Ahmadinejad at Natanz nuke site
Photo: AFP
The Natanz nuclear facility
Photo: AFP

Report: Stuxnet virus was supposed to infect 5 Iranian nuke sites

New York Times publishes Symantec report on Stuxnet virus, reveals that attack on Iran's nuclear system began a year earlier than previously thought

The Stuxnet software worm which infiltrated the Iranian nuclear program systems was introduced into the system in order to infect five industrial facilities in Iran between June 2009 and May 2010, the New York Times reported Sunday.


According to this newly released information, the attack on Iran's computer systems began a year earlier than previously thought.


A report published by computer security software firm 'Symantec' reveals that Stuxnet attacked the Iranian computers in three waves and that it was capable of gathering information on the location and type of computer it infected. This information would allow the Stuxnet creators to determine if they had successfully reached their intended target.


According to the report, Symantec estimated that the nuclear facility at Natanz would not be connected directly to the internet, which is why an attempt was made to infect industrial organizations that would be likely to share information, and the malware, with Natanz – with the intent of 'injecting' the virus into Natanz.


The New York Times also reported that at least three versions of the program were probably written, and the researchers discovered that the first version had been completed just 12 hours before the first successful infection in June 2009. The researchers speculated that the first step in the infection was either an infected e-mail sent to an intended victim or a hand-held USB device that carried the attack code.


International inspectors that visited Natanz towards the end of 2009 found that almost 1,000 gas centrifuges had been taken offline; causing speculation over the possibility that an attack disabled part of the system.


In April 2010, the attackers once again attempted to distribute the program, this through a portable connection with the target being components bought from Germany's Siemens. The virus was introduced from an unknown location within Iran. The malware program carried two different attack modules aimed at different centrifuge arrays, but that one of them had been disabled, said Symantec researchers.


The report also stated that was programmed to damage a uranium centrifuge array by repeatedly speeding it up, while at the same time hiding its attack from the control computers by sending false information to displays that monitored the system.


It should be mentioned that the New York Times reported in January that Israel had built an elaborate test facility at a classified nuclear weapons site that contained a replica array of the Iranian uranium. The newspaper stated that this replica was vital in order to plan an effective attack like the one carried out.



פרסום ראשון: 02.13.11, 17:35
 new comment
This will delete your current comment