Stuxnet worm planted on Iranian PCs via USB stick, site claims

The Stuxnet malware was not only designed to disrupt Iran’s nuclear programme it was part of a wider campaign directed from Israel that included the assassination of the country’s nuclear scientists, it has been claimed.

The source for the latest explanation of Stuxnet’s mysterious provenance is online title ISS Source, which cites having received information from unnamed individuals “who requested anonymity because of their close proximity to investigations.”

The source told the site that an Iranian agent infected Iranian systems at the Natanz nuclear facility with the Stuxnet malware directly using a USB stick. The malware exploited a raft of zero-day vulnerabilities to attack SCADA software.

The individual carrying out the attack could have been part of the Mujahedeen-e-Khalq (MEK) group, which was connected to the assassination of several Iranian nuclear scientists in the last three years, US sources said.

“Stuxnet was a comprehensive US-Israeli program designed to disrupt Iran’s nuclear technology. This joint program first surfaced in 2009 and worked in concert with an earlier US effort that consistently sabotaged Iran’s purchasing network abroad,” the article reported.

The genesis of the Stuxnet concept could stretch as far back as efforts to attack Iraq with old-fashioned viruses in the early 1990s.

If the story has a seam of truth (and there will be plenty of sceptics it is worth pointing out) it is dynamite; if it is untrue, it will add to the mythic status of a piece of malware that has been widely assumed to be state-sponsored since it became apparent that it targeted industrial systems.

The story raises questions of its own. Why use a worm at all when the attack was targeted enough to be distributed using a USB stick? The worm method is designed to spread, something which by its nature draws attention. This seems like unnecessary overkill for a direct infection.

The involvement of Israel and the US is easy to state – they would have a clear motivation and the capability to craft malware of Stuxnet’s sophistication – but probably impossible to prove.

Russia recently pinned the blame on the US and Israel, and at least one US expert, John Bumgarner, has even connected Stuxnet to Conficker partly based on its activation date, 1 April 2009 (The Iranian Republic’s 30th anniversary).

What is likely is that Stuxnet attacked targets industrial around the world possibly as long as a year before it was discovered in 2010. It has since been connected to a second piece of malware, Duqu, which is also known to have had some success infecting computers in Iran.