Tuesday, September 28, 2010

Stuxnet worm created by team of hackers

Governments with sophisticated computer skills would have the ability to create such a code

A POWERFUL computer code attacking industrial facilities around the world, but mainly in Iran, was probably created by experts working for a country or a well-funded private group.

The malicious code, called Stuxnet, was designed to go after several "high-value targets," Liam O Murchu, manager of security response operations at Symantec Corp, said.

It has surprised experts because it is the first one specifically created to take over industrial control systems, rather than just steal or manipulate data. Creating the malicious code required a team of as many as five to 10 highly educated and well-funded hackers. Government experts and outside analysts say they haven't been able to determine who developed it or why.

The malware has so far infected as many as 45,000 computer systems around the world. Siemens AG, the company that designed the system targeted by the worm, said it has infected 15 of the industrial control plants it was apparently intended to infiltrate.

One of them is Iran's first nuclear power station at Bashehr, just weeks before the facility is to go online. The US Energy Department has warned that a successful attack against critical control systems "may result in catastrophic physical or property damage and loss".

The Russian-built plant will be internationally supervised, but world powers are concerned that Iran wants to use other aspects of its civil nuclear power program as a cover for making weapons.

Of highest concern to world powers is Iran's main uranium enrichment facility in the city of Natanz. Iran, which denies having any nuclear weapons ambitions, says it only wants to enrich uranium to the lower levels needed for producing fuel for power plants.

At higher levels of processing, the material can also be used in nuclear warheads. The computer worm, which can be carried or transmitted through portable thumb drives, has affected the personal computers of staff working at the plant.

Iranian news agency ISNA said it has not yet caused any damage to the plant's major systems. Experts from the Atomic Energy Organization of Iran met this past week to discuss how to remove the malware, according to the semiofficial ISNA news agency.

Source: News.com.au

No comments: