Stuxnet Worm Could Target Iran's Bushehr Nuclear Reactor

The notorious Stuxnet cyber worm may next be targeting Iran's Bushehr nuclear reactor with a sophisticated attack aimed at taking down critical civil and industrial infrastructure.

The Stuxnet worm, designed to target industrial systems such as chemical manufacturing and power plants, has reportedly has been scanning Siemens' industrial software systems in order to find specific information and obliterate its instructed target -- whatever that may be -- according to The Christian Science Monitor.

Up until now, the worm has spread throughout Iran, Indonesia and India using Supervisory Control and Data Acquisition (SCADA) systems, but has remained largely under the radar.

However, that might have already changed. Specifically, the worm possesses the ability to modify Programmable Logic Controllers, devices that control the machines at power plants. In its most recent development, the cyber worm altered critical Siemens code, known as Operational Block 35, which scans classified factory operations.

Roel Schouwenberg, senior anti-virus researcher for Kaspersky Lab, said via e-mail that initially it was impossible to accurately tell if there was one specific target, due to the fact that Stuxnet was a self-replicating worm that spreads to multiple systems very quickly.

"Having said that, Stuxnet makes certain modifications to a running process which look to be involved in controlling the machines. Making such modifications could lead to the controlled machine malfunctioning," Schouwenberg said.

The recent findings lead some to believe that Stuxnet might have already attacked the Bushehr nuclear reactor, which has been perceived as a global nuclear threat, and an imminent danger to surrounding nation states.

Initially, Stuxnet was thought to be intended for stealing intellectual property and industry secrets used for extortion or counterfeiting purposes.

However, Ralph Langner, a German IACS security researcher who has heavily analyzed the Stuxnet virus, released a report last week, revealing evidence that led him to conclude that the sophisticated worm could be the next generation of malicious software used by cyber terrorists to launch attacks against physical targets and systems that would result in their total annihilation.

According to Langner's report, the Stuxnet virus was used for an attack with the purpose of sabotage, and involves heavy insider knowledge to be effectively executed. Langner speculated that the attack was used with one specific target in mind, and would essentially burn out after being discovered following its execution.

"The whole attack only makes sense within a very limited timeframe," Langner said in his report. "After Stuxnet is analyzed, the attack won't work anymore. It's a one-shot weapon. So we can conclude that the planned time of attack isn't somewhere next year. I must assume that the attack did already take place."

Next: Channel Partners, Experts Ponder Nuclear Cyber Threat

Langner also found that the attack involves sophisticated and complex components that could only be put together by an organization with copious resources, such as a nation-state.

"This was assembled by highly qualified team of experts, involving some with specific control system expertise. This is not some hacker sitting in the basement of his parents' house. To me, it seems that the resources needed to stage this attack point to a nation state," he wrote.

Roy Miehe, CEO of Campbell, Calif.-based AAAntivirus said that "This isn't fallacy, it's reality."

Miehe said that cyber attacks against civil infrastructure, like gas gauges operated via the Web, are not out of the question and could likely happen down the road as attackers become more organized and Web technology becomes more ubiquitous around the globe.

"If you know the architecture of the system being used, you can write commands," he said. "All they're doing is rewriting the code of that existing system, and they could blow up a nuclear power plant."

Security experts say that the chance that Stuxnet could also target U.S. infrastructure is possible, but risks have been mitigated due to the fact that the malware would have to get past more sophisticated security protections.

"Any plant running the targeted software/PLCs is theoretically vulnerable to Stuxnet. However, Stuxnet would still first have to make it that far into a plant, which is not an easy task," Schouwenberg said.

However, Miehe said that he continually attempts to educate his customers regarding the persistent threat of cyber espionage and malware attacks, but has a tough time convincing them to install more sophisticated and robust security software to prevent it from happening.

"(Attacks are) very possible, and very easy to be done. Everything is code," he said. "It's reality, and the customers just don’t get it. They won't get it until it hits them in the pocket books."