Cracking Stuxnet - A 21st-century cyber weapon against Iran - Ralph Langner - English
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and...
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a maintenance engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.
So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.
So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.
And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.
And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.
So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.
The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.
And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.
Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.
Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?
The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.
But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.
Thanks.
(Applause)
Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?
Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.
CA: Thank you for scaring the living daylights out of us. Thank you Ralph.
(Applause)
More...
Description:
When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead's final target -- and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
The idea behind the Stuxnet computer worm is actually quite simple. We don't want Iran to get the Bomb. Their major asset for developing nuclear weapons is the Natanz uranium enrichment facility. The gray boxes that you see, these are real-time control systems. Now if we manage to compromise these systems that control drive speeds and valves, we can actually cause a lot of problems with the centrifuge. The gray boxes don't run Windows software; they are a completely different technology. But if we manage to place a good Windows virus on a notebook that is used by a maintenance engineer to configure this gray box, then we are in business. And this is the plot behind Stuxnet.
So we start with a Windows dropper. The payload goes onto the gray box, damages the centrifuge, and the Iranian nuclear program is delayed -- mission accomplished. That's easy, huh? I want to tell you how we found that out. When we started our research on Stuxnet six months ago, it was completely unknown what the purpose of this thing was. The only thing that was known is very, very complex on the Windows part, the dropper part, used multiple zero-day vulnerabilities. And it seemed to want to do something with these gray boxes, these real-time control systems. So that got our attention, and we started a lab project where we infected our environment with Stuxnet and checked this thing out. And then some very funny things happened. Stuxnet behaved like a lab rat that didn't like our cheese -- sniffed, but didn't want to eat. Didn't make sense to me. And after we experimented with different flavors of cheese, I realized, well, this is a directed attack. It's completely directed. The dropper is prowling actively on the gray box if a specific configuration is found, and even if the actual program that it's trying to infect is actually running on that target. And if not, Stuxnet does nothing.
So that really got my attention, and we started to work on this nearly around the clock, because I thought, well, we don't know what the target is. It could be, let's say for example, a U.S. power plant, or a chemical plant in Germany. So we better find out what the target is soon. So we extracted and decompiled the attack code, and we discovered that it's structured in two digital bombs -- a smaller one and a bigger one. And we also saw that they are very professionally engineered by people who obviously had all insider information. They knew all the bits and bites that they had to attack. They probably even know the shoe size of the operator. So they know everything.
And if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before. Here you see a sample of this actual attack code. We are talking about -- round about 15,000 lines of code. Looks pretty much like old-style assembly language. And I want to tell you how we were able to make sense out of this code. So what we were looking for is first of all is system function calls, because we know what they do.
And then we were looking for timers and data structures and trying to relate them to the real world -- to potential real world targets. So we do need target theories that we can prove or disprove. In order to get target theories, we remember that it's definitely hardcore sabotage, it must be a high-value target, and it is most likely located in Iran, because that's where most of the infections had been reported. Now you don't find several thousand targets in that area. It basically boils down to the Bushehr nuclear power plant and to the Natanz fuel enrichment plant.
So I told my assistant, "Get me a list of all centrifuge and power plant experts from our client base." And I phoned them up and picked their brain in an effort to match their expertise with what we found in code and data. And that worked pretty well. So we were able to associate the small digital warhead with the rotor control. The rotor is that moving part within the centrifuge, that black object that you see. And if you manipulate the speed of this rotor, you are actually able to crack the rotor and eventually even have the centrifuge explode. What we also saw is that the goal of the attack was really to do it slowly and creepy -- obviously in an effort to drive maintenance engineers crazy, that they would not be able to figure this out quickly.
The big digital warhead -- we had a shot at this by looking very closely at data and data structures. So for example, the number 164 really stands out in that code; you can't overlook it. I started to research scientific literature on how these centrifuges are actually built in Natanz and found they are structured in what is called a cascade, and each cascade holds 164 centrifuges. So that made sense, it was a match.
