Photo Shows Stuxnet as Perfect Match to Iranian Network

Friday, December 09, 2011



Analysis of a photograph taken inside Iran's Natanz nuclear facility show that the Stuxnet virus was designed to be a perfect match to the systems it is thought to have damaged.

The photo, which happened to capture some computer screen displays, was part of a publicity event documenting Iranian President Mahmoud Ahmadinejad's visit to the facility.

"The photo, still live on the site, captured a string of neon green lights on a SCADA controller that to the trained eye of Stuxnet expert Ralph La[n]gner [sic] revealed secretive information on the plant's schematics. Specifically the lights revealed the cascade structure of the Natanz SCADA systems had matched perfectly with Stuxnet," SC Magazine reports.



"When viewed closely, the photo reveals green dots distributed in columns of increasing length. Each column contains four dots that represent uranium centrifuges. Multiplying these together produces a cascade structure sequence identical to that in Stuxnet," the article states.

The Stuxnet virus, first identified in 2010 by Langner, is a highly sophisticated designer-virus that wreaks havoc with SCADA systems which provide operations control for critical infrastructure and production networks.

The initial attacks are thought to have caused severe damage to Iranian uranium enrichment facilities, setting back the nation's nuclear weapons program by as much as several years.

"And this is not only new information but also very surprising because Iran tried to keep such details secret. Obviously the press folks didn’t realise what the screens were showing, and nobody in the nuclear community either," Langner said.

Iran is still struggling with the aftermath of the Stuxnet virus attacks more than a year after the infestation was discovered. The virus specifically targeted Siemens PLCs used to control uranium enrichment centrifuges.

In October Symantec was sent a sample of malware which was subsequently dubbed "Duqu", and caused quite a stir because of its similarity to Stuxnet, yet the payload and purpose showed that Duqu was a totally new creation.

While Duqu is similar in may respects to Stuxnet, some research team have concluded that its main purpose is to harvest data, not affect physical control systems such as those impacted by Stuxnet.

Other researchers are working under the assumption that Duqu is still in development, and that the authors are working to perfect the malware prior to unleashing its full potential - such as the delivery of a potentially devastating payload.

Last week cyber warfare expert and researcher John Bumgarner claimed to have traced the Stuxnet and Duqu virus timelines back as far as 2006, an assertion that would mean the malware has been active for much longer than previously suspected.


Possibly Related Articles:
Viruses & Malware
SCADA malware Attack Iran Stuxnet Headlines ICS Ralph Langner Industrial Control Systems DUQU
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.