AS THE (STUXNET) WORM TURNS…

The StuxNet Cyber attack on Iran continues and they have no way of knowing where it will strike next.

DEBKAIran’s Atomic Energy Organization Director Ali Akhbar Salehi has had to keep on changing his story.
late August, he set Sept. 2 as the date for the start of operations at the 1,000 megawatt Bushehr atomic reactor with the installation of Russian fuel rods.

On Oct. 4, he first spoke of a delay: The start-up at Bushehr was “progressing well and we hope to see it connected to the national electricity grid by late December, or even a few weeks earlier,” Salehi said. He ruled out any links between the delayed launch and a computer worm accused of targeting the Islamic Republic’s nuclear facilities.

To account for the delay, he said: “During the Bushehr plant’s washing process, a leak was discovered at the side pool of the reactor and it was plugged.” He was challenged that day by a spokeswoman for the Russian Atomstroy export company which built the reactor who said only that “The loading of the fuel into the reactor is scheduled for October.”

This left the date for the start-up up in the air because it contradicted the Iranian claim that the fuel had been loaded in late August. The Russian nuclear engineers may also be presumed to have thoroughly checked the pool of the reactor before finishing their work.

Monday, Oct. 5, Iran’s nuclear chief finally admitted that the reactor, Iran’s first, would not be ready to go on line before the spring of 2011. Salehi was forced to change his story as the damage wrought by the Stuxnet malworm came to light. He had to contend not only with the devastating worm but with a briefing by a colleague which put the whole mess in the public domain with disarming frankness.

Iran struggles to repel cyber attack on its military systems

On Sept. 27, Hamid Alipour, director of the government-owned Iran Information Technology Company, openly admitted that his country was under cyber attack by a worm that “is mutating and wreaking further havoc on computerized industrial equipment in Iran.”

He said new versions of the virus – no “normal” worm – were spreading.

First, the Bushehr reactor and other parts of the nuclear program were so badly hit that it would take months to restore the damaged systems to normal operation. Some might never recover – at least until someone found a silver bullet for purging all systems of the wily worm. Second, whenever an expert managed to clean out a control network, the destructive malworm spawned more sophisticated offspring which went on the rampage.

The Iranians have gone all-out to damp down the sensational international reporting on the cyber attack afflicting their nuclear plants and strategic infrastructure and made a show of having it under control. At the Virus Bulletin Conference in Vancouver last week, Iranian computer security experts said data “compiled from systems run by Kaspersky’s security software had shown that Stuxnet is no longer prevalent in Iran.”

DEBKA-Net-Weekly’s military and intelligence sources report that Iranian experts have made little progress in their attempts to rid Iran’s nuclear systems of Stuxnet and even less in getting the Bushehr reactor ready to start generating power. They have therefore decided to concentrate at this stage on repelling the cyber invasion of their military systems.

Stuxnet can only be detected in missiles after they are fired. But then they are ruined.

They no doubt took note of an article published on Oct. 1 by the noted American weapons expert David Kay in The National Interest, under the caption “As the Worm Turns” in which he asks:

Who can assure the Iranian leadership that the son of Stuxnet is not quietly sitting in the guidance- and flight-control systems of Iran’s missile delivery capability? For after all, a “good” cyber worm does not have to reveal itself except under the conditions that its creator has chosen. Static tests may not show anything. Maybe sudden acceleration and heavy G loading is required. Or some other wickedly difficult conditions to simulate and test.

This fatal diagnosis must have increased the alarm in Tehran, confirming as it did the assessment by military sources in our last issue: Some of Iran’s military command and control centers at military and Revolutionary Guards Corps headquarters are shut down, along with field command centers for ballistic missile batteries, key air bases, air defense and the navy.

It tells them that the only way to find out if their missile batteries are infected by Stuxnet – or “the son of Stuxnet” is to activate the firing mechanisms of every one of those missiles, thereby destroying their entire stock and remaining defenseless.

The same predicament applies equally to Syria and Hizballah. DEBKA-Net-Weekly’s sources report that this week experts of Iran’s Information Technology Company’ (whose director first sound the malworm alarm in public) visited Damascus and Hamma in northern Syria to examine the local armaments factories, which are a branch of Iran’s industries, to find out if the deadly virus in its active or latent state had reached their products.

Some of the team then set out for Lebanon to see whether the new ballistic missiles Iran had consigned to Hizballah, especially the Fateh 110, were infected. In reporting back to their masters in Tehran, they said they could not be sure of tracking down every version of the rampant Stuxnet in Syrian and Lebanese hardware – any more than they can at the Bushehr reactor.

Share