A powerful new cyber weapon that was detailed at a security conference on Tuesday could hijack industrial facilities such as nuclear power plants and trigger their destruction. One scientist says the weapon may already have been unleashed against Iran's nuclear program.
Dubbed "Stuxnet," the stealth code was discovered on high-security industrial computers around the world over the summer. According to an in-depth report by Mark Clayton of the Christian Science Monitor, Stuxnet appears to be a quantum leap in cyber-war -- not just a bug inserted to snoop and steal information but one that takes over industrial controls and waits to destroy the facility. (For the stakes in cyber spying, see Clayton's earlier special report.)
German computer specialist Ralph Langner, who presented his findings at conference of industrial control system security experts in Rockville, Md., on Tuesday, told the Monitor that Stuxnet is like a guided missile: "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
Senior U.S. researchers confirm Langner's findings.
"I'd agree with the classification of this as a weapon," Jonathan Pollet, CEO of Tiger Security and an industrial control security expert, said in an email to the Monitor. Added Michael Assante, formerly with the Idaho National Lab and until recently security chief for the North American Electric Reliability Corp.: "Stuxnet ... is the type of threat we've been worried about for a long time. It means we have to move move quickly with our defenses -- much more quickly."
This is where the story gets even more interesting. An analysis of the distribution of computers Stuxnet has targeted indicates that Iran is at the apparent epicenter. While speculation, Langner suspects Iran's Bushehr nuclear plant may have been attacked, noting that its start up, which was scheduled for late August, has been delayed.
"If Bushehr wasn't the target and it starts up in a few months, well, I was wrong," Langner said. "But somewhere out there, Stuxnet has found its target. We can be fairly certainly of that."