The Stuxnet Attack, and its Mystery

by Fikret Ertan

Zaman - It has been said for some time now that the wars of the future will take place in cyberspace, and that, for this reason, there needs to be preparation for this. In fact, according to some people, the first rounds of these wars have already been fired.

For this reason, the great states are already beginning to take measures against these wars, and are working to activate as soon as possible the institutions that will protect them in these wars.

Within this framework, America a few months ago added a Cyber Command to its existing eight military commands. General Keith Alexander, who was appointed to head the command, recently testified to the Congress, at length and with examples, how grave and how serious the threat of cyberwar has become in the past three years, and in this context spoke of the cyberattacks that Estonia was subjected to in 2007 and Georgia in 2008. He also indicated that it was only a matter of time before America confronted an attack by viruses similar to the viruses that have now been called "Stuxnet."

Essentially, the Stuxnet virus has come to be one of the major topics on the world agenda since last week. This virus, which was discovered by German specialists last July, has since then shown itself with various attacks in Indonesia, India, America, and most recently in Iran.

Stuxnet, which Microsoft reported on in a security warning of 13 September, is described as a special virus that needs to have special information regarding its target or targets, which is able to exploit the vulnerabilities of highly developed, multiple computer systems, and which is able to penetrate systems thanks to stolen security certificates and, as a result, to bring down those systems.

At the technical level, Stuxnet utilizes four system vulnerabilities in order to be able to penetrate Windows systems or flash drives. Those who say this are the well-known internet security firms Symantec and Kaspersky Lab. There perhaps exists additional information on this topic, but it has not yet been reflected in the press.

According to what is being said, Stuxnet currently targets special software produced by the German firm Siemens. This software is known as SimaticWinCC SCADA systems; the expansion of SCADA is "supervisory control and data acquisition." These systems control programmable logic control (PLC) elements, which operate various industrial processes in an automatic manner. Stuxnetspecifically targets personal computers that are linked to these automatic operation processes, and in this way is able to penetrate the systems. According to Siemens, Stuxnet has to date attacked 14 facilities that use its systems, but has not done any damage.

That is what Siemens says, but it is being said in various reports that Iran's Bushehr nuclear power plant and other facilities were subjected to attack by Stuxnet last week and damaged by it, and that as a result, the power plant's entry into full operation and production of electricity has been delayed by up to two months.

Iranian officials have in fact confirmed the Stuxnet attack. Indeed, Mahmud Jafari, an official of the Bushehr facility who spoke with Iran's official news agency, has declared that a special team has begun to eliminate the viruses that had infected personal computers at the facility, that the viruses in question had not damaged the main elements of the facility, and that there exist other reasons for the delay. In this way, he thus acknowledges the Stuxnet attack, but he says that it has not caused any damage.

Meanwhile, Hamid Alipur, the Deputy Chairman of Iran's official state information technology organization, indicated last Monday that Stuxnet is multiplying via mutation, and continues to damage computerized industrial equipment. On this topic, Iranian Intelligence Minister Haydar Muslihi says that Iran has learned to deal with complex computer viruses, and that a few spies have been arrested in connection with the latest attack.

The Stuxnet attack confronted by Iran stands before us today, with insufficient and contradictory reports, as a complete mystery. Who staged the attack, and how? How much damage has it done? What might happen after this? The answers to these questions are still lacking. And probably, they will never be answered; these things will remain classified, as state secrets. For this reason, Turkish official authorities, and our relevant institutions and experts, absolutely have to concern themselves with the Stuxnet mystery, and must not neglect to take precautionary measures against attacks of this sort that could one day target us as well. You heard it here...

Copyright © 2010