Story

Cyber war on Iran has only just begun

A US cyber war against Iran's nuclear program may have only just begun and could escalate with explosions triggered by digital sabotage, experts say. Although the Iranian regime remains vulnerable to more cyber attacks in the aftermath of the "Stuxnet" worm that disrupted its uranium enrichment work, Tehran may be receiving help from Russian proxies for its digital security, some analysts say.

The nuclear program is "really not that well protected" from more digital assaults and Iran will be hard-pressed to safeguard its uranium enrichment efforts from tainted software, said David Albright, president of the Institute for Science and International Security.
"With Stuxnet, they lost about a year. And it caused a lot of confusion. They really didn't know what hit them," he said. "It looks like a viable way to disrupt their program."
The United States, which reportedly masterminded the Stuxnet operation along with Israel, has every incentive to press ahead with a cyber campaign to undermine Iran's atomic ambitions, according to analysts.
 
The next cyber attack, possibly in combination with more traditional spycraft, could shut off valves or issue incorrect orders that might cause an explosion at a sensitive site.
"I think that it could get more violent," Albright told AFP. "I would expect more facilities to blow up."
 
A major explosion at a missile plant in Iran in November sparked speculation that the incident was the result of sabotage.
"There is of course the possibility of sending in a team to modify a system in a way that would make it vulnerable, and then use a cyber weapon at a later date as a trigger event," said David Lindahl, research engineer at the Swedish Defense Research Agency.
 
A new wave of cyber attacks could involve inserting hardware with infected chips into the industrial process, possibly through an agent or a duped employee, or penetrating diagnostic software used to gauge uranium enrichment or other work, Lindahl said.
But some cyber security experts suspect Russian proxies could be assisting Iran with its digital defenses, and possibly helped Tehran trace the origins of Stuxnet.
 
"The part that we probably miscalculated on in Stuxnet was the (possible) assistance of the Russians in attribution," said James Lewis, senior fellow at the Center for Strategic and International Studies.
 
"The Iranians never would have figured this out on their own," said Lewis, a former senior government official with the Departments of State and Commerce.
 
The elaborate Stuxnet malware, which was reportedly introduced using a thumb drive, contained malicious code that caused centrifuges used to enrich uranium to spin out of control. The worm, meanwhile, sent back signals to operators indicating the centrifuges were operating normally.
 
After the malware was discovered in 2010, at least a thousand centrifuges had to be removed and analysts estimate Tehran's program was set back by at least a year.
 
By pushing the boundaries of cyber warfare, the United States has left itself open to retaliation. But US officials clearly view the risks associated with digital strikes as dwarfed by the dangers of an all-out war with Iran.
Bombing raids are "more likely to explode the region and certainly could lead to a conflict with Iran, and that would be very messy," said Lewis. "Cyber is much cleaner."
 
Although unnamed officials told The New York Times that the United States and Israel were behind the digital operations, cyber attacks -- unlike air strikes -- allow for "plausible deniability," he said.
 
The Stuxnet worm broke new ground by successfully hijacking a program designed to supervise power plants or other large industrial systems, said Sean McGurk, a consultant who previously led cyber security efforts at the Department of Homeland Security.
"Stuxnet demonstrated going from a disruptive capability to a destructive capability and that's what made it unique," he said.
The super virus also was unusual for the way it sought out a specific target while sidestepping systems that did not fit certain criteria.
 
"Almost all cyberattacks are 'to whom it may concern' but Stuxnet was a bullet with someone's name on it," Lindahl said.
"Repeating something like Stuxnet or (computer virus) Flame will be much more difficult, because they (the Iranians) will spend a lot more energy trying to stop those activities," he added.
 
"But the defender needs to plug all holes, while the attacker need only find one."