Tag Archives: Stuxnet virus

Who is Afraid of Shamoon? How to Wipe a Country Off the Face of the Earth

Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain in July-August  2019, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions…Hackers broke into the systems of Bahrain’s National Security Agency—the country’s main criminal investigative authority—as well as the Ministry of Interior and the first deputy prime minister’s office, according to one of the people familiar with the matter.

On July 25, 2019 Bahrain authorities identified intrusions into its Electricity and Water Authority. The hackers shut down several systems in what the authorities believed was a test run of Iran’s capability to disrupt the country, the person said. “They had command and control of some of the systems,” the person said.  The breaches appeared broadly similar to two hacks in 2012 that knocked Qatar’s natural-gas firm RasGas offline and wiped data from computer hard drives belonging to Saudi Arabia’s Aramco national oil company, a devastating attack that relied on a powerful virus known as Shamoon.  Bahrain is the smallest country in the Persian Gulf, but it is strategically important because it’s the permanent home of the U.S. Navy’s Fifth Fleet and Navy Central Command. It is closely allied with its much larger neighbor, Saudi Arabia, a regional rival of Iran.

The Bahrain authorities haven’t definitively attributed the attack to Iran, but they have been provided intelligence by the U.S. and others suggesting Iran is behind it, the people familiar with the matter said….“In the first half of 2019, the Information & eGovernment Authority successfully intercepted over 6 million attacks and over 830,000 malicious emails. The attempted attacks did not result in downtime or disruption of government services,” 

Excerpt from High-Level Cyber Intrusions Hit Bahrain Amid Tensions With Iran, WSJ, Aug. 7, 2019

Hacking German Nuclear Plants

A computer virus has been found in a nuclear power plant in Bavaria…The virus was found in Block B of the nuclear reactor at Gundremmingen in western Bavaria, a statement released by the power plant said.  The malware is well known to IT specialists and it attempts to create a connection to the internet without the user of the computer choosing to do so, the statement added…[T]he virus posed no danger to the public as all the computers which are responsible for controlling the plant are disconnected from one another and not connected to the internet. The virus is also not capable of manipulating the functions of the power plant, the statement claims. State authorities have been informed about the issues and specialists from the energy firm RWE are examining the computer system to asses how it became infected with the virus..

Germans are very sensitive to the dangers of nuclear technology… As recent as 2010, officials found traces of radioactivity connected to the 1986 Chernobyl catastrophe in German wildlife, like wild boar…Shortly after the Fukushima meltdown in 2011, Chancellor Angela Merkel announced that the country would phase out nuclear power by 2021…

Several newspapers reported that the terrorists behind the Paris attacks had the plans for a German nuclear facility, a claim later denied by German intelligence. Then, days later, it was found that inspectors responsible for carrying out safety checks at two nuclear plants had submitted fake reports.

Excerpts from Computer Virus in Bavarian Nuclear Plant, http://www.thelocal.de/, Apr. 26, 2016

Iran Wants to Be North Korea: nuclear weapons

The US tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons programme five years  (2010) ago but ultimately failed, according to people familiar with the covert campaign.  The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear programme in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uraniumc. Reuters and others have reported that the Iran attack was a joint effort by US and Israeli forces.

According to one US intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine…But the National Security Agency-led campaign was stymied by North Korea’s utter secrecy, as well as the extreme isolation of its communications systems...North Korea has some of the most isolated communications networks in the world. Just owning a computer requires police permission, and the open internet is unknown except to a tiny elite. The country has one main conduit for internet connections to the outside world, through China.  In contrast, Iranians surfed the net broadly and had interactions with companies from around the globe.

The US has launched many cyber espionage campaigns, but North Korea is only the second country, after Iran, that the NSA is now known to have targeted with software designed to destroy equipment.

