The Stuxnet cyber attack on Iran’s nuclear program was a defining moment in the history of war, and now, the “Son of Stuxnet” has been discovered. Cyber security experts say the creator of the original worm, widely believed to be Israel and probably the U.S., also designed this one and “there is nothing out there available to stop it.”
The Stuxnet cyber attack rendered thousands of Iran’s centrifuges, around a fifth of all of them, useless. Over 1,000 damaged units were replaced at the Natanz centrifuge farm, and damaged the steam turbine at the Bushehr nuclear reactor. In 2009, only half of Iran’s centrifuges were being used and some of those operating were only enriching half as much uranium as they should. The Iranians have to replace all of the computers at Natanz, and it may take up to two years. It was later found out that Israel tested Stuxnet on centrifuges identical to those used by Iran at its nuclear site in Dimona.
The Iranians later announced in April 2011 that a second cyber attack was discovered, which they called “Stars.” All that the regime said was that it was found on government computers and caused little damage. Iran soon replaced its centrifuges at Natanz and began manufacturing more sophisticated centrifuges that can significantly speed up the nuclear program. The centrifuges were moved to an underground site in the mountains near Qom. In February, experts determined that Iran had recovered from the damage wrought by Stuxnet. And now, the “Son of Stuxnet” has emerged.
The new virus, also called Stuxnet 2.0 and Duqu, is broader in scope. It opens up a back door in the compromised computer systems for 36 days, and then disappears. It has been doing this as far back as last December, though the victims have not been publicly identified. The virus allows the creator to hijack the controlling computer systems, permitting the attacker to direct their operations or to even self-destruct. It also records keystrokes and sends back critical information about system vulnerabilities. The back doors have not been exploited, leading experts to conclude that a cyber attack is on its way.
“The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility,” Symanetec said in its announcement of the discovery. It called it a “precursor to a future Stuxnet-like attack.”
“It’s my personal belief that the guys who wrote Stuxnet knew exactly what they were doing, and if you thought they were good guys then, you probably don’t have anything more to worry about now. But if you didn’t, you probably have a lot to worry about,” said Vikrum Thakur of Symantec.
Pages: 1 2