Cyber expert: Iran scientist reports new malware attack


IAEA, meet AC/DC?

On Sunday, Finnish cyber security expert Mikko Hypponen received a series of emails from someone purporting to be a scientist at Iran’s atomic energy organization.

“The scientist reached out to publish information about Iranian nuclear systems getting struck by yet another cyber attack,” Hypponen, wrote on his blog., citing from the scientist’s emails:

I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.

Hypponen, reached by Al Monitor Tuesday, said he has confirmed the emails were coming from Iran’s atomic energy organization, but can’t vouch for the AC/DC breaking out on the work stations., or any of the other details his correspondent provided.

“I only know what the scientist from AEOI told me,” Hypponen told Al Monitor by email Tuesday. “I can’t confirm any of his sayings, but I can confirm the emails were coming from AEOI.”

“He emailed me three times on Sunday,” Hypponen continued, adding that he published the message with his correspondent’s permission. “Since then he hasn’t responded to my emails. He was sending and receiving email at an official address.”

So is the correspondent really who he says? It’s interesting to note that he gave permission for his email to be published. Was he looking for help in halting the alleged malware attack–or publicity? Perhaps a clever information operation meant to stoke more paranoia in the ranks of Iran’s nuclear program.

(Photo: AC/DC lead guitarist Angus Young performs at the O2 Millenium Dome stadium in LondonApril 14, 2009.   REUTERS/Luke MacGrego.)

Operation “Olympic Games”: Report details US role in cyber-weapon targeting Iran centrifuges

The Obama administration pursued a Bush-era US-Israeli cyber-offensive aimed at setting back Iran’s nuclear program, David Sanger reports in the New York Times Friday.

Code-named “Olympic Games,” and initiated in 2006, the cyber-operation targeted the computer systems that run the centrifuges at Iran’s Natanz uranium enrichment facility.

But the operation, undertaken by the U.S. National Security Agency and its Israeli counterpart, went through various phases and updates, and in 2010, there was a big glitch: the Stuxnet worm spread beyond its intended target of Natanz to other facilities, and soon caught the attention of computer security experts around the world. And as Sanger reports, when US intelligence officials had to brief Obama about the alarming development, naturally, they initially blamed their Israeli partners for modifying the program without telling them:

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked […] Continue reading