Iranian engineers have succeeded in neutralizing and purging the computer virus known as Stuxnet from their country's nuclear machinery, European and US officials and private experts have told Reuters.
The malicious code, whose precise origin and authorship remain unconfirmed, made its way as early as 2009 into equipment controlling centrifuges Iran is using to enrich uranium, dealing a significant but perhaps temporary setback to Iran's suspected nuclear weapons work.
- Iran: Israel, allies behind India attack
- Expert: Cyber attack on Iran began in 2008
- Iran blames Israel for Stuxnet worm
Many experts believe that Israel, possibly with assistance from the United States, was responsible for creating and deploying Stuxnet. But no authoritative account of who invented Stuxnet or how it got into Iran's centrifuge control equipment has surfaced.
The Bushehr nuclear facility in Iran (Photo: Reuters)
US and European officials, who insisted on anonymity when discussing a highly sensitive subject, said their governments' experts agreed that the Iranians had succeeded in disabling Stuxnet and getting it out of their machinery.
The officials declined to provide any details on how their governments verified that the Iranians had ultimately defeated the virus. It was not clear when it occurred but secrecy on the subject has been so tight that news is only now emerging.
Some officials said they believe that the Iranians were helped in their efforts by Western cyber security experts, whose detailed technical analyses of Stuxnet's computer code have circulated widely on the Internet.
Easy to neutralize
"If Iran would not have gotten rid of Stuxnet by now (or even months ago), that would indicate that they were complete idiots," said German computer security consultant Ralph Langner. Langner is regarded as the first Western expert to identify the ultra-complex worm and conclude that it was specifically targeted toward equipment controlling Iranian nuclear centrifuges.
Peter Sommer, a computer security expert based in Britain, said that once Iran had detected the presence of the worm and figured out how it worked, it shouldn't have been too hard for them to disable it.
"Once you know that it's there it's not that difficult to reverse engineer... Neutralization of Stuxnet, once its operation is understood, would not be that difficult as it was precisely engineered to disrupt a specific item of machinery.
"Once Stuxnet's signature is identified it can be eliminated from a system," Sommer added.
Private experts say that however well-crafted the original Stuxnet was, whoever created it probably would have to be even more clever if they want to try to supplant it with new cyber-weapons directed at Iran's nuclear program.
"Aspects of Stuxnet could be re-used, but it is important to understand that its success depended not only on 'clever coding' but also required a great deal of specific intelligence and testing. It was the first known highly-targeted cyber-weapon, as opposed to more usual cyber weapons which are more diffuse in their targeting," Sommer said.
David Albright, a former United Nations weapons inspector who has extensively investigated Iran's nuclear program for the private Institute for Science and International Security, which he leads, said that spy agencies would have to go back to the drawing board if they're intent on continuing to try to hobble Iran's nuclear program via cyber-warfare.
Iran says that its nuclear program is for peaceful purposes but many Western officials believe it is seeking to build nuclear weapons.
"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game."
But Albright added that "intelligence agencies have likely been looking at more advanced forms of attack for a couple of years that they hope will catch the Iranians unprepared."
Introduced through thumb drive
Several experts said, however, that while they believed the virus' potency waned over time, they had not heard confirmation that the Iranians had defeated and purged it.
Experts say the inventors of Stuxnet had to be unusually clever because the centrifuge control equipment at which it was targeted - and which it apparently succeeded in hobbling - was entirely cut-off from the Internet. So not only did the worm's creators have to write a code that would cause targeted equipment to malfunction but they had to figure out a way to physically introduce the code into a "closed system."
Most experts think the virus was somehow introduced into Iran's control systems via some kind of computer thumb drive.
European and US experts have said that they believe that Stuxnet, at least for a time, caused serious malfunctions in the operations of Iranian nuclear centrifuges.
Iran and its antagonists today appear to be engaged in multiple levels of clandestine warfare, with unknown assailants killing Iranian nuclear scientists and, in the last few days, bomb attacks on Israeli embassy personnel in India and Georgia. Israel has blamed Iran.
- Receive Ynetnews updates
directly to your desktop