Iran has a problem. The computer systems that are meant to run their nuclear power plant are getting infected with the Stuxnet worm. So far, it doesn’t seem to be causing much damage other than just spreading. The worm seems to specifically target Siemens control systems that run on Microsoft Windows
Generally I’d expect that control systems designed to run a nuclear powerplant would be running on something other than Windows. I’m not trying to bash Windows here–it is just designed to be a very general operating system and as a result has all kinds of capabilities that aren’t needed for powerplant operation. If I was putting in a powerplant control system I think I’d want to use an operating system that had been specifically hardened for security.
Anyway, the Wall Street Journal mentions a number of countries that might have been able to launch an attack like this against Iran and concludes that it is unlikely the US is behind the worm simply because the results are likely to be so unpredictable. The further mention Israel and the U.K. as potential suspects, but suggest that Germany, Russia and France would actually have the capabilities to create something like this.
Given the very low barrier to entry when it comes to launching a worm, it seems like pretty much any kid hacker could be behind something like this. The only thing that makes it seem like it might not be a kid is the fact that it targets a control system that seems unlikely to be something a kid would want to target.
I think most governments would see a big problem with trying to infect a nuclear control system–particularly with a worm where you might lose control of it one way or another and where modifications to it might make it do something very different than what was intended.
The US once considered launching a worm to attach Iraq’s financial systems, but decided it was too risky since it was impossible to determine what the outcome would be. