TOPICS > Science

Hunting an ‘Industrial-Strength’ Computer Virus Around the Globe

October 1, 2010 at 4:45 PM EDT
Loading the player...
Hari Sreenivasan has the latest on a powerful computer virus that could be targeting nuclear facilities in Iran.

JEFFREY BROWN: And finally tonight; the industrial-strength computer virus with a global reach.

We began work on this report for the online NewsHour, and thought you would like to see it on air as well. Hari Sreenivasan has the story.

HARI SREENIVASAN: These are the letters and numbers behind the so-called Stuxnet virus. It is different from most computer viruses transmitted across the Internet, which may steal credit card numbers or wreak havoc on personal computers. Stuxnet targets industrial control centers.

The virus is designed to leap through computers that run Microsoft Windows, the operating system used by millions, looking for software and connections to highly specialized devices known as programmable logic controllers.

These targeted controllers are made by Siemens and in all sorts of industrial machines, including ones that regulate the flow of electricity through power grids or oil through pipelines. The media has reported this virus in recent weeks, but cyber-security experts have been aware of it for months.

Rodney Joffe is the vice president and senior technologist at Neustar, Inc., a global technology and communications company. He says Iran has the largest number of computers infected with the virus.

So, what are we seeing on this map here?

RODNEY JOFFE, vice president and senior technologist, Neustar, Inc.: What we are looking at here on the map is a visualization of where the infections are that we are aware of. And as we move across, you will see, in the U.S., there are some minor…

HARI SREENIVASAN: So, there’s 53 here, 40 here. These are Stuxnet infections?

RODNEY JOFFE: These are infections of computer systems now. What we are now looking at is sort of the interesting one, which is the purple one that says 4,694. And that actually, as we drill in, you will see, is obviously Iran.

HARI SREENIVASAN: Several security experts believe Stuxnet may be designed to sabotage Iran’s nuclear program, because there may be several Siemens devices at the nuclear facility in Natanz.

This is where thousands of centrifuges enrich uranium, which is critical for both nuclear power and nuclear weapons. One news report quoted an Iranian official who said 30,000 Iranian computers are infected with the virus, but that the effect and damage is not serious.

It is not clear who created this virus, but, according to one Israeli newspaper report, the prevailing assessment over the past few days has been that Stuxnet was developed by a highly capable intelligence organization, with Israel’s military intelligence unit 8200 and the Mossad being named as suspects.

So far, the Israeli government has refused to comment about this virus.

When we look at a map and we see an incredibly high concentration of this virus in the same neighborhood as a possible uranium enrichment plant, is it too far of a leap to make that connection and say perhaps that was the target?

RODNEY JOFFE: With normal viruses that spread over the Internet, that is not likely to happen.

However, one of the major mechanisms that Stuxnet actually spreads is through an infected USB drive, which is a physical device. So it doesn’t use the Internet. It means someone physically inserted a USB drive into a computer.

HARI SREENIVASAN: USB drives have become common storage devices that allow people to transfer files between computers.

RODNEY JOFFE: This particular piece of software did something that we hadn’t even seen or even — I don’t think people have thought about it before, which is, each time it was inserted into a computer, it counted up.

And, after it had been inserted into three computers, on the fourth computer, it actually wiped itself clean. So, it disappeared. And that really looks like it’s designed to make sure that it didn’t spread geographically.

HARI SREENIVASAN: Is this the equivalent of a cyber-bomb?

RODNEY JOFFE: I describe it as a precision-guided cyber-munition. That’s exactly what this is.

HARI SREENIVASAN: Joffe also works extensively with the Department of Homeland Security. This week, he was participating in an exercise called Cyber Storm III, where government agencies and private companies all work through worst-case scenarios of cyber-attacks.

There have been cyber-security exercises before. In 2007, the Department of Homeland Security and Idaho National Labs ran a test called Aurora, in which a large generator was taken over by a targeted electronic attack. This video shows how a hacker was able to let the machine self-destruct.

RODNEY JOFFE: Aurora was exactly like this. You know, it’s interesting. I talk to people, and when you talk about cyber-security and viruses and worms, people think about viruses that slow your laptop down or make it inconvenient, or perhaps have pop-up adds.

And they find it very difficult to think that it could have a kinetic impact. But, as you saw with what you have looked at in terms of Aurora, that is exactly what happened. It was software. These things aren’t controlled by human beings anymore that flip switches. It’s really software-based. So, yes, a laptop is capable of actually turning off — ultimately, turning off the power to the United States.

HARI SREENIVASAN: Several people might watch this and say, you know what? It’s a virus. If it slows down Iranian nuclear plans, so be it. But is there any reason that a virus like this couldn’t be used against us tomorrow?

RODNEY JOFFE: If not before the last few weeks, there are lots of groups today that are now sitting, planning how to make use of this kind of mechanism.

HARI SREENIVASAN: As government and private companies try to stop them.

JEFFREY BROWN: Hari regularly reports on technology issues on our Web site.