Iran Confirms Stuxnet Impacts their Centrifuges / Was Iran’s Stuxnet Expert Assassinated??

The Stuxnet story is getting stranger by the minute. First Iran’s President, Mahmoud Ahmadinejad, gave a press conference earlier today where he admitted that Stuxnet had hit Iran’s uranium enrichment centrifuges.

Combined with the analysis that Symantec did with their Dutch Profibus Expert (who we now know is the talented Rob Hulsebos), we can now pretty much close the case on who the target of what Symantec called “Infection Sequences A & B” was.

It is unlikely that there is another site that would use the specific Vacon and Fararo Paya drives in the configuration that Stuxnet expects. Since Iran admits that their centrifuges were damaged, then that particular attack sequence must have been designed for the Natanz nuclear site and other sites copied from it.

Still to be determined is the target Stuxnet Attack Sequence C was directed at. As I noted in my blog last week, this is the scarier of the two PLC attacks, as it is a general purpose Man-in-the-Middle (MITM) against PLCs. There is no patch to protect against this attack (and likely never will be), so expect to see copy cats soon.

If that wasn’t enough, a report from the usually reliable intelligence site, DEBKA Files, claims that Prof. Majid Shahriari, who died when his car was attacked in North Tehran today, was leading the team Iran established for combating the Stuxnet virus.

If this is true, then Stuxnet is moving from a cyber war to a shooting war.

Subscribe to the "Practical SCADA Security" news feed