Wednesday, February 27, 2013

CBS: Stuxnet roots go back to Bush administration


Updated at 11:22 a.m. ET
The sophisticated cyberweapon which targeted an Iranian nuclear plant is older than previously believed, an anti-virus firm said Tuesday, peeling back another layer of mystery on a series of attacks attributed to U.S. and Israeli intelligence.
The Stuxnet worm, aimed at the centrifuges in Iran's Natanz plant, transformed the cybersecurity field because it was the first known computer attack specifically designed to cause physical damage. The precise origins of the worm remain unclear, but until now the earliest samples of Stuxnet had been dated to 2009.
Security experts generally agree that Stuxnet was an attempt to sabotage Iran's uranium enrichment centrifuges, which can be used to make fuel for reactors or weapons-usable material for atomic bombs. Iran maintains its nuclear program is for peaceful purposes.

s "60 Minutes" correspondent Steve Kroft reported last year, Stuxnet was incredibly complicated and sophisticated, beyond the cutting edge. By the time it was first detected in June 2010, it had been out in the wild for a year without drawing anyone's attention, and seemed to spread by way of USB thumb drives, not over the Internet.
By the fall of 2010, the consensus was that Iran's top secret uranium enrichment plant at Natanz was the target and that Stuxnet was a carefully constructed weapon designed to be carried into the plant on a corrupted laptop or thumb drive, then infect the system, disguise its presence, move through the network, changing computer code and subtly alter the speed of the centrifuges without the Iranians ever noticing, Kroft reported.
"Stuxnet's entire purpose is to control centrifuges," Liam O Murchu, an operations manager for Symantec, told Kroft. "To make centrifuges speed up past what they're meant to spin at and to damage them. Certainly it would damage the uranium enrichment facility and they would need to be replaced."
Last June, The New York Times traced the origins of the top-secret program back to 2006.
In a new report issued late Tuesday, Symantec Corp. pushed that timeline further back, saying it had found a primitive version of Stuxnet circulating online in 2007 and that elements of the program had been in place as far back as 2005.
One independent expert who examined the report said it showed that the worm's creators were particularly far-sighted.
"What it looks like is that somebody's been thinking about this for a long, long time — the better part of a decade," said Alan Woodward, a computer science professor at the University of Surrey. "It really points to a very clever bunch of people behind all of this."
he Times reported that President George W. Bush ordered the deployment of Stuxnet against Iran in a bid to put the brakes on its atomic energy program, detailing how the worm tampered with the operation of Natanz's centrifuge machines to send them spinning out of control.
President Obama, who succeeded Bush shortly after the first attacks, expanded the campaign, the report said.



LinkWithin

Blog Widget by LinkWithin