While the Stuxnet worm attack has raised the bar for targeted attacks on the critical infrastructure, it's not the first time the power grid has been in the bull's eye. Attacks against these systems are actually quite common -- it's just that they are mostly kept under wraps and rarely face public scrutiny like Stuxnet has.
Nearly 60 percent of critical infrastructure providers worldwide, including oil and gas, electric, and telecommunications, say they have been targeted by "representatives" of foreign governments, according to a study published earlier this year by The Center for Strategic and International Studies and commissioned by McAfee. More than half of the respondents had experienced a targeted, stealthy attack akin to the Aurora attacks that hit Google, Adobe, and nearly 30 other companies earlier this year. In addition, nearly 90 percent of the respondents said their networks had been infected with malware, and more than 70 percent had been hit with low-level DDoS attacks and vandalism, insider threats, leakage of sensitive data, and phishing or pharming.
But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.
Computerworld - Stuxnet's inability to stay stealthy may be fall-out from a failure to hit its intended targets last year, security researchers said today.
The worm, which was designed to infiltrate heavy-duty industrial control programs that monitor and manage factories, oil pipelines, power plants and other critical installations, only popped onto researchers' radars this summer, nearly a year after it was likely first launched.
"Obviously, it spread beyond its intended target or targets," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, one of the two security companies that has spent the most time analyzing Stuxnet.
Computerworld - An Iranian intelligence official Saturday said that authorities had detained several "spies" connected to cyber attacks against its nuclear program.
According to the Tehran-based Mehr News Agency, Heydar Moslehi, Iran's minister of intelligence, said that "enemy spy services" were responsible for Stuxnet, the sophisticated worm that has infected at least 30,000 Windows PCs in the country, including some at the Bushehr nuclear power plant.
Moslehi claimed his ministry had uncovered "destructive activities of the arrogance [of the West] in cyberspace", and said that defensive measures had been put into place to secure Iran's information systems and its nuclear facilities.
Computerworld - Iran today made its strongest statement yet that it believes a Western plot is behind the Stuxnet worm that has infected tens of thousands of computers in the country, including some at its sole nuclear power plant.
In a Tuesday press briefing, Iran's foreign ministry spokesman, Ramin Mehmanparast, blamed unnamed Western countries for creating and distributing the worm.
"It is hard for the Western states to tolerate the progress of Iran's peaceful nuclear program," said Mehmanparast in a summary of the briefing posted to the Ministry of Foreign Affairs Web site.
Cyberattacks on Iranian nuclear program were a US-Israel effort started under the Bush administration and continued by President Obama, The New York Times reports.
The confirmation from Obama-administration officials that Stuxnet was a joint US-operation comes from extracts from a forthcoming book, Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, by David Sanger that's due to be published next week.
Researchers at Symantec Corp (SYMC.O) have uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear program in November 2007, two years earlier than previously thought.
The virus was being developed early as 2005, when Iran was still setting up its uranium enrichment facility, said Symantec researcher Liam O'Murchu. That facility went online in 2007.
"It is really mind blowing that they were thinking about creating a project like that in 2005," O'Murchu told Reuters in ahead of the report's release at the RSA security conference, an event attended by more than 20,000 security professionals, in San Francisco on Tuesday.
Symantec had previously uncovered evidence that planning for Stuxnet began in 2007. The New York Times reported in June 2012 that the impetus for the project dated back to 2006, when U.S. President George W. Bush was looking for options to slow Iran's nuclear ambitions.