6 Min Read
* Computer virus disrupted Iran's centrifuges
* More advanced attacks in the offing?
By Mark Hosenball
Feb 14 (Reuters) - Iranian engineers have succeeded in neutralizing and purging the computer virus known as Stuxnet from their country's nuclear machinery, European and U.S. officials and private experts have told Reuters.
The malicious code, whose precise origin and authorship remain unconfirmed, made its way as early as 2009 into equipment controlling centrifuges Iran is using to enrich uranium, dealing a significant but perhaps temporary setback to Iran's suspected nuclear weapons work.
Many experts believe that Israel, possibly with assistance from the United States, was responsible for creating and deploying Stuxnet. But no authoritative account of who invented Stuxnet or how it got into Iran's centrifuge control equipment has surfaced.
U.S. and European officials, who insisted on anonymity when discussing a highly sensitive subject, said their governments' experts agreed that the Iranians had succeeded in disabling Stuxnet and getting it out of their machinery.
The officials declined to provide any details on how their governments verified that the Iranians had ultimately defeated the virus. It was not clear when it occurred but secrecy on the subject has been so tight that news is only now emerging.
Some officials said they believe that the Iranians were helped in their efforts by Western cybersecurity experts, whose detailed technical analyses of Stuxnet's computer code have circulated widely on the Internet.
Once the Iranians became aware that their equipment had been infected by the virus, experts said it would only have been a matter of time before they would have been able to figure out a way of shutting down the malicious code and getting it out of their systems.
"If Iran would not have gotten rid of Stuxnet by now (or even months ago), that would indicate that they were complete idiots," said German computer security consultant Ralph Langner. Langner is regarded as the first Western expert to identify the ultra-complex worm and conclude that it was specifically targeted toward equipment controlling Iranian nuclear centrifuges.
Peter Sommer, a computer security expert based in Britain, said that once Iran had detected the presence of the worm and figured out how it worked, it shouldn't have been too hard for them to disable it.
"Once you know that it's there it's not that difficult to reverse engineer... Neutralization of Stuxnet, once its operation is understood, would not be that difficult as it was precisely engineered to disrupt a specific item of machinery.
"Once Stuxnet's signature is identified it can be eliminated from a system," Sommer added.
Private experts say that however well-crafted the original Stuxnet was, whoever created it probably would have to be even more clever if they want to try to supplant it with new cyber-weapons directed at Iran's nuclear program.
"Aspects of Stuxnet could be re-used, but it is important to understand that its success depended not only on 'clever coding' but also required a great deal of specific intelligence and testing. It was the first known highly-targeted cyber-weapon, as opposed to more usual cyber weapons which are more diffuse in their targeting," Sommer said.
David Albright, a former United Nations weapons inspector who has extensively investigated Iran's nuclear program for the private Institute for Science and International Security, which he leads, said that spy agencies would have to go back to the drawing board if they're intent on continuing to try to hobble Iran's nuclear program via cyber-warfare.
Iran says that its nuclear program is for peaceful purposes but many Western officials believe it is seeking to build nuclear weapons.
"I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game."
But Albright added that "intelligence agencies have likely been looking at more advanced forms of attack for a couple of years that they hope will catch the Iranians unprepared."
Reports first surfaced in 2010 that Iran's main nuclear enrichment facility at Natanz was hit by Stuxnet, though some experts later said it likely first was deployed a year earlier. Experts who later analyzed the Stuxnet code said it was engineered specifically to attack machines made by the German company Siemens that control high-speed centrifuges, used to purify uranium which can fuel a nuclear weapon.
Tehran accused the United States and Israel of planting the virus. In November 2010, Iranian President Mahmoud Ahmadinejad said that malicious software had created problems in some of Iran's uranium enrichment centrifuges, although he said the problems had been solved.
Several experts said, however, that while they believed the virus' potency waned over time, they had not heard confirmation that the Iranians had defeated and purged it.
Experts say the inventors of Stuxnet had to be unusually clever because the centrifuge control equipment at which it was targeted - and which it apparently succeeded in hobbling - was entirely cut-off from the Internet. So not only did the worm's creators have to write a code that would cause targeted equipment to malfunction but they had to figure out a way to physically introduce the code into a "closed system."
Most experts think the virus was somehow introduced into Iran's control systems via some kind of computer thumb drive.
European and U.S. experts have said that they believe that Stuxnet, at least for a time, caused serious malfunctions in the operations of Iranian nuclear centrifuges.
Iran and its antagonists today appear to be engaged in multiple levels of clandestine warfare, with unknown assailants killing Iranian nuclear scientists and, in the last few days, bomb attacks on Israeli embassy personnel in India and Georgia. Israel has blamed Iran.