* Iran is main target of industrial cyberattack -expert
* Computer super-virus may have been created by state
* Speculation that Bushehr nuclear plant targeted
By William Maclean, Security Correspondent
LONDON, Sept 24 (Reuters) - A computer virus that attacks a widely used industrial system appears aimed mostly at Iran and its power suggests a state may have been involved in creating it, an expert at a U.S. technology company said on Friday.
Kevin Hogan, Senior Director of Security Response at Symantec (SYMC.O), told Reuters 60 percent of the computers worldwide infected by the so-called Stuxnet worm were in Iran, indicating industrial plants in that country were the target.
Hogan’s comments are the latest in a string of specialist comments on Stuxnet that have stirred speculation that Iran’s first nuclear power station, at Bushehr, has been targeted in a state-backed attempt at sabotage or espionage.
“It’s pretty clear that based on the infection behaviour that installations in Iran are being targeted,” Hogan said of the virus which attacks Siemens AG’s (SIEGn.DE) widely used industrial control systems.
“The numbers are off the charts,” he said, adding Symantec had located the IP addresses of the computers infected and traced the geographic spread of the malicious code.
Diplomats and security sources say Western governments and Israel view sabotage as one way of slowing Iran’s nuclear programme, which the West suspects is aimed at making nuclear weapons but Tehran insists is for peaceful energy purposes.
Hogan said it was not possible to be categorical about the exact targets. It could be a major complex such as an oil refinery, a sewage plant, a factory or a water works, he said.
But it was clear the worm’s creators had significant resources.
“We cannot rule out the possibility (of a state being behind it). Largely based on the resources, organisation and in-depth knowledge across several fields -- including specific knowledge of installations in Iran -- it would have to be a state or a non-state actor with access to those kinds of (state) systems.”
Siemens was involved in the original design of the Bushehr reactor in the 1970s, when West Germany and France agreed to build the nuclear power station for the former Shah of Iran before he was overthrown by the 1979 Islamic revolution.
The company has said the malware is a Trojan worm that has spread via infected USB thumb drives, exploiting a vulnerability in Microsoft Corp’s (MSFT.O) Windows operating system that has since been resolved.
Siemens, Microsoft and security experts who have studied the worm have yet to determine who created the malicious software, described by commentators as the world’s first known cyber “super weapon” designed to destroy a real-world target.
Western countries have been critical of Russia’s involvement in completing the long-mothballed Bushehr plant. Moscow says it is purely civilian and cannot be used for any weapons programme.
Israel, which is assumed to have the Middle East’s only atomic arsenal, has hinted it could attack Iranian facilities if international diplomacy fails to curb Tehran’s nuclear designs.
The Jewish state has also developed a powerful cyberwarfare capacity. Major-General Amos Yadlin, chief of military intelligence, last year said Israeli armed forces had the means to provide network security and launch cyber attacks of their own. [ID:nLDE5BE29K]
Construction of two pressurised water nuclear reactors at Bushehr began in 1974 with the help of Siemens and French scientists. The plant started up finally last month after Iran received nuclear fuel for Bushehr from Russia. [ID:nLDE67F0MX]
In Washington, Vice Admiral Bernard McCullough, the head of the U.S. Navy’s Fleet Cyber Command, told Reuters on Thursday after testifying about cyber operations before a House of Representatives Armed Services subcommittee, that the worm “has some capabilities we haven’t seen before”.
On Wednesday, Army General Keith Alexander, head of the Pentagon’s new Cyber Command, said his forces regarded the virus as “very sophisticated.” [ID:nN23171133]
Siemens is the world’s number one maker of industrial automation control systems, which are also the company’s bread-and-butter, but it was not immediately clear whether the specific Siemens systems targeted by Stuxnet are at Bushehr.
Siemens told Reuters on July 21 it would offer to customers up-to-date virus scanners to detect and eliminate the virus. (Additional reporting by Phil Stewart in Washington) (Editing by Paul Taylor)