Symantec sees Iranian nukes in Stuxnet worm

In code, researchers find attacks aimed at centrifuges

The results are still not definitive, but researchers at Symantec said Friday they've found more evidence that the Stuxnet computer virus was aimed at Iran's Bushehr Nuclear Power Station as both credible and non-credible defense industry analysts have claimed.

The researchers, who labeled their findings a "breakthrough" and posted them on a company blog, wrote that Stuxnet was only designed to attack SCADA industrial-control systems like the ones inside Iran's Bushehr nuclear reactor station. They also found Stuxnet targeted particular high-speed frequency converter drives appropriate for centrifuges at a nuclear-fuel development plant and some other industrial environments, but which have far fewer applications than lower-frequency drives.

Stuxnet is designed to change the frequency of the drives over a period of months which, if it affected the centrifuges in a nuclear fuel plant, would make them operate far less efficiently than if they kept the optimized frequencies set by their operators, the researchers wrote.

Again, not a smoking gun. But more Iranian PCs were hit than any other country; the customized code discovered by a Belarus IT security company in July was on an Iranian man's computers; and the most sharply focused functions are ones that would slow or damage production in a nuclear fuel plant but not, presumably, in one producing Diet Coke.

That's an interesting string of coincidences in a business where there are supposed to be no coincidences. (There are, of course, but it's not a good idea to assume they're happening to you when you're running an [alleged] nuclear weapons plant that has been a thorn in the side of a country that's much better at making things that blow up than your country is at stopping them.

Of course, Bushehr had to be among the most secure, militarily sensitive places in the country and they were relying on the security in Windows. So you never know.

At least nothing exploded.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon