Feeds

Iran: 'Nuke spies nabbed, but not for Stuxnet'

Not infected USB-wielding infidels, then?

SANS - Survey on application security programs

Iranian leaders have backtracked on earlier claims that they had arrested unnamed nuclear spies over the spread of the infamous Stuxnet worm in the country.

Intelligence minister Heidar Moslehi repeated the standard line that infections by the Stuxnet worm had been contained. Then he said that the arrest of so-called "nuclear spies" last month was nothing to do with the malware, a statement at odds with earlier ministerial pronouncements.

The highly sophisticated Stuxnet worm targets industrial plant control systems from Siemens and is capable of reprogramming or even sabotaging infected systems. Iranian officials had previously admitted that the worm had infected PCs at its highly controversial Bushehr nuclear plant - but maintain that this was nothing to do with months-long delays in bringing its reactors online.

The malware infected more computers in Indonesia and India than Iran, but that hasn't stopped Iran pointing the finger of blame for the creation of the worm towards its arch-enemy, Israel.

Independent security experts reckon Stuxnet, which uses no less than four zero-day attacks, would have taken a four-man team with access to power plant control systems for testing purposes at least half a year to develop. That suggests nation-state involvement - but anything beyond that is pure speculation. One popular theory posits that the worm was developed in Israel and introduced by Russian sub-contractors working at Bushehr, perhaps via an infected USB stick. However, there's no evidence to either prove or disprove this theory.

The main effect of the worm has come in substantiating arguments that Western countries need to do more to invest in the cyber-defence of critical infrastructure systems, an area allocated £500 million in the UK's defence spending review, despite cuts in spending in the wider economy. Naturally countries such as Britain are also developing offensive cyber-weapons too, but nobody likes to talk about that. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.