Cyber Attack on Iran a False Alarm

//

On Tuesday of this week, the Iranian

Students' News Agency (in Farsi) reported that a "Stuxnet-like" computer virus had appeared again, this time infecting systems an Iranian power plant instead of a nucelar power facility. The story also said the attack was repelled. Western news outlets, such as the Associated Press, picked up the story.

Ali Akbar Akhavan, head of Iran’s

Passive Defense Organization, said he

was misquoted, and only said that the country was ready to confront such

attacks. The ISNA later published a story (in Farsi) saying that no attack had occurred. The

incident raises the question of just how concerned others should be

about that kind of

attack. (Full disclosure: I ran both Farsi stories through Google translate).

ANALYSIS: How Do You Hack Into a Phone?

Stuxnet is a piece of malware discovered in the summer of 2010. It attacks industrial control systems built by Siemens, called supervisory control and data acquisition (SCADA). Most of the infected computers were in Iran.

DNEWS VIDEO: COOL JOBS: HACKER

While this latest attack appears to be a false alarm, it isn’t as if Iranian officials are being needlessly paranoid. Iran has weathered other cyberattacks, such as one earlier

this month from a virus named Batchwiper

that simply wipes data.

Back in April, another data-destroying virus called Wiper

attacked Iranian businesses. Viruses similar to Stuxnet, such as Duqu,

which performs reconnaissance, have appeared in the wild.

The original Stuxnet attack is widely believed to have been

created by either Israel

or the United States. It attacked centrifuges used to purify uranium, causing them to

malfunction and fail. Iran maintains that its nuclear program is geared to

power plants, while the United States and Israel insist the Islamic state is bent on producing nuclear weapons.

The Iranian government has been more pubic about its

capabilities in cyber-defense, and there has been open cyber-warfare in a few

cases, such as in the 2008 conflict between Russia and Georgia, in which

Georgia accused Russia of targeted attacks

on government computer systems.

ANALYSIS: Silent Circle Promises Spy-Proof Calls

In the United States, the big concern is terrorism. Defense Secretary

Leon Panetta warned of a "cyber

pearl harbor" as recently as October.

But there's some question as to what a

terrorist might do in the first place. If some malicious group found a way to

disable a power plant, it isn't clear that anyone would think it wasn't a

"normal" outage, and one that would likely be fixed relatively

quickly.

The story does show that even rumors can spread fast. As

any chess player knows, sometimes the threat of an attack is as powerful as the

attack itself.

Credit: Wikimedia Commons