And it even got better. These centrifuges in Iran are subdivided into 15, what is called, stages. And guess what we found in the attack code? An almost identical structure. So again, that was a real good match. And this gave us very high confidence for what we were looking at. Now don't get me wrong here, it didn't go like this. These results have been obtained over several weeks of really hard labor. And we often went into just a dead-end and had to recover.
Anyway, so we figured out that both digital warheads were actually aiming at one and the same target, but from different angles. The small warhead is taking one cascade, and spinning up the rotors and slowing them down, and the big warhead is talking to six cascades and manipulating valves. So in all, we are very confident that we have actually determined what the target is. It is Natanz, and it is only Natanz. So we don't have to worry that other targets might be hit by Stuxnet.
Here's some very cool stuff that we saw -- really knocked my socks off. Down there is the gray box, and on the top you see the centrifuges. Now what this thing does is it intercepts the input values from sensors -- so for example, from pressure sensors and vibration sensors -- and it provides legitimate code, which is still running during the attack, with fake input data. And as a matter of fact, this fake input data is actually prerecorded by Stuxnet. So it's just like from the Hollywood movies where during the heist, the observation camera is fed with prerecorded video. That's cool, huh?
The idea here is obviously not only to fool the operators in the control room. It actually is much more dangerous and aggressive. The idea is to circumvent a digital safety system. We need digital safety systems where a human operator could not act quick enough. So for example, in a power plant, when your big steam turbine gets too over speed, you must open relief valves within a millisecond. Obviously, this cannot be done by a human operator. So this is where we need digital safety systems. And when they are compromised, then real bad things can happen. Your plant can blow up. And neither your operators nor your safety system will notice it. That's scary.
But it gets worse. And this is very important, what I'm going to say. Think about this. This attack is generic. It doesn't have anything to do, in specifics, with centrifuges, with uranium enrichment. So it would work as well, for example, in a power plant or in an automobile factory. It is generic. And you don't have -- as an attacker -- you don't have to deliver this payload by a USB stick, as we saw it in the case of Stuxnet. You could also use conventional worm technology for spreading. Just spread it as wide as possible. And if you do that, what you end up with is a cyber weapon of mass destruction. That's the consequence that we have to face. So unfortunately, the biggest number of targets for such attacks are not in the Middle East. They're in the United States and Europe and in Japan. So all of the green areas, these are your target-rich environments. We have to face the consequences, and we better start to prepare right now.
Thanks.
(Applause)
Chris Anderson: I've got a question. Ralph, it's been quite widely reported that people assume that Mossad is the main entity behind this. Is that your opinion?
Ralph Langner: Okay, you really want to hear that? Yeah. Okay. My opinion is that the Mossad is involved, but that the leading force is not Israel. So the leading force behind that is the cyber superpower. There is only one, and that's the United States -- fortunately, fortunately. Because otherwise, our problems would even be bigger.
CA: Thank you for scaring the living daylights out of us. Thank you Ralph.
(Applause)
Drone -Cyber war accelerates between Iran and US, RQ-170 Sentinel stealth aircraft - English
RT’s ongoing investigation of American drone aircraft being downed as a possible result of a cyber attack has been accentuated by recent confirmations by way of a documentary out of Mexico.
The...
RT’s ongoing investigation of American drone aircraft being downed as a possible result of a cyber attack has been accentuated by recent confirmations by way of a documentary out of Mexico.
The Spanish-language television network Univision has aired a program in which undercover footage allegedly shows Iranian officials discussing ways to go about an attack on America’s infrastructure, specifically attempting to recruit Mexican computer hackers to target the Department of Defense and the CIA’s computer systems.
According to the Washington Times, US officials are now investigating reports that authorities from Iran and Venezuela plotted cyber attacks against America’s military, in what comes as the latest revelation in a quickly unraveling story of cyber war escalating between Tehran and Washington. In the most recent news break, however, a front to the south of the United States could be opening up as Iran tries to take down the American military with the aid of hackers living only next door.
