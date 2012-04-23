* Iran says its oil industry has been hit by a cyber attack
DUBAI, April 23 Iran is investigating a
suspected cyber attack on its main oil export terminal and on
the Oil Ministry itself, Iranian industry sources said on
Monday.
A virus was detected inside the control systems of Kharg
Island - which handles the vast majority of Iran's crude oil
exports - but the terminal remained operational, a source at the
National Iranian Oil Company (NIOC) said.
The virus, which is likely to draw comparisons with the
Stuxnet computer worm which reportedly affected Iranian nuclear
facilities in 2009-10, struck late on Sunday.
It hit the internet and communications systems of Iran's Oil
Ministry and of its national oil company, the semi-official Mehr
news agency reported. Computer systems controlling a number of
Iran's other oil facilities have been disconnected from the
Internet as a precaution, the agency added.
Hamdullah Mohammadnejad, the head of civil defence at the
oil ministry, was reported as saying Iranian authorities had set
up a crisis unit and were working out how to neutralise the
attacks.
IT systems at the oil ministry and at the national oil
company were also disconnected to prevent the spread of any
virus, the Mehr news agency said.
The oil ministry's own media network, Shana, quoted a
spokesman as saying some data had been affected but that there
was no major damage.
VIRUS REMINISCENT OF STUXNET
Iran's nuclear programme is thought to be the principal
target of the Stuxnet worm - discovered in 2010 - the first
virus believed to have been specifically designed to subvert
industrial systems.
U.S.-based think-tank, the Institute for Science and
International Security (ISIS), said that in late 2009 or early
2010 about 1,000 centrifuges - machines used to refine uranium -
out of the 9,000 used at Iran's Natanz enrichment plant, had
been knocked out by the virus - not enough to seriously harm its
operations.
Iranian officials have accused the United States and Israel
of developing the virus to sabotage its atomic programme, an
allegation neither country has commented on.
The United States and its allies suspect Iran is using its
enrichment activities to covertly develop a nuclear weapons
capability, a charge Tehran denies.
Late last year, Iran also identified damage it said was
inflicted by a similar virus aimed at disrupting industrial
processes, called Duqu.
Experts say Duqu appears to be designed to gather data to
make it easier to launch future attacks and that very few
organisations could have written such complex programs. There is
no confirmation this latest attack is related to Duqu.
A systems analyst at Hungary's Laboratory of Cryptography
and System Security, which first discovered and named Duqu, told
Reuters that Iran needed to be more cooperative with samples of
malware codes if it required external help.
"As this recent incident might have been a targeted attack
against Iran and only against Iran, security experts in Western
countries might be reluctant to help them," Boldizsar Bencsath
said.
The authorities said there had been no disruption to
production or exports, Mehr news reported, but a shipping source
with knowledge of operations at Kharg Island said that the NIOC
has been prevented from sending out the crude-loading programme
at the terminal.
Most of the world's oil facilities are controlled by
computers, but some processes can be managed manually when
necessary.
SCEPTICISM
Some experts said it was not yet clear whether the virus
reported on Monday was, like Stuxnet, seeking to corrupt
industrial processes to cause physical damage, or was a simple
data virus.
One cyber security specialist Ali Jahangiri said he had
doubts about whether a virus actually existed.
"There is no indication that this is definitely a targeted
attack from outside. It could be a technical failure inside the
oil ministry's communications own systems," he said.
However, John Bumgarner, a security specialist at the U.S.
Cyber Consequences Unit think tank, told Reuters a virus was a
possibility, and that a sufficiently complex one could have more
than a fleeting impact.
"The reason you would put a virus inside this network to
erase data is because that causes those facilities to have to
shut down," he said, saying servers would need to be rebuilt to
get them back online.
"So during that time the production and refinery operations
for Iran could be impacted. And depending on how the virus was
written, it could be longer term."