Experts in nuclear programmes said there were similarities between North Korea and Iran’s operations, and the two countries continue to collaborate on military technology. Both countries use a system with P-2 centrifuges, obtained by Pakistani nuclear scientist AQ Khan, who is regarded as the father of Islamabad’s nuclear bomb, they said. Like Iran, North Korea probably directs its centrifuges with control software developed by Siemens AG that runs on Microsoft Corp’s Windows operating system, the experts said. Stuxnet took advantage of vulnerabilities in both the Siemens and Microsoft programmes…

Despite modest differences between the programmes, “Stuxnet can deal with both of them. But you still need to get it in,” said Olli Heinonen, senior fellow at Harvard University’s Belfer Center for Science and International Affairs and former deputy director general of the International Atomic Energy Agency…

The Stuxnet campaign against Iran, code-named Olympic Games, was discovered in 2010. It remains unclear how the virus was introduced to the Iranian nuclear facility in Natanz, which was not connected to the Internet.,,,According to cybersecurity experts, Stuxnet was found inside industrial companies in Iran that were tied to the nuclear effort. As for how Stuxnet got there, a leading theory is that it was deposited by a sophisticated espionage programme developed by a team closely allied to Stuxnet’s authors, dubbed the Equation Group by researchers at Kaspersky Lab…

In addition, North Korea likely has plutonium, which does not require a cumbersome enrichment process depending on the cascading centrifuges that were a fat target for Stuxnet, they said.

Excerpts from NSA tried Stuxnet cyber-attack on North Korea five years ago but failed, Reuters, May 29, 2015

Covert Operations in Iran

Washington believed that covert action against Iran’s nuclear facilities would be more effective and less risky than an all-out war… In fact, Mark Fitzpatrick, former deputy assistant secretary of state for non-proliferation said: “Industrial sabotage is a way to stop the programme, without military action, without fingerprints on the operation, and really, it is ideal, if it works.”The US has a long history of covert operations in Iran, beginning in 1953 with the CIA orchestrated coup d’état that toppled the popularly elected Iranian prime minister Mohammad Mossadegh and installed a dictator, Reza Shah. The US has reorganised its covert operations after the collapse of the shah in 1979…

In January 2011, it was revealed that the Stuxnet cyber-attack, an American-Israeli project to sabotage the Iranian nuclear programme, has been accelerated since President Barack Obama first took office. Referring to comments made by the head of Mossad, then US secretary of state Hillary Clinton confirmed the damages inflicted on Iran’s nuclear programme have been achieved through a combination of “sabotage and sanctions”.

Meanwhile, several Iranian nuclear scientists were assassinated. The New York Times reported that Mossad orchestrated the killings while Iran claimed the attacks were part of a covert campaign by the US, UK and Israel to sabotage its nuclear programme….

There are at least 10 major repercussions arising from the US, West and Israeli policy of launching covert war and cyber-attacks against Iranian nuclear facilities and scientists.

First, cyber war is a violation of international law. According to the UN Charter, the use of force is allowed only with the approval of the UN Security Council in self-defence and in response to an attack by another country. A Nato-commissioned international group of researchers, concluded that the 2009 Stuxnet attack on Iran’s nuclear facilities constituted “an act of force”, noting that the cyber-attack has been a violation of international law.Second, the US covert operations are a serious violation of the Algiers Accord. The 1981 Algiers Accords agreed upon between Iran and the US clearly stated that “it is and from now on will be the policy of the US not to intervene, directly or indirectly, politically or militarily, in Iran’s internal affairs”.

Third, the cyber war has propelled Tehran to become more determined in its nuclear efforts and has made major advancement. According to reports by the International Atomic Energy Agency (IAEA), prior to covert operations targeting the nuclear programme, Iran had one uranium enrichment site, a pilot plant of 164 centrifuges enriching uranium at a level of 3.5 per cent, first generation of centrifuges and approximately 100 kg stockpile of enriched uranium.Today, it has two enrichment sites with roughly 12,000 centrifuges, can enrich uranium up to 20 per cent, possesses a new generation of centrifuges and has amassed a stockpile of more than 8,000kg of enriched uranium.

Fourth, the strategy pursued has constituted a declaration of war on Iran, and a first strike. Stuxnet cyber-attack did cause harm to Iran’s nuclear programme, therefore it can be considered the first unattributed act of war against Iran, a dangerous prelude toward a broader war.

Fifth… [s]uch short-sighted policies thicken the wall of mistrust, further complicating US-Iran rapprochement and confidence-building measures.

Sixth, Iran would consider taking retaliatory measures by launching cyber-counter-attacks against facilities in Israel, the West and specifically the US…

Seventh, Iran is building a formidable domestic capacity countering and responding to western cyber-warfare. Following the Stuxnet attack, Iran’s Supreme Leader issued a directive to establish Iran’s cyber army that is both offensive and defensive. Today, the Islamic Revolutionary Guards Corps (IRGC) has the fourth biggest cyber army in the world. Israel’s Institute for National Security Studies (INSS) acknowledged that IRGC is one of the most advanced nations in the field of cyberspace warfare.

