Report: Stuxnet hit Iran targets 3 times in a year
Tuesday, February 15, 2011 E-Mail this story Free Headline Alerts
WASHINGTON — Iranian facilities are said to have been infected by the Stuxnet computer worm at least three times in a year.
The U.S. computer security company Symantec said five industrial facilities in Iran were targeted by Stuxnet from June 2009 through May 2010. Symantec said Stuxnet was used in three attacks on Windows-based computers in Iran.
"The concentration of infections in Iran likely indicates that this was the initial target for infections and was where infections were initially seeded," the report, released on Feb. 11, said.
The report, authored by security researchers Nicolas Falliere, Liam O Murchu, and Eric Chien, cited 12,000 infections in Iran from Stuxnet. All of these infections were traced to five initial infection points.
The researchers were able to trace Stuxnet targets because the worm recorded information on each infected computer. The report did not identify the domain names of the infected Iranian computers or the initial targets.
Up to four versions of Stuxnet were believed to have been written, the report said. Stuxnet was said to have arrived in Iran either through an infected e-mail or a hand-held USB device that carried the attack code, which itself suggested May 9, 1979, a significant date in Iranian history.
"While on May 9, 1979 a variety of historical events occurred, according to Wikipedia 'Habib Elghanian was executed by a firing squad in Teheran sending shockwaves through the closely knit Iranian Jewish community,' " the report said. " 'He was the first Jew and one of the first civilians to be executed by the new Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day..' "
Iran has blamed Israel and the United States for Stuxnet. Media reports have cited cooperation between Israel and the United States in the testing of Stuxnet.
"Symantec cautions readers on drawing any attribution conclusions," the report added. "Attackers would have the natural desire to implicate another party."
Stuxnet was said to have knocked out up to 1,000 gas centrifuges at the uranium enrichment facility at Natanz. The report said Stuxnet contained two attack modules that targeted the centrifuges.
"Thus, Stuxnet sabotages the system by slowing down or speeding up the motor to different rates at different times," the report said.