Stuxnet is back, and Anonymous has it

Worm hit five organizations in Iran, while staying hidden

When the Stuxnet worm attacked the Bashehr Nuclear Energy facility in Iran last year, it also attacked four other organizations in the country – except it didn’t strike them randomly as the virus was randomly and accidentally spread. The virus was directed specifically at those five organizations, and the attacks started in 2008 – more than a year before it was first detected in its supposedly more benign form before presumably being taken up by intelligence organizations and warped into a nuke-hacking weapon.

Much more dangerous, much more intentional, and much more directable than appeared to be the case before.

Oh, the second piece of information: Remember Anonymous? The 4Chan trolls who attacked the credit card companies that weren’t letting people contribute to the defense of WikiLeaks founder Julian Assange, took on the Church of Scientology, but have also been known to indulge in less defensible campaigns of digital destruction, as well?

At least one of them claims to have a copy of the virus.

Apparently, during all the Assange Affair, a security company called HBGary tried to identify the group’s leaders. In return, HBGary’s site got hacked, its email database was posted as a torrent.

During that attack, according to posts on a Twitter account used as a mouthpiece for some Anonymi, someone found a copy of the worm, downloaded and decompiled it. Snippets were published with the original Tweet, as evidence.

Stuxnet, remember, was the first worm to be effective when directed against civil engineering targets as well as digital ones, potentially expanding cyberwar attacks beyond the Internet and into the real world.


Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon