Researchers analyzing the Stuxnet cyberweapon have found references in its code that could indicate that it was created in Israel. The hint to the weapon's origin comes as new information was shed on the virus Thursday during the Virus Bulletin conference in Vancouver, Canada, and amid reports in Chinese media that Stuxnet has widely impacted the Internet-savvy country.
The New York Times reported Thursday that Stuxnet, a powerful computer virus of unknown origin, contains a file named "Myrtus," which may reveal the virus's origin in a Da Vinci Code-esque fashion. The "Robert Langdon" on the case is a German computer security expert named Ralph Langner.
Although myrtus has several possible meanings - including being Latin for the plant myrtle - Mr. Langner noted that it may be an allusion to the Hebrew word for Esther. He pointed out that the Book of Esther features a plot by Persia against the Jews, who preemptively attacked in response.
| An Iranian security man stands next to journalists outside the reactor building at the Russian-built Bushehr nuclear power plant, the possible target of the Stuxnet virus. AFP
"If you read the Bible you can make a guess," said Mr. Langner, in a telephone interview from Germany on Wednesday.
Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther's original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, "someone was making a learned cross-linguistic wordplay."
Another clue toward the maker could be in the number "19790509," which appears in Stuxnet's code. It could be a reference to the 1979 execution of a prominent Jewish Iranian businessman, according to a research paper presented by researchers Thursday at the Virus Bulletin conference, Computerworld reported.
In a report on the conference, which was dominated by talk of Stuxnet, National Public Radio says many experts believe Israel may have developed the cyber weapon as an alternative to a physical attack on Iran in the hope of minimizing blowback.
After all, hitting the nuclear plant with a 500 pound bomb would have produced far more collateral damage than attacking it with a cyber weapon, right?
Cybersecurity consultant [Stephen] Spoonamore is not so sure. "Compared to releasing code that controls most of the worlds' hydroelectric dams or many of the world's nuclear plants or many of the world's electrical switching stations? I can think of very few stupider blowback decisions," Spoonamore adds.
The Times adds that Israeli experts dispute that Stuxnet is an Israeli weapon against Iran, arguing instead that their studies indicate the virus is either "high-level industrial espionage against Siemens [whose systems the virus takes advantage of, or] a kind of academic experiment."
Nonetheless, some experts believe the Stuxnet weapon was targeted at the Bushehr nuclear power plant in Iran. The Christian Science Monitor reported Wednesday that the launch of the new plant - which could be used to produce fuel for nuclear weapons - has been pushed back by three months, possibly due to infection by Stuxnet. Although Iranian officials have denied that the plant has been infected by Stuxnet, Langner told the Monitor on Sept. 21 that he suspects the plant was indeed the victim of Stuxnet, which is designed to destroy a specific physical facility rather than steal or corrupt information.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack." ...
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
A column in today's Jerusalem Post praises Stuxnet as "a great achievement" if it is indeed an Israeli weapon. But it remains uncertain what Stuxnet's target is and what its origin might be. Security expert Jeffrey Carr writes on his blog for Forbes that "there are more and better theories to explain Stuxnet's motivation than just Israel and Iran."
India and China are both concerned that they have been targeted. Noting that a key Indian satellite using Siemans technology went offline with a power glitch in July, Mr. Carr suggests that Stuxnet may have attempted to affect the race between China and India to put a man on the Moon.
Meanwhile in China, Xinhua reports that more than 6 million personal computers and 1,000 corporate computers have been infected by Stuxnet. (see box). China has become increasingly concerned over the Stuxnet threat, especially as the country enters a holiday weekend during which it may be particularly vulnerable, reports Agence France-Presse.
Courtesy The Christian Science Monitor
Holiday concerns in China over 'cyber superweapon'
HONG KONG (AFP) - Computer hackers have warned that a week-long national holiday in China from Friday could leave the country vulnerable to further attack from a potentially lethal computer virus.
The Stuxnet cyberworm, dubbed the world's "first cyber superweapon" by experts and which may have been designed to attack Iran's nuclear facilities, has already hit millions of computers around the country.
Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms and valves. It could, technically, make factory boilers explode, destroy gas pipelines or even cause a nuclear plant to malfunction.
China's biggest hacker group told the South China Morning Post on Friday that cybersecurity staffing at large state-owned enterprises would be minimal during the holiday to mark the founding of the People's Republic of China.
"China's industrial networks become incredibly weak and therefore much easier to infiltrate during the national holiday, because everybody is off," a spokesman for the Chinese Honker Union told the paper.
"So if they are up to something they may very likely do it now."
Stuxnet is believed to target control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities. The computer worm -- a piece of malicious software (malware) which copies itself and sends itself on to other computers in a network -- was first spotted by Siemens on July 15, a company spokesman told AFP.
There are also concerns that the holiday could slow any Chinese government response.