* Iran is main target of industrial cyberattack -expert
* Computer super-virus may have been created by state
* Speculation that Bushehr nuclear plant targeted
By William Maclean, Security Correspondent
LONDON, Sept 24 A computer virus that attacks a
widely used industrial system appears aimed mostly at Iran and
its power suggests a state may have been involved in creating
it, an expert at a U.S. technology company said on Friday.
Kevin Hogan, Senior Director of Security Response at
Symantec (SYMC.O), told Reuters 60 percent of the computers
worldwide infected by the so-called Stuxnet worm were in Iran,
indicating industrial plants in that country were the target.
Hogan's comments are the latest in a string of specialist
comments on Stuxnet that have stirred speculation that Iran's
first nuclear power station, at Bushehr, has been targeted in a
state-backed attempt at sabotage or espionage.
"It's pretty clear that based on the infection behaviour
that installations in Iran are being targeted," Hogan said of
the virus which attacks Siemens AG's (SIEGn.DE) widely used
industrial control systems.
"The numbers are off the charts," he said, adding Symantec
had located the IP addresses of the computers infected and
traced the geographic spread of the malicious code.
Diplomats and security sources say Western governments and
Israel view sabotage as one way of slowing Iran's nuclear
programme, which the West suspects is aimed at making nuclear
weapons but Tehran insists is for peaceful energy purposes.
Hogan said it was not possible to be categorical about the
exact targets. It could be a major complex such as an oil
refinery, a sewage plant, a factory or a water works, he said.
But it was clear the worm's creators had significant
"We cannot rule out the possibility (of a state being behind
it). Largely based on the resources, organisation and in-depth
knowledge across several fields -- including specific knowledge
of installations in Iran -- it would have to be a state or a
non-state actor with access to those kinds of (state) systems."
Siemens was involved in the original design of the Bushehr
reactor in the 1970s, when West Germany and France agreed to
build the nuclear power station for the former Shah of Iran
before he was overthrown by the 1979 Islamic revolution.
The company has said the malware is a Trojan worm that has
spread via infected USB thumb drives, exploiting a vulnerability
in Microsoft Corp's (MSFT.O) Windows operating system that has
since been resolved.
Siemens, Microsoft and security experts who have studied the
worm have yet to determine who created the malicious software,
described by commentators as the world's first known cyber
"super weapon" designed to destroy a real-world target.
Western countries have been critical of Russia's involvement
in completing the long-mothballed Bushehr plant. Moscow says it
is purely civilian and cannot be used for any weapons programme.
Israel, which is assumed to have the Middle East's only
atomic arsenal, has hinted it could attack Iranian facilities if
international diplomacy fails to curb Tehran's nuclear designs.
The Jewish state has also developed a powerful cyberwarfare
capacity. Major-General Amos Yadlin, chief of military
intelligence, last year said Israeli armed forces had the means
to provide network security and launch cyber attacks of their
Construction of two pressurised water nuclear reactors at
Bushehr began in 1974 with the help of Siemens and French
scientists. The plant started up finally last month after Iran
received nuclear fuel for Bushehr from Russia. [ID:nLDE67F0MX]
In Washington, Vice Admiral Bernard McCullough, the head of
the U.S. Navy's Fleet Cyber Command, told Reuters on Thursday
after testifying about cyber operations before a House of
Representatives Armed Services subcommittee, that the worm "has
some capabilities we haven't seen before".
On Wednesday, Army General Keith Alexander, head of the
Pentagon's new Cyber Command, said his forces regarded the virus
as "very sophisticated." [ID:nN23171133]
Siemens is the world's number one maker of industrial
automation control systems, which are also the company's
bread-and-butter, but it was not immediately clear whether the
specific Siemens systems targeted by Stuxnet are at Bushehr.
Siemens told Reuters on July 21 it would offer to customers
up-to-date virus scanners to detect and eliminate the virus.
(Additional reporting by Phil Stewart in Washington)
(Editing by Paul Taylor)