Iran Fights Strong (Stuxnet) Virus Attacking (Industrial) Computers

Source: NYT

By DAVID E. SANGER -

Published: September 25, 2010 -

WASHINGTON — The government agency that runs Iran’s nuclear facilities and is suspected of playing a crucial role in a weapons program has reported that its engineers are trying to protect their facilities from a sophisticated computer virus that has infected industrial plants across Iran.

The agency, the Atomic Energy Organization, did not specify whether the virus had already infected any of its nuclear facilities, including Natanz, the underground enrichment site that for several years has been a main target of American and Israeli covert programs. But the announcement raised suspicions, and new questions, about the origins and target of the Stuxnet virus, which computer experts say is a far cry from common viruses that have affected the Internet for years.

Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites. While it is not clear that Iran was the main target — the infection has also been reported in Indonesia, Pakistan, India and elsewhere — a disproportionate number of computers inside Iran appear to have been struck, according to reports by computer security monitors.

The virus does not spread through the Internet but requires a USB drive to be physically plugged into the computer, allowing it to attack machines that are disconnected from the Internet, usually in an effort to protect them. That requires human access to the affected systems.

Read more: http://www.nytimes.com/2010/09/26/world/middleeast/26iran.html

to have vital systems running on or accessible from windows boxes..........

Swap out the control boards on the Programmable Logic Controllers (PLCs). Not very difficult. This is all being over-hyped - more psyops.

Such a virus could wreck havoc in automated manufacturing systems....it poses a whole new wrinkle in potential liability for manufacturer's of industry automation/process control systems. Replacing the boards might resolve the immediate problem, but finding the source who is injecting the virus must be their primary ongoing concern.

Or, these units have been sourced from some unauthorized distributor with some extra programming. In either case, no liability for Siemens. Lots of speculation it was the Israelis who cooked-up the worm, which makes sense.

In the end, all this does is make the Iranians more cautious about their vendors, and ensures that all these components have been thoroughly checked and maintained. The system may actually be safer for it.

Last Modified: 26 Sep 2010 19:38 GMT

A computer virus that has attacked Iran's nuclear power plant in Bushehr could only have been designed "with nation-state support," Western cyber security experts said.

Saturday’s virus attack with a spay worm called "Stuxnet" prompted speculation that the nuclear plant may have been targeted by an enemy country in an attempt to sabotage it.

A senior official at the US technology company Symantec said that 60 percent of the computers worldwide infected by the Stuxnet worm were in Iran.

The attack did not affect the plant's system, but it did hit computers of staff at the plant and Internet providers, Iranian officials said on Sunday.

More: http://english.aljazeera.net/news/middleeast/2010/09/2010926181227615974.html

What organization has the largest network?
with how many Windows PC's?
and how many PLC's?