The Times’ report alleges that hackers were discussing potential attacks on the DoD and Central Intelligence Agency. This news comes days after the United States managed to lose contact with two high-tech drone aircraft belonging to the CIA, one two weeks ago over Iran and one this Tuesday over the Indian Ocean island of Seychelles.
In the case of the RQ170 Sentinel craft captured by Tehran, that drone was dispatched from Creech Air Force Base in the state of Nevada. Earlier this year, RT reported that a key-logger virus infiltrated the cockpits of crafts in the base, with Air Force personnel left in the dark until days after the infection took hold. Military personnel later shrugged the incident off as a nuisance and nothing more, but with two drones in two weeks now mysteriously going off the radar, American eyes are now looking towards Tehran — and perhaps a partnership with international hackers — as the threat of an all-out cyber war escalates.
In the report published this week by the Washington Times, it is alleged that the Mexican hackers instructed by Iranian officials were told to crack passwords that would allow for access into protected American computer systems.
Univision says that among the targets intended in the attack against America were nuclear facilities. Coincidently, the nuclear infrastructure of Iran was threatened in 2010 by a computer worm named Stuxnet, believed by many to be the brainchild of American programmers. Earlier in 2011, researcher Ralph Langner told an audience at a TED talk that he thought Stuxnet was of Israeli origin, but added, "The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States."
If a cyber war is being waged against America, US officials are remaining relatively mum on the matter. In the case of the Sentinel lost over Iran, the US first denied a crash, only to later confirm that a craft was lost over Afghanistan and was believed to be obliterated. Within days, however, Iran provided footage of the craft in pristine condition much to the chagrin of Washington. American authorities went on to dismiss the craft as a fake before US President Barack Obama asked Tehran to return what was in fact the drone in question.
President Mahmoud Ahmadinejad responded by shooting down Obama’s plea, telling Venezuelan state television this week, “The Americans have perhaps decided to give us this spy plane. We now have control of this plane.” Iranian authorities now claim that the gift from America is almost done being decoded and its technology will be adapted into its own arsenal.
On Tuesday of this week, an MQ-9 Reaper drone was downed in Seychelles and crash-landed at an air base there that has been under American occupation since 2009. The US uses the island nation to dispatch drones for surveillance over Somalia and to counter piracy in the Indian Ocean. Once again, in this case American authorities are insisting that the craft has been charred beyond repair and are working in conjunction with overseas officials to return the craft to the US.
An investigation over that crash is pending, but officials are for now saying that the “failure was due to mechanical reasons.” At a price tag of around $30 million per craft, it is suspicious that a minor malfunction under the hood of what is the Cadillac of unmanned spy planes can cause the craft to come to a crashing, fiery halt.
The Washington Times adds in their report that State Department spokesman William Ostick believes federal authorities to be investigating the allegation brought forth against Iran by Univision, but formally has declared that officials lack information that corroborates on the allegation. Senator Robert Menendez (NJ-Dem) is now also calling for a congressional hearing to investigate Iranian action in Latin America. Menendez also sits as chairman of the Senate Foreign Relations subcommittee on the Western Hemisphere.
“If Iran is using regional actors to facilitate and direct activities against the United States, this would represent a substantial increase in the level of the Iranian threat and would necessitate an immediate response,” Menendez says.
Earlier in 2011, American authorities alleged that Iran had recruited members from a Mexican drug cartel to assassinate the Saudi ambassador to the United States on American soil. While the plot was foiled by US intelligence, the latest revelations add a new piece to a puzzle that shows an increasingly tense standoff between Tehran and Washington.
More...
Description:
RT’s ongoing investigation of American drone aircraft being downed as a possible result of a cyber attack has been accentuated by recent confirmations by way of a documentary out of Mexico.
The Spanish-language television network Univision has aired a program in which undercover footage allegedly shows Iranian officials discussing ways to go about an attack on America’s infrastructure, specifically attempting to recruit Mexican computer hackers to target the Department of Defense and the CIA’s computer systems.
