* Computer virus disrupted Iran's centrifuges
* More advanced attacks in the offing?
By Mark Hosenball
Feb 14 Iranian engineers have succeeded in
neutralizing and purging the computer virus known as Stuxnet
from their country's nuclear machinery, European and U.S.
officials and private experts have told Reuters.
The malicious code, whose precise origin and authorship
remain unconfirmed, made its way as early as 2009 into equipment
controlling centrifuges Iran is using to enrich uranium, dealing
a significant but perhaps temporary setback to Iran's suspected
nuclear weapons work.
Many experts believe that Israel, possibly with assistance
from the United States, was responsible for creating and
deploying Stuxnet. But no authoritative account of who invented
Stuxnet or how it got into Iran's centrifuge control equipment
has surfaced.
U.S. and European officials, who insisted on anonymity when
discussing a highly sensitive subject, said their governments'
experts agreed that the Iranians had succeeded in disabling
Stuxnet and getting it out of their machinery.
The officials declined to provide any details on how their
governments verified that the Iranians had ultimately defeated
the virus. It was not clear when it occurred but secrecy on the
subject has been so tight that news is only now emerging.
Some officials said they believe that the Iranians were
helped in their efforts by Western cybersecurity experts, whose
detailed technical analyses of Stuxnet's computer code have
circulated widely on the Internet.
Once the Iranians became aware that their equipment had been
infected by the virus, experts said it would only have been a
matter of time before they would have been able to figure out a
way of shutting down the malicious code and getting it out of
their systems.
"If Iran would not have gotten rid of Stuxnet by now (or
even months ago), that would indicate that they were complete
idiots," said German computer security consultant Ralph Langner.
Langner is regarded as the first Western expert to identify the
ultra-complex worm and conclude that it was specifically
targeted toward equipment controlling Iranian nuclear
centrifuges.
Peter Sommer, a computer security expert based in Britain,
said that once Iran had detected the presence of the worm and
figured out how it worked, it shouldn't have been too hard for
them to disable it.
"Once you know that it's there it's not that difficult to
reverse engineer... Neutralization of Stuxnet, once its
operation is understood, would not be that difficult as it was
precisely engineered to disrupt a specific item of machinery.
"Once Stuxnet's signature is identified it can be eliminated
from a system," Sommer added.
Private experts say that however well-crafted the original
Stuxnet was, whoever created it probably would have to be even
more clever if they want to try to supplant it with new
cyber-weapons directed at Iran's nuclear program.
"Aspects of Stuxnet could be re-used, but it is important to
understand that its success depended not only on 'clever coding'
but also required a great deal of specific intelligence and
testing. It was the first known highly-targeted cyber-weapon, as
opposed to more usual cyber weapons which are more diffuse in
their targeting," Sommer said.
'CAT AND MOUSE GAME'
David Albright, a former United Nations weapons inspector
who has extensively investigated Iran's nuclear program for the
private Institute for Science and International Security, which
he leads, said that spy agencies would have to go back to the
drawing board if they're intent on continuing to try to hobble
Iran's nuclear program via cyber-warfare.
Iran says that its nuclear program is for peaceful purposes
but many Western officials believe it is seeking to build
nuclear weapons.
"I would assume that once Iran learned of Stuxnet, then
intelligence agencies looked at this method of cyber attack as
compromised regardless of how long it has taken Iran to
neutralize it. It is a cat and mouse game."
But Albright added that "intelligence agencies have likely
been looking at more advanced forms of attack for a couple of
years that they hope will catch the Iranians unprepared."
Reports first surfaced in 2010 that Iran's main nuclear
enrichment facility at Natanz was hit by Stuxnet, though some
experts later said it likely first was deployed a year earlier.
Experts who later analyzed the Stuxnet code said it was
engineered specifically to attack machines made by the German
company Siemens that control high-speed centrifuges,
used to purify uranium which can fuel a nuclear weapon.
Tehran accused the United States and Israel of planting the
virus. In November 2010, Iranian President Mahmoud Ahmadinejad
said that malicious software had created problems in some of
Iran's uranium enrichment centrifuges, although he said the
problems had been solved.
Several experts said, however, that while they believed the
virus' potency waned over time, they had not heard confirmation
that the Iranians had defeated and purged it.
Experts say the inventors of Stuxnet had to be unusually
clever because the centrifuge control equipment at which it was
targeted - and which it apparently succeeded in hobbling - was
entirely cut-off from the Internet. So not only did the worm's
creators have to write a code that would cause targeted
equipment to malfunction but they had to figure out a way to
physically introduce the code into a "closed system."
Most experts think the virus was somehow introduced into
Iran's control systems via some kind of computer thumb drive.
European and U.S. experts have said that they believe that
Stuxnet, at least for a time, caused serious malfunctions in the
operations of Iranian nuclear centrifuges.
Iran and its antagonists today appear to be engaged in
multiple levels of clandestine warfare, with unknown assailants
killing Iranian nuclear scientists and, in the last few days,
bomb attacks on Israeli embassy personnel in India and Georgia.
Israel has blamed Iran.
(Editing by Cynthia Osterman)