Clues emerge about genesis of Stuxnet worm
Biblical and historical references hint the Stuxnet worm may be of Israeli design. Debate continues to swirl about the origin and target of the Stuxnet computer worm.
• A daily summary of global reports on security issues.
The hint to the origin of the powerful computer virus came during the Virus Bulletin conference in Vancouver, Canada, and amid reports in Chinese media that Stuxnet has widely affected the Internet-savvy country.
The New York Times reported Thursday that Stuxnet contains a file named "Myrtus," which may reveal the virus's origin in a Da Vinci Code-esque fashion. The "Robert Langdon" on the case is a German computer security expert named Ralph Langner.
Although myrtus has several possible meanings – including being Latin for the plant myrtle – Mr. Langner noted that it may be an allusion to the Hebrew word for Esther. He pointed out that the Book of Esther features a plot by Persia against the Jews, who preemptively attacked in response.
“If you read the Bible you can make a guess,” Mr. Langner told the Times, which continued:
Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther’s original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, “someone was making a learned cross-linguistic wordplay.”
Another clue toward the maker could be in the number "19790509," which appears in Stuxnet's code. It could be a reference to the 1979 execution of a prominent Jewish Iranian businessman, according to a research paper presented by researchers Thursday at the Virus Bulletin conference, Computerworld reported.
In another report on the conference, which was dominated by talk of Stuxnet, National Public Radio says many experts believe Israel may have developed the cyberweapon as an alternative to a physical attack on Iran in the hope of minimizing blow back.
After all, hitting the nuclear plant with a 500 pound bomb would have produced far more collateral damage than attacking it with a cyber weapon, right?
Cybersecurity consultant [Stephen] Spoonamore is not so sure. "Compared to releasing code that controls most of the worlds' hydroelectric dams or many of the world's nuclear plants or many of the world's electrical switching stations? I can think of very few stupider blowback decisions," Spoonamore adds
The Times adds that Israeli experts dispute the suggestion that Stuxnet is an Israeli weapon against Iran, arguing instead that their studies indicate the virus is either "high-level industrial espionage against Siemens [whose systems the virus takes advantage of, or] a kind of academic experiment.”
Nonetheless, some experts believe the Stuxnet weapon was targeted at the Bushehr nuclear power plant in Iran. The Christian Science Monitor reported Wednesday that the launch of the new plant – which could be used to produce fuel for nuclear weapons – has been pushed back by three months, possibly due to infection by Stuxnet. Although Iranian officials have denied that the plant has been infected by Stuxnet, Langner told the Monitor on Sept. 21 that he suspects the plant was indeed the victim of Stuxnet, which is designed to destroy a specific physical facility rather than steal or corrupt information.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack." ...
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
A column in today's Jerusalem Post praises Stuxnet as "a great achievement" if it is indeed an Israeli weapon. But it remains uncertain what Stuxnet's target is and what its origin might be. Security expert Jeffrey Carr writes on his blog for Forbes that "there are more and better theories to explain Stuxnet’s motivation than just Israel and Iran."
India and China are both concerned that they have been targeted. Noting that a key Indian satellite using Siemans technology went offline with a power glitch in July, Mr. Carr suggests that Stuxnet may have attempted to affect the race between China and India to put a man on the moon.
Meanwhile in China, the Xinhua news agency reports that more than 6 million personal computers and 1,000 corporate computers have been infected by Stuxnet. China has become increasingly concerned over the Stuxnet threat, especially as the country enters a holiday weekend during which it may be particularly vulnerable, reports Agence France-Presse.