According to the Washington Times, US officials are now investigating reports that authorities from Iran and Venezuela plotted cyber attacks against America’s military, in what comes as the latest revelation in a quickly unraveling story of cyber war escalating between Tehran and Washington. In the most recent news break, however, a front to the south of the United States could be opening up as Iran tries to take down the American military with the aid of hackers living only next door.
The Times’ report alleges that hackers were discussing potential attacks on the DoD and Central Intelligence Agency. This news comes days after the United States managed to lose contact with two high-tech drone aircraft belonging to the CIA, one two weeks ago over Iran and one this Tuesday over the Indian Ocean island of Seychelles.
In the case of the RQ170 Sentinel craft captured by Tehran, that drone was dispatched from Creech Air Force Base in the state of Nevada. Earlier this year, RT reported that a key-logger virus infiltrated the cockpits of crafts in the base, with Air Force personnel left in the dark until days after the infection took hold. Military personnel later shrugged the incident off as a nuisance and nothing more, but with two drones in two weeks now mysteriously going off the radar, American eyes are now looking towards Tehran — and perhaps a partnership with international hackers — as the threat of an all-out cyber war escalates.
In the report published this week by the Washington Times, it is alleged that the Mexican hackers instructed by Iranian officials were told to crack passwords that would allow for access into protected American computer systems.
Univision says that among the targets intended in the attack against America were nuclear facilities. Coincidently, the nuclear infrastructure of Iran was threatened in 2010 by a computer worm named Stuxnet, believed by many to be the brainchild of American programmers. Earlier in 2011, researcher Ralph Langner told an audience at a TED talk that he thought Stuxnet was of Israeli origin, but added, "The leading force behind Stuxnet is the cyber superpower – there is only one; and that's the United States."
If a cyber war is being waged against America, US officials are remaining relatively mum on the matter. In the case of the Sentinel lost over Iran, the US first denied a crash, only to later confirm that a craft was lost over Afghanistan and was believed to be obliterated. Within days, however, Iran provided footage of the craft in pristine condition much to the chagrin of Washington. American authorities went on to dismiss the craft as a fake before US President Barack Obama asked Tehran to return what was in fact the drone in question.
President Mahmoud Ahmadinejad responded by shooting down Obama’s plea, telling Venezuelan state television this week, “The Americans have perhaps decided to give us this spy plane. We now have control of this plane.” Iranian authorities now claim that the gift from America is almost done being decoded and its technology will be adapted into its own arsenal.
On Tuesday of this week, an MQ-9 Reaper drone was downed in Seychelles and crash-landed at an air base there that has been under American occupation since 2009. The US uses the island nation to dispatch drones for surveillance over Somalia and to counter piracy in the Indian Ocean. Once again, in this case American authorities are insisting that the craft has been charred beyond repair and are working in conjunction with overseas officials to return the craft to the US.
An investigation over that crash is pending, but officials are for now saying that the “failure was due to mechanical reasons.” At a price tag of around $30 million per craft, it is suspicious that a minor malfunction under the hood of what is the Cadillac of unmanned spy planes can cause the craft to come to a crashing, fiery halt.
The Washington Times adds in their report that State Department spokesman William Ostick believes federal authorities to be investigating the allegation brought forth against Iran by Univision, but formally has declared that officials lack information that corroborates on the allegation. Senator Robert Menendez (NJ-Dem) is now also calling for a congressional hearing to investigate Iranian action in Latin America. Menendez also sits as chairman of the Senate Foreign Relations subcommittee on the Western Hemisphere.
“If Iran is using regional actors to facilitate and direct activities against the United States, this would represent a substantial increase in the level of the Iranian threat and would necessitate an immediate response,” Menendez says.
Earlier in 2011, American authorities alleged that Iran had recruited members from a Mexican drug cartel to assassinate the Saudi ambassador to the United States on American soil. While the plot was foiled by US intelligence, the latest revelations add a new piece to a puzzle that shows an increasingly tense standoff between Tehran and Washington.
