Irish team played key role in deciphering virus at centre of Iran cyber hit

 

A TEAM of security researchers in Dublin has played a key role in deciphering the virus at the centre of a cyber attack that briefly shut down parts of Iran’s nuclear infrastructure last year.

Researchers at the Blanchardstown offices of US computer security firm Symantec worked with colleagues in Los Angeles to unpick the so-called Stuxnet worm which hit headlines after preliminary analysis showed it had likely been designed by a “nation state” to target Iran’s nuclear facilities, including uranium enrichment centrifuges at the Natanz plant.

Russia’s Nato ambassador recently said the virus “could lead to a new Chernobyl”. There is much speculation over which countries may have been involved in creating Stuxnet, and some reports have claimed it was a joint US-Israeli initiative.

“We started looking into this last July. The reason it was interesting was that it was the first virus we saw that was attacking an industrial control system,” said Orla Cox, a security operations manager at Symantec’s Dublin base. “Up until then there had been theories about the possibility of such attacks but we had never seen one before.” Symantec discovered that Stuxnet was designed to target types of computers known as programmable logic controllers used in certain industrial processes.

Initially the worm targeted computer systems at five Iranian firms before spreading, computer to computer, until it got to the Natanz facility, where it affected the working of centrifuges.

“Once we realised that this wasn’t just espionage, that we were looking at sabotage, I think that is what really brought it to another dimension,” said Ms Cox. “To see something that was actually trying to cause physical damage, that’s when we knew we were dealing with something special.” Symantec was able to identify the five targeted companies because the worm, which infected Windows machines via USB keys plugged in manually, collected information about each computer it infected. With this information, researchers were able track the spread of the virus.

Symantec has declined to name the five organisations and it would not confirm if they were related to Iran’s nuclear programme.