Cyber attack 'well-funded'

2010-09-27 09:46

kalahari.com

Washington - A powerful computer code attacking industrial facilities around the world, but mainly in Iran, was probably created by experts working for a country or a well-funded private group, claimed an analysis by a leading computer security company.

The malicious code, called Stuxnet, was designed to go after several “high-value targets”, said Liam Murchu, manager of security response operations at Symantec Corporation.

But both Murchu and US government experts say there's no proof it was developed to target nuclear plants in Iran, despite recent speculation from some researchers.

Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers.

Government experts and outside analysts say they haven't been able to determine who developed it or why.

The malware has infected as many as 45 000 computer systems around the world. Siemens AG, the company that designed the system targeted by the worm, said it has infected 15 of the industrial control plants it was apparently intended to infiltrate.

Infected sites

It's not clear what sites were infected, but they could include water filtration, oil delivery, electrical and nuclear plants.

None of those infections has adversely affected the industrial systems, said Siemens.

US officials said last month that the Stuxnet was the first malicious computer code specifically created to take over systems that control the inner workings of industrial plants.

The US Energy Department has warned that a successful attack against critical control systems "may result in catastrophic physical or property damage and loss".

Murchu said Symantec's analysis of the code shows that nearly 60% of the computers infected with Stuxnet are in Iran. An additional 18% are in Indonesia. Less than two percent are in the US.

"This would not be easy for a normal group to put together," said Murchu. He said "it was either a well-funded private entity" or it "was a government agency or state sponsored project" created by people familiar with industrial control systems.

Origin


A number of governments with sophisticated computer skills would have the ability to create such a code. They include China, Russia, Israel, Britain, Germany and the US. But Murchu said no clues have been found within the code to point to a country of origin.

Iran's nuclear agency has taken steps to combat the computer worm that has affected industrial sites in the country, including its first nuclear power station just weeks before it was set to go online.

Experts from the Atomic Energy Organisation of Iran met this past week to discuss how to remove the malware, according to the semi-official ISNA news agency.

The computer worm, which can be carried or transmitted through portable thumb drives, also has affected the personal computers of staff working at the Bushehr nuclear plant, according to IRNA, Iran's official news agency. The news agency said it has not caused any damage to the plant's major systems.

German security researcher Ralph Langner, who has also analysed the code, told a computer conference in Maryland this month that his theory is that Stuxnet was created to go after the nuclear programme in Iran.

He acknowledged, though, that the idea is "completely speculative".

Possible targets

Murchu said there are a number of other possibilities for targets, including oil pipelines. He said Symantec soon will release details of its study in the hope that industrial companies or experts will recognise the specific system configuration being targeted by the code and know what type of plant uses it.

At the US Homeland Security Department's National Cyber-security and Communications Integration Centre, a top US cyber official on Friday displayed a portable flash drive containing the Stuxnet code and said officials have been studying it in the lab.

"I've let this run wild to see what it would do," said Sean McGurk, director of the cyber operations centre. "So far we haven't seen a lot of smoke coming out, so we know it's not doing anything specifically malicious right now."

Experts at the Energy Department's Idaho National Laboratory have been analysing it.

McGurk said that "it's very difficult to know what the code was developed for. When you talk about specifically attributing it to a facility with a set purpose from a nation-state actor or criminal actor or ‘hacktivist’, it's very difficult for us to say specifically: ‘This is what it was targeted to do’.”

Experts in Germany discovered the worm, and German officials transmitted the malware to the US through a secure network.

Shutdown after discovery


The two computer servers controlling the malware were in Malaysia and Denmark, Murchu said, but both were shutdown after they were discovered by computer security experts earlier this summer.

In plain terms, the worm was able to burrow into some operating systems that included software designed by Siemens AG, by exploiting a vulnerability in several versions of Microsoft Windows.

Unlike a virus, which is created to attack computer code, a worm is designed to take over systems, such as those that open doors or turn physical processes on or off.

- AP
Read more on:    cybercrime
NEXT ON NEWS24X
SHARE:

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
0 comments
Add your comment
Comment 0 characters remaining
 

Inside News24

 
/News
 

LOL! 7 brutally honest texts from parents

Sometimes honesty is not the best policy!

 
 

For chic geeks...

DuckTales theme song gets 'quacked-up'
7 things you didn't know about Apple
Apple's sneaky move
Facebook testing self-destruction posts

Jobs in Cape Town [change area]

Jobs in Western Cape region

Sales Representative

Cape Winelands
Paarl Media

Customer Service Advisor

Cape Town
Teleresources Cape Town
R5 000 - R5 500 Per Month

Commercial Manager

Cape Town Northern Suburbs
Communicate Cape Town Engineering
R400 000 - R600 000 Per Year

Property [change area]

Travel - Look, Book, Go!

Magical Massinga

Spend 5 nights at the gorgeous Massinga Beach Lodge in Mozambique and only pay for 4 from R13 220 per person sharing. Includes return flights, accommodation, transfers and romantic turndown. Book now!

Kalahari.com - shop online today

Mind blow low prices on electronics

Get either the Prestigio multiphone or Proline tablet 7” tablet for only R699. Offers valid while stocks last. Shop now!

30% off Barbie toys

Save 30% on all Barbie toys and accessories. Offer valid while stocks last. Shop now!

Baby extravanganza month at kalahari.com

Celebrate baby month with a wide range of awesome baby products. Offers valid while stocks last. Shop now.

30% off new fiction books!

Save 30% on new captivating books from great authors such as Wilbur Smith, James Pettereson and more. Offer valid while stocks last. Shop now.

Camping gear!

We’ve got all your camping must have’s right here at mind blowing low prices. Check them out now!

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Horoscopes
Aquarius
Aquarius

There is a tendency to be too up in the air with your idealistic ideas. Find an anchor to help bring them into a more realistic...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.