Recent Cyber Attacks On Irans Infrastructure - US & israel likely Suspects - 25 SEP 2010 - English
US, Israel behind cyber-attack on Iran?
Experts say a computer worm that has targeted Iran's industrial sites may be part of a cyber-attack by the US or Israel against the Islamic Republic....
US, Israel behind cyber-attack on Iran?
Experts say a computer worm that has targeted Iran's industrial sites may be part of a cyber-attack by the US or Israel against the Islamic Republic.
The Stuxnet, a computer worm that is viewed as potentially the most dangerous piece of computer malware discovered, has targeted industrial computers in Iran.
The complex worm recognizes a specific facility's control network and then destroys it.
Experts say the worm, which has a very sophisticated design, may have been created by a state-sponsored organization in the US or Israel to target specific control software being used in the Iranian industrial sector, including the Bushehr plant -- Iran's first nuclear power plant.
"All the details so far to me scream that this was created by a nation-state," Bloomberg quoted Frank Rieger, technology chief for a maker of encrypted mobile phones, as saying.
Iran's nuclear facilities may have been the targets, said both Rieger and Richard Falkenrath of the Chertoff Group, a Washington-based security advisory firm.
"It is theoretically possible that the US government did this," Falkenrath said during an interview with Bloomberg Television on Saturday. "But in my judgment, that's a very remote possibility. It's more likely that Israel did it."
Meanwhile, a top US cyber-security official claims that the US does not know who is behind the cyber-attack and is still analyzing the worm.
"We've conducted analysis on the software itself," Sean McGurk, director of the National Cybersecurity and Communications Integration Center, told reporters on Friday.
"It's very difficult to say 'This is what it was targeted to do,'" he said, adding the center was not looking for those behind the attack but it rather sought to prevent the spread.
The US and Israel accuse Iran of developing a nuclear weapons program. Iran rejects the allegation, saying its nuclear program is solely for peaceful purposes.
The International Atomic Energy Agency, in its several reports, has confirmed that it continues to verify the country's non-diversion from its peaceful path.
Article Source: http://www.presstv.ir/detail/143868.html
More...
Description:
US, Israel behind cyber-attack on Iran?
Experts say a computer worm that has targeted Iran's industrial sites may be part of a cyber-attack by the US or Israel against the Islamic Republic.
The Stuxnet, a computer worm that is viewed as potentially the most dangerous piece of computer malware discovered, has targeted industrial computers in Iran.
The complex worm recognizes a specific facility's control network and then destroys it.
Experts say the worm, which has a very sophisticated design, may have been created by a state-sponsored organization in the US or Israel to target specific control software being used in the Iranian industrial sector, including the Bushehr plant -- Iran's first nuclear power plant.
"All the details so far to me scream that this was created by a nation-state," Bloomberg quoted Frank Rieger, technology chief for a maker of encrypted mobile phones, as saying.
Iran's nuclear facilities may have been the targets, said both Rieger and Richard Falkenrath of the Chertoff Group, a Washington-based security advisory firm.
"It is theoretically possible that the US government did this," Falkenrath said during an interview with Bloomberg Television on Saturday. "But in my judgment, that's a very remote possibility. It's more likely that Israel did it."
Meanwhile, a top US cyber-security official claims that the US does not know who is behind the cyber-attack and is still analyzing the worm.
"We've conducted analysis on the software itself," Sean McGurk, director of the National Cybersecurity and Communications Integration Center, told reporters on Friday.
"It's very difficult to say 'This is what it was targeted to do,'" he said, adding the center was not looking for those behind the attack but it rather sought to prevent the spread.
The US and Israel accuse Iran of developing a nuclear weapons program. Iran rejects the allegation, saying its nuclear program is solely for peaceful purposes.
The International Atomic Energy Agency, in its several reports, has confirmed that it continues to verify the country's non-diversion from its peaceful path.
Article Source: http://www.presstv.ir/detail/143868.html