The Cyber Attack on Iran Continues
Targeted Next: Iranian & Syrian Ballistic Missiles, Hizballah's Rockets
Iran's Atomic Energy Organization Director Ali Akhbar Salehi has had to keep on changing his story.
In late August, he set Sept. 2 as the date for the start of operations at the 1,000 megawatt Bushehr
atomic reactor with the installation of Russian fuel rods.
On Oct. 4, he first spoke of a delay: The start-up at Bushehr was "progressing well and we hope to
see it connected to the national electricity grid by late December, or even a few weeks earlier," Salehi said.
He ruled out any links between the delayed launch and a computer worm accused of targeting the Islamic
Republic's nuclear facilities. To account for the delay, he said: "During the Bushehr plant's washing process,
a leak was discovered at the side pool of the reactor and it was plugged."
He was challenged that day by a spokeswoman for the Russian Atomstroyexport company which built the
reactor who said only that "The loading of the fuel into the reactor is scheduled for October." This left the
date for the start-up up in the air because it contradicted the Iranian claim that the fuel had been loaded
in late August. The Russian nuclear engineers may also be presumed to have thoroughly checked the pool
of the reactor before finishing their work.
Monday, Oct. 5, Iran's nuclear chief finally admitted that the reactor, Iran's first, would not be ready to go
on line before the spring of 2011.
Salehi was forced to change his story as the damage wrought by the Stuxnet malworm came to light.
He had to contend not only with the devastating worm but with a briefing by a colleague which put
the whole mess in the public domain with disarming frankness.
Iran concentrates on repelling cyber attack on its military systems
On Sept. 27, Hamid Alipour, director of the government-owned Iran Information Technology
Company, openly admitted that his country was under cyber attack by a worm that "is
mutating and wreaking further havoc on computerized industrial equipment in Iran."
He said new versions of the virus - no "normal" worm - were spreading.
First, the Bushehr reactor and other parts of the nuclear program were so badly hit that it would
take months to restore the damaged systems to normal operation. Some might never recover -
at least until someone found a silver bullet for purging all systems of the wily worm.
Second, whenever an expert managed to clean out a control network, the destructive malworm
spawned more sophisticated offspring which went on the rampage.
The Iranians have gone all-out to damp down the sensational international reporting on the cyber attack
afflicting their nuclear plants and strategic infrastructure and made a show of having it under control.
At the Virus Bulletin Conference in Vancouver last week, Iranian computer security experts said data
"compiled from systems run by Kaspersky's security software had shown that Stuxnet is no longer prevalent in Iran."
But they also confessed that the data was not authoritative and represented "just a slice of infected systems in Iran."
Military and intelligence sources report that Iranian experts have made little progress in their attempts to rid Iran's
nuclear systems of Stuxnet and even less in getting the Bushehr reactor ready to start generating power.
They have therefore decided to concentrate at this stage on repelling the cyber invasion of their military systems.
Stuxnet can only be detected in missiles by firing them
They no doubt took note of an article published on Oct. 1 by the noted American weapons expert David Kay
in The National Interest, under the caption "As the Worm Turns" in which he asks:
Who can assure the Iranian leadership that the son of Stuxnet is not quietly sitting in the guidance-
and flight-control systems of Iran's missile delivery capability? For after all, a "good" cyber worm does
not have to reveal itself except under the conditions that its creator has chosen. Static tests may
not show anything. Maybe sudden acceleration and heavy G loading is required. Or some other wickedly
difficult conditions to simulate and test.
This fatal diagnosis must have increased the alarm in Tehran, confirming as it did the assessment by
military sources in our last issue: Some of Iran's military command and control centers at military and
Revolutionary Guards Corps headquarters are shut down, along with field command centers for ballistic
missile batteries, key air bases, air defense and the navy.
It tells them that the only way to find out if their missile batteries are infected by Stuxnet - or "the son of Stuxnet"
is to activate the firing mechanisms of every one of those missiles, thereby destroying their entire stock and remaining
defenseless.
The same predicament applies equally to Syria and Hizballah.
Sources report that this week experts of Iran's Information Technology Company' (whose director first sound
the malworm alarm in public) visited Damascus and Hamma in northern Syria to examine the local armaments
factories, which are a branch of Iran's industries, to find out if the deadly virus in its active or latent state
had reached their products.Some of the team then set out for Lebanon to see whether the new ballistic
missiles Iran had consigned to Hizballah, especially the Fateh 110, were infected.
In reporting back to their masters in Tehran, they said they could not be sure of tracking down every version
of the rampant Stuxnet in Syrian and Lebanese hardware - any more than they can at the Bushehr reactor.
