IRAN/CRITICAL NATIONAL INFRASTRUCTURE: CYBER SECURITY EXPERTS SEE THE HAND OF ISRAEL’S SIGNALS INTELLIGENCE SERVICE IN THE “STUXNET” VIRUS WHICH HAS INFECTED IRANIAN NUCLEAR FACILITIES, 01 SEPTEMBER 2010.
Bushehr
Cyber Security experts who have examined the STUXNET worm, which recently infected computerised systems in Iranian nuclear facilities, have found evidence which points to the virus being constructed and delivered by Israel’s Signals Intelligence (SIGINT) elements, possibly Unit 8200.
Buried in the code, experts found a concealed reference to the word “MYRTUS”, believed to refer to the Myrtle tree, or Hadassah in Hebrew. This was apparently the birth name of the former Jewish queen of Persia, Queen Esther whom the Bible describes as having persuaded her husband to launch a pre-emptive strike on Persian forces, before his own forces were attacked. The virus is most likely to have been introduced into the Iranian systems by a Russian technician, unknowingly, by means of a USB memory stick. The Bushehr and Natanz nuclear facilities are the most probable primary targets of the attack.
The STUXNET virus specifically targets SIEMENS-manufactured Supervisory Control And Data Acquisition (SCADA) systems which are employed for the controlling and monitoring of industrial processes. STUXNET has some unique and highly sophisticated characteristics, and it has still not been fully decoded, at the time of writing. The worm carries a sophisticated fingerprinting capability through which it can specifically identify the system which it infects. It then searches for its target system, constantly checking the parameters of what it sees, against the target parameters of the target system. This calculation is believed to take place once every five seconds. In this way, it waits until it has identified the exact target before launching its attack. Although specific details of this attack capability are unclear, experts believe that it most probably involves the worm achieving over-ride control of physical systems, and then forcing them to overwork, causing catastrophic failure and destruction.
The STUXNET worm is believed to be the first one identified to specifically target critical industrial infrastructure. It raises the stakes in the cyber-warfare field as it has proven the concept of attacking a nation’s Critical National Infrastructure by means of a specifically written virus.