whodunnit?

Hey folks - I know its been a while, but lets rekindle this old flame.

One of the most interesting things to run across the wire is the stuxnet computer worm which has infected the critical computer infrastructure for Iran's Bushehr nuclear power plant. This infection has almost certainly caused a delay in Iran's ability to field a nuclear weapon.

This isn't something that normally gets DSSfeed revved up - big boy tech toys usually do the trick, but this exotic cyber attack has given this blog a new lady to admire.

Here's what we know,

1) Stuxnet is a worm - it propagates itself without outside assistance, all the while hiding its tracks. Once the genie is out of the bottle, it is very difficult to contain. The virus begins by a connected network user plugging in a USB drive, automatically sending the worm into the system. Iran is reportedly using windows based Siemens controllers for much of its nuclear infrastructure – Stuxnet is designed specifically to attack these controllers. Also interesting – the virus does not reportedly send back information to its creator. Whoever designed this either knew it would work really, really well, or that the media would provide all the data they needed to determine the worms effectiveness.

2) The malware is VERY sophisticated – The reason being Richard Falkenrath, a former high level Whitehouse advisor, explained in a recent interview on Bloomberg, is that Stuxnet uses stolen digital certificates to allow the worm to move freely. Given the relative complexity of this worm, Falkenrath went on to say that this took the resources of a nation state to carry out. Even more impressive, if not removed correctly, Stuxnet can ruin entire systems.

3) Iran seems to be the target – This is almost certainly sabotage against the Iranian nuclear program. Reuters reported that the breakdown of affected computers is as follows. Since the worm is hard to detect and does not send user information back to its creator, there may be thousands more units that are infected that we have no idea about.


Looks like pacman is having a feast… nomnomnomnom


So whodunnit?

Its hard to guess with any level of certainty - it’s all conjecture at this point. I think we can say with confidence that the attack was most likely conjured by an state based enemy of Iran. Not many private individuals have years worth of time to develop a virus that doesn’t yield any financial gain. Maybe I just underestimate the tenacity of nerds, but I think this was an orchestrated effort by one, or several governments.

Logic would suggest Israel. It is the state most threatened by a nuclear Iran, and it has been known to use cyber warfare to achieve its goals. See this article on the Israeli attack on the Syrian nuclear plant.

Some other hints – deep in the code of Stuxnet is a word “Myrtus.” The New York Times reported that this may be a biblical clue (or a red herring) to the originators of the worm. Myrtus is a plant native to the Iranian region. It also is Old Testament heroin Esther’s original given name. (Her name was Hadassah, which means myrtle). If you remember your biblical history, Esther, and her cousin Mordacai saved the Jews in Persia from the Jew hating prince Haman. Maybe Myrtus is being used as the savior to the Jewish people from Iran. It is only a minor piece of evidence, but it’s certainly fun to think about.

Its unlikely that we will know who developed the virus anytime soon.
The prime suspects, Israel and the United States aren’t talking. Instead were chuckling.