Feeds

Iran: 'Nuke spies nabbed, but not for Stuxnet'

Not infected USB-wielding infidels, then?

SANS - Survey on application security programs

Iranian leaders have backtracked on earlier claims that they had arrested unnamed nuclear spies over the spread of the infamous Stuxnet worm in the country.

Intelligence minister Heidar Moslehi repeated the standard line that infections by the Stuxnet worm had been contained. Then he said that the arrest of so-called "nuclear spies" last month was nothing to do with the malware, a statement at odds with earlier ministerial pronouncements.

The highly sophisticated Stuxnet worm targets industrial plant control systems from Siemens and is capable of reprogramming or even sabotaging infected systems. Iranian officials had previously admitted that the worm had infected PCs at its highly controversial Bushehr nuclear plant - but maintain that this was nothing to do with months-long delays in bringing its reactors online.

The malware infected more computers in Indonesia and India than Iran, but that hasn't stopped Iran pointing the finger of blame for the creation of the worm towards its arch-enemy, Israel.

Independent security experts reckon Stuxnet, which uses no less than four zero-day attacks, would have taken a four-man team with access to power plant control systems for testing purposes at least half a year to develop. That suggests nation-state involvement - but anything beyond that is pure speculation. One popular theory posits that the worm was developed in Israel and introduced by Russian sub-contractors working at Bushehr, perhaps via an infected USB stick. However, there's no evidence to either prove or disprove this theory.

The main effect of the worm has come in substantiating arguments that Western countries need to do more to invest in the cyber-defence of critical infrastructure systems, an area allocated £500 million in the UK's defence spending review, despite cuts in spending in the wider economy. Naturally countries such as Britain are also developing offensive cyber-weapons too, but nobody likes to talk about that. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.