Eighth, Iran now has concluded that information gathered by IAEA inspectors has been used to create computer viruses, facilitate sabotage against its nuclear programme and the assassinations of nuclear scientists. Iranian nuclear energy chief stated that the UN nuclear watchdog [IAEA] has been infiltrated by “terrorists and saboteurs.” Such conclusions have not only discredited the UN Nuclear Watchdog but have pushed Iran to limit its technical and legal cooperation with the IAEA to address outstanding concerns and questions.

Ninth, worsening Iranians siege mentality by covert actions and violations of the country’s territorial sovereignty could strengthen the radicals in Tehran to double down on acquiring nuclear weapons. Iran could be pondering now the reality that the US is not waging a covert war on North Korea (because it possesses a nuclear bomb), Muammar Gaddafi lost his grip on power in Libya after ceding his nuclear programme, and Iraq and Afghanistan were invaded (because they had no nuclear weapon).

Tenth, the combination of cyber-attacks, industrial sabotage and assassination of scientists has turned public opinion within Iran against western interference within the country…[P]rovocative western measures have convinced the Iranian government that the main issue is not the nuclear programme but rather regime change.

Excerpts from  Seyed Hossein Mousavian, Ten consequences of US covert war against Iran, Gulf News, May 11, 2013

US Cyberattacks against Enemies: Afghanistan

The U.S. military has been launching cyberattacks against its opponents in Afghanistan, a senior officer says, making an unusually explicit acknowledgment of the oft-hidden world of electronic warfare.  Marine Lt. Gen. Richard P. Mills’ comments came last week at a conference in Baltimore during which he explained how U.S. commanders considered cyber weapons an important part of their arsenal.  “I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact,” Mills said. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”

Mills, now a deputy commandant with the Marine Corps, was in charge of international forces in southwestern Afghanistan between 2010 and 2011, according to his official biography. He didn’t go into any further detail as to the nature or scope of his forces’ attacks, but experts said that such a public admission that they were being carried out was itself striking.  “This is news,” said James Lewis, a cyber-security analyst with the Washington-based Center for Strategic and International Studies. He said that while it was generally known in defense circles that cyberattacks had been carried out by U.S. forces in Afghanistan, he had never seen a senior officer take credit for them in such a way.  “It’s not secret,” Lewis said in a telephone interview, but he added: “I haven’t seen as explicit a statement on this as the one” Mills made.  The Pentagon did not immediately respond to an email seeking comment on Mills’ speech.

U.S. defense planners have spent the past few years wondering aloud about how and under what circumstances the Pentagon would launch a cyber attack against its enemies, but it’s only recently become apparent that a sophisticated program of U.S.-backed cyberattacks is already under way.  A book by The New York Times reporter David Sanger recently recounted how President Barack Obama ordered a wave of electronic incursions aimed at physically sabotaging Iran’s disputed atomic energy program. Subsequent reports have linked the program to a virus dubbed Flame, which prompted a temporary Internet blackout across Iran’s oil industry in April, and another virus called Gauss, which appeared to have been aimed at stealing information from customers of Lebanese banks. An earlier report alleged that U.S. forces in Iraq had hacked into a terrorist group’s computer there to lure its members into an ambush.

Herbert Lin, a cyber expert at the National Research Council, agreed that Mills’ comments were unusual in terms of the fact that they were made publicly. But Lin said that the United States was, little by little, opening up about the fact that its military was launching attacks across the Internet.  “The U.S. military is starting to talk more and more in terms of what it’s doing and how it’s doing it,” he said. “A couple of years ago it was hard to get them to acknowledge that they were doing offense at all — even as a matter of policy, let alone in specific theaters or specific operations.”

Mills’ brief comments about cyberattacks in Afghanistan were delivered to the TechNet Land Forces East conference in Baltimore on Aug. 15, but they did not appear to have attracted much attention at the time. Footage of the speech was only recently posted to the Internet by conference organizers

Marine General: We Launched Cyberattacks Against Afghanistan, CBS News, Aug. 24, 2012