IRAN: Speculation on Israeli involvement in malware computer attack


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

It took Iran several months since the reports that it was hardest hit by the computer worm known as Stuxnet but recently authorities conceded that about 30,000 IP addresses had been infected with the malware. The worm affected computers of staff at the Bushehr nuclear plant as well as Internet service providers, but officials say major systems at the plant have not been damaged.

Specialists say the malware of unprecedented expertise was custom-made to target and control particular industrial automation software and manipulate it from remote locations. It uses the Internet to spread, but the worm isn’t Internet-based, suggesting ‘patient zero’ was infected physically -- presumably by a USB device. Used for espionage or sabotage, the software infects a computer immediately but can remain latent until activated. At any given moment, there are millions of ‘zombie computers’ around the world awaiting activation, not unlike the way spy agencies use sleeper cells or agents, writes Guy Grimland (in Hebrew) of TheMarker.


When news of Stuxnet broke in July, Symantec blogged that it didn’t know who unleashed the worm, but listed several theories, considered who was more or less likely to be behind the attack, and said the attack clearly was not the job of an amateur hack. Among the possible culprits were a ‘lone wolf’; a disgruntled employee; commercial competition; state-sponsored espionage; those with nationalistic, political and religious motivations; and terrorism, which was ‘within the realm of possibility’ in a case that read ‘as if it were the latest Hollywood blockbuster.’

Now, as experts’ analyses of the worm are being published and as it becomes clearer that computers associated with Iran’s controversial nuclear program were affected, it is also becoming clearer that Stuxnet is about sabotage, not espionage, and it’s way bigger than was apparent. Computer technicians thought they could root out the virus in a month or two, senior Iranian information technology official Hamid Alipur was quoted as saying, but attacks keep coming and new versions of it continue to mutate and spread, hampering cleanup.

Gerry Egan, a top Symantec executive, told CNN that the high level of design and specialized knowledge associated with worm was not something ‘the average hacker at home or in a garage’ would have access to.

The sophistication behind Stuxnet combined with Iran’s nuclear facility as an apparent target is spawning much speculation.

The theory among experts is that this ‘took the resources of a nation-state to create a piece of malware so sophisticated,’ Richard Falkenrath of Chertoff Group told Bloomberg this week. It is theoretically possible that the U.S. did this, he said, noting that this was a remote possibility. A more likely creator, he said, was Israel.

Did Unit 8200, the Israeli army’s technology intelligence branch, plant the worm in Iran? The catchy headline in TheMarker (in Hebrew) asked the same question many others are asking but offered no answer. ‘We’ll probably never know,’ the story says.


About a year before Stuxnet was discovered (experts believe it took about six months to write the complex code), reports emerged of Israel’s turning to cyber warfare to foil Iran’s nuclear program. In late 2009, Amos Yadlin, commander of Israeli military intelligence, said the ability to collect information and launch cyber-attacks gives small countries -- and terror groups and even individuals -- power to inflict serious damage unlimited by range. And military intelligence is said to have become a combat arm like an air force or navy.

Concerns about attacks are spreading. This year the U.S. announced Cybercom, a new command to synchronize responses to cyber-threats to military systems. Next month, by the way, has been declared National Cybersecurity Awareness Month.

In the early 2000s, Israel established a central body for defending computer systems involving defense as well as strategic national infrastructure, including water, energy and banking. Most responsibility is entrusted to Shin Bet, Israel’s general security service.

-- Batsheva Sobelman in Jerusalem

Top video: Gerry Egan of Symantec talks to CNN. Via YouTube.

Bottom: Richard Falkenrath talks to Bloomberg. Via YouTube.