Despite claims by Mahmoud Ahmadinejad and others that the infestation was under control and that enrichment activities have restarted, security experts around the world are saying that they're seeing ongoing indications that the virus continues to operate with impunity.
The American and European experts say their security websites, which deal with the computer worm known as Stuxnet, continue to be swamped with traffic from Tehran and other places in the Islamic Republic, an indication that the worm continues to infect the computers at Iran's two nuclear sites.No one quite knows who created the worm, but it appears to have been stunningly successful at damaging Iranian nuclear efforts. The worm was specifically designed to attack supervisory control and data acquisition systems manufactured by German industrial giant Siemens that handle speed controls on certain machinery. The target is so specific that it has thus far hit enrichment centrifuges and nuclear power turbines - the very equipment essential to Iranian nuclear ambitions while doing no damage to other systems.
The Stuxnet worm, named after initials found in its code, is the most sophisticated cyberweapon ever created. Examination of the worm shows it was a cybermissile designed to penetrate advanced security systems. It was equipped with a warhead that targeted and took over the controls of the centrifuge systems at Iran’s uranium processing center in Natanz, and it had a second warhead that targeted the massive turbine at the nuclear reactor in Bashehr.
Stuxnet was designed to take over the control systems and evade detection, and it apparently was very successful. Last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran's nuclear sites, but he said it was detected and controlled.
The second part of that claim, experts say, doesn’t ring true.
Eric Byres, a computer expert who has studied the worm, said his site was hit with a surge in traffic from Iran, meaning that efforts to get the two nuclear plants to function normally have failed. The web traffic, he says, shows Iran still hasn’t come to grips with the complexity of the malware that appears to be still infecting the systems at both Bashehr and Natanz.
“The effort has been stunning," Byres said. "Two years ago American users on my site outnumbered Iranians by 100 to 1. Today we are close to a majority of Iranian users.”
He said that while there may be some individual computer owners from Iran looking for information about the virus, it was unlikely that they were responsible for the vast majority of the inquiries because the worm targeted only the two nuclear sites and did no damage to the thousands of other computers it infiltrated.
The worm wreaks havoc with the speed controls - causing them to speed up and slow down unexpectedly, which can damage or destroy the centrifuges or cause power spikes in turbines. The Iranian government can't get a handle on this, and the US security experts have seen a spike in the number of requests for information about the virus from Iran, which indicates that the problems continue - although they suggest that it could also be due in part to increased interest in learning about the virus.
Since no one quite knows who created it, security officials around the world have expressed concern over potential vulnerabilities to their own infrastructure, including here in the US.
Speculation continues that it may have been a government financed/backed cyberwar effort since the worm is so sophisticated that no single hacker could have developed the worm.