Malworm Stuxnet Proved More Destructive than a Conventional Attack
With the impact of the first cyber offensive ever inflicted on a state just beginning to register, the magnitude of the damage Iran has already suffered may be hard to grasp. The attack which crested in the last couple of weeks has wrought strategic ravages on a scale comparable to an attack by conventional weapons.
The big difference, as DEBKA-Net-Weekly's military sources point out, is that Stuxnet has not demolished buildings, military bases or physical utilities – or caused massive loss of life. No more than a dozen individuals were killed. They were sitting in front of computers which imploded in military laboratories and installations and civilian utilities or were trapped in fires which flared at big strategic installations when Stuxnet shut down their systems and networks.
A conventional war on a comparable scale would have caused massive devastation. Strategic and military infrastructure would have been pulverized and casualty figures soared to at least one thousand dead and 5,000 injured.
Most media and Iranian outlets have built their reporting on the new cyber war around descriptions of how Stuxnet works and guesswork about its source – or sources.
Undisclosed so far are eight pieces of essential data which are exclusively listed hereunder:
Attack focused on nuclear and military targets – less on civilian infrastructure
1. The attack has focused on Iran's nuclear and military resources – less on civilian infrastructure.
The concealed projects of Iran's nuclear weapons program have, in particular, been either partially damaged and would meet the conventional military definition of "temporarily out of action," or so immobilized as to require many months, perhaps more than a year, before they are restored to even partial operation.
2. Most of Iran's key military facilities, including the nuclear laboratories in North Tehran, the atomic reactor in Bushehr, the uranium enrichment plants in Natanz and the thousands of centrifuges spinning there, are gravely disabled and working at minimal capacity.
3. Some of Iran's military command and control centers at military and Revolutionary Guards Corps headquarters are shut down, along with field command centers for ballistic missile batteries, key airbases, air defenses and navy. Alien computer software was found loaded in their networks instead of normal operating systems.
A high-ranking Persian Gulf official remarked that an enemy attack in the last two weeks would have found Iran virtually stripped of its defenses. A missile strike combined with a commando landing on Iran's strategic sites would have met with slight resistance. Neither the General Staff nor the IRGC Command was in any state to muster the forces needed to repel an invasion for more than a few hours. Tehran today, said the source, is a city without protection against an air strike or a ground offensive.
4. The most serious impairment has been suffered by the military industrial giants, which are relied on in emergencies to keep up a rapid supply of munitions and replacement parts to the military and Revolutionary Guards (IRGC) units, DEBKA-Net-Weekly's intelligence sources report.
Hundreds of these plants are near breakdown.
Not thousands but millions of computers affected
The intelligence assessment is that the computers and operating systems of Iran's military industrial complex were especially vulnerable to viral invasion because their Supervisory Control and Data Acquisition (SCADA) systems are controlled by the imported Siemens management software called Simatic WinCC, which is used around the world by armed forces, oilfields, power stations, large communications systems, airports and ships.
5. Intelligence sources familiar with IRGC operations report severe damage to the command centers and training facilities the Al Qods Brigades runs for foreign terrorists, as part of its external clandestine and terror-sponsoring mission. Its facilities are forced to operate now at sub-optimal capacity.
6. Iran's key power grid, pumping and water supply stations, the computers controlling public transport, including railways, and the haulage companies serving major Iranian cities, have been marginally affected. The hold-ups in public transport and the delivery of fuel and food to the populace are much milder than the shutdowns overtaking national strategic and military systems. These minor hitches appear designed to give Tehran a broad idea of the wholesale paralysis awaiting Iran if the operators of Stuxnet take their attack to a higher level.
7. At the end of last week, the Iranians reported 30,000 of their computers had been affected. Monday, September 27, some Iranian sources were talking about 45,000, including 30,000 in the Bushehr nuclear reactor and military facilities alone. (Administratively, the Natanz uranium enrichment facility is located in the same province as Bushehr)
According to DEBKA-Net-Weekly, Tehran issued these low figures to downplay the scale of the damage for the benefit of the public. In reality, Western intelligence calculates that millions of computer systems and personal computers were struck.
Our sources say that a Stuxnet invasion of just one sector, such as the military industry or banks, could disable three million computers in less than half an hour.
Stuxnet's massive theft of computerized Iran intelligence secrets
8. Iran has taken a huge intelligence setback from this digital invasion aside from the physical damage.
DEBKA-Net-Weekly's intelligence sources report that no one aside from its programmers can tell how much intelligence data the Staxnet raiders extracted from Iran's military, intelligence and industrial computer systems before they were discovered.
All the Iranians know at present is that the malworm, which was kept latent inside their most sensitive computers for months before it was activated, was not idle.
It captured every scrap of data the targeted systems processed, received or loaded onto other local or outside computers and transferred it directly to an unidentified operating center abroad.
Tehran's nuclear, military, financial and intelligence systems were stripped of their secrets and laid bare to alien eyes to a degree unparalleled in any world conflict. Yet Iran has no notion of who the cyber raiders are or exactly what secrets they have purloined. The only way they could assess the damage was to determine the approximate date of the Stuxnet invasion and assume that all the information processed from that date on had been stolen.
And that is exactly what Iranian intelligence experts have done.
They fixed January 1, 2010 as the malworm's first day of operation inside their systems and are treating the entire body of technological, intelligence and personal information which passed through Iranian servers and personal computers from that day on as compromised material.
Does anyone have the code for undoing the malworm?
On Monday, September 27, Hamid Alipour, deputy head of Iran's government-owned Information Technology Company, who has been assigned to lead the counter-attack on the cyber assailant, warned that the Stuxnet worm is "mutating and wreaking further havoc on computerized industrial equipment."
He said, "The attack is still ongoing and new versions of this virus are spreading."
According to this Iranian computer expert, the hackers, who enjoyed "huge investments" from a series of foreign countries or organizations, designed the worm to exploit five different security vulnerabilities." It is not a "normal" worm, he stressed.
His words indicated that Tehran is completely at sea over the crisis, with no notion when the cyber attack will end or who is behind it.
The next day, the head of the Atomic Energy Organization of Iran, Ali Akbar Salehi tried to correct the impression of panic. But he was forced to admit that the country's first nuclear reactor, inaugurated with much fanfare in August, faced a delay of at least two or three months before it supplied energy. He denied that the reactor had been hit by the marauding virus.
Wednesday, Sept. 29, debkafile disclosed that Iran had secretly approached computer security experts in West and East Europe, offering them substantial payment for advice on how to get rid of the worm.
Those experts turned cagey when Tehran refused to tell them exactly which plants, strategic centers and control systems were under attack, allow them access to personally inspect Stuxnet's targets or describe the changes made in imported control systems.
These experts described the Iranian officials they spoke to as sounding desperate. Iranian computer security experts had found their efforts to purge the cyber raider made Stuxnet more aggressive than before and triggered a second round of attacks.
DEBKA-Net-Weekly's military sources say that the Iranians are not the only ones stumped for solutions to the first cyber offensive in the history of war. World intelligence chiefs would dearly like to know whether the inventors of Stuxnet who planted it in Iran are still in control of the destructive malworm.