Iran's president Monday appeared to confirm what cybersecurity experts have been saying for weeks: that a new type of malicious software – a cyber guided missile called Stuxnet – has hammered that nation's nuclear-fuel centrifuge facilities.
Although he did not mention Stuxnet by name, Iranian President Mahmoud Ahmadinejad for the first time admitted that malicious software code had damaged the nation's centrifuge facilities. The statement, cybersecurity experts say, makes it all but conclusive that Stuxnet caused problems for Iran's centrifuges. In a seemingly related move, Iran temporarily halted its nuclear fuel enrichment processes, according to a report issued earlier this month by the International Atomic Energy Agency.
"They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," Mr. Ahmadinejad told reporters at a news conference, Reuters reported. "They did a bad thing. Fortunately our experts discovered that and today they are not able [to do that] anymore."
The admission seemed to directly link problems at Iran's centrifuge facilities to the Stuxnet worm. California antivirus company Symantec and German researcher Ralph Langner, among others, had previously concluded that Stuxnet was designed specifically to target power supplies that control the motors in centrifuge plants of the precise type and configuration that Iran uses – and to cause them to spin out of control.
Prior to Ahmadinejad's statement, Iranian officials had admitted only that Stuxnet had infiltrated computers at its nuclear facilities, denying that Stuxnet or any other software code had harmed its Natanz centrifuge nuclear fuel-enrichment facilities. Vice President Ali Akbar Salehi, head of the Iran's Atomic Energy Organization, in mid-November denied that the nation's nuclear program had been harmed by the Stuxnet computer worm.
"Fortunately the nuclear Stuxnet virus has faced a dead end," he told Iran state media. But Ahmadinejad's comments appeared to experts to trump Mr. Salehi's claim and further confirmed that Stuxnet had indeed wreaked havoc on Iran's centrifuges.
"Combined with the analysis that Symantec did ... we can now pretty much close the case on who [was] the target," Eric Byres, a Vancouver-based industrial control systems expert who has created software to counter Stuxnet, wrote on his blog Monday.
Mr. Byres and other cybersecurity experts told the Monitor they believe the ultra-sophisticated Stuxnet worm was developed by a nation state with major cyberweapons expertise. The United States and Israel are often cited as likely suspects, although there is no conclusive evidence aside from hints in the code that appear to point to Israel – but which could have easily been placed by another nation state that wanted to deflect blame.
"It is unlikely that there is another [nuclear centrifuge] site that would use the specific Vacon and Fararo Paya drives in the configuration that Stuxnet expects," Mr. Byres noted, referring to power supplies and motors targeted by Stuxnet and reportedly used in Iran's centrifuge plants. "Since Iran admits that their centrifuges were damaged, then that particular attack sequence must have been designed for the Natanz nuclear site and other sites copied from it."
In an intriguing but unconfirmed footnote, Byres's blog cites an anonymously sourced report on the DEBKAfile, a Jerusalem-based website that reports on intelligence matters and military affairs. It reported that the Iranian scientist assassinated in Tehran on Monday was Iran's leading Stuxnet expert.
While the claim that the dead scientist was a Stuxnet expert could not be immediately confirmed, Byres noted it as a reminder that when cyberwarfare breaks out and encroaches on the real world, it's not just industrial equipment that breaks.
"If this is true, then Stuxnet is moving from a cyberwar to a shooting war," he wrote.