, William Gibson, said what surprised him most was how long it had taken to happen.

"This isn't defence in cyberspace anymore, it's just defence. Twenty years ago this was another world, but today its our world. It's where the bank keeps your money."

Comments

  • Comment number 1.

    This is scary stuff.
    The Stuxnet worm has initiated much talk about a top secret, Government-produced project for "cyberwarfare".
    The software program is loaded with obscure biblical references.
    Why?
    Stuxnet is not new. It first appeared in July. Stuxnet is believed to be the first malware that targets the controls of infrastructure (e.g. industrial facilities such as power plants).
    It was a German security researcher who said in mid-September that Stuxnet may have been created to sabotage a nuclear power in Iran.
    Here's what we know:
    As of now, there is no evidence as to who invented this malware (or even what country(s) were targetted, though it's clear most of the infections have been in Iran about 60% (followed by Indonesia at about 20% and India at 10%).
    Or was Natanz the target?
    Natanz is the primary location of Iran's nuclear enrichment program. BBC reported that the Head of Iran's Atomic Energy Organization, Gholam Reza Aghazadeh, resigned under mysterious circumstances. Frank Rieger, Chief Technology Officer, GSMK in Berlin, confirmed the resignation. Rieger also noted that the number of operating centrifuges in Natanz shrank significantly around Stuxnet time.
    Iranian intelligence confirmed detention of several "spies" connected to cyberattacks. Iranian officials have said that 30,000 computers were affected. The project manager at the Bushehr Nuclear Plant said workers there were trying to remove the malware from several computers, though it "has not caused any serious damage to major systems of the plant".
    Specialists have hypothesized that it would take the resources of a big Government to create such malware. Symantec says that it has reverse engineered the Stuxnet code and uncovered some references that could support the contention that Israel was behind the malware.
    But one has to watch for misleading information designed to divert attention away from the actual culprit.
    Stuxnet, for instance, will not infect a computer if "19790509" is in a registry key. Symantec noted that that the registry key # might stand for May 9, 1979 - date of a famous execution of a prominent Iranian Jew in Tehran. There are also references to two file directory names in the code that Symantec said could be Jewish biblical references: "guavas" and "myrtus." "Myrtus" is the Latin word for "Myrtle," which was another name for Esther; whereas, gauvas plants are part of the Myrtle family.
    Symantec's report found the use of "0xDEADF007" indicates when the process has reached its final state. The report suggests that it may refer to Dead Fool or Dead Foot, which refers to engine failure on an airplane.
    There is a "kill date"; Stuxnet is designed to stop spreading on June 24, 2012. However, infected computers will still be able to communicate peer-to-peer, and machines that are configured with the wrong date will, of course, keep on running.
    (Interesting point: Deepwater Horizon did have some Siemens PLC systems on it.)

  • Comment number 2.

    Do any UK nuclear facilities contain Siemens Programmable Logic Controllers?

  • Comment number 3.

    Added to your bookmarks. Now you'll read much more often! Here we are Russian! Unfortunately I did not have big problems with English.

  • Comment number 4.

    All this user's posts have been removed.Why?

  • Comment number 5.

    This comment was removed because the moderators found it broke the house rules. Explain.

 

BBC iD

Sign in

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.