Josh Halliday – The Age September 26, 2010
A COMPUTER worm that targets industrial and factory systems is almost certainly the work of a national government agency, say security experts who warn it could be near-impossible to identify the culprit.
There has been speculation that the target of the virus was Iran's controversial Bushehr nuclear power plant and that it was created by Israeli hackers.
The Stuxnet computer worm, which has been described as one of the ''most refined pieces of malware ever discovered'', has been most active in Iran according to security firm Symantec
The Stuxnet computer worm, which has been described as one of the ''most refined pieces of malware ever discovered'', has been most active in Iran according to security firm Symantec.
Security experts say that Stuxnet is a targeted attack on industrial locations in specific countries, and its sophistication takes it above previous attacks of a similar nature.
Latest Symantec figures from August show 60 per cent of the computers infected by Stuxnet are located in Iran, up from 25 per cent in July.
The company believes the creators of the virus would have been well-funded as it would have taken six months to build.
Alan Bentley, senior international vice-president at security company Lumension, said Stuxnet was ''the most refined piece of malware ever discovered''. Its purpose, unusually, was not mischief or financial reward. ''It was aimed right at the heart of a critical infrastructure,'' he said.
But a senior consultant with online security company Sophos, Graham Cluley, said it would be hard to prove who created a piece of malware. ''Unless you are able to gather evidence from the computer they created it on, or if someone admits it, of course.''
Stuxnet works by exploiting security holes in Microsoft's Windows operating system, and then seeks out a component that controls crucial factory operations, validated with a stolen cryptographic key.
The worm then takes over the computer running a factory process and ''blocks'' it for up to a tenth of a second. For high-speed systems, such as the centrifuges used for nuclear fuel processing in Iran, this could be disastrous, experts suggested.
Mr Clulely said the worm clearly had been designed with a specific target in mind.
''Combine this with the fact that the worm was identified by a Belarusian security firm working for an Iranian client and the fact that the nuclear power plant was not working properly for months, it is understandable that speculation points towards Iran as the target.''
Mr Clulely said the world was moving into a ''third age'' of cyber crime, where the intention is not to make money but to bring down critical infrastructure.
''There are political, economic and military ways in which the internet can be exploited, and malware can be used to gain advantage by foreign states.''
Last updated 28/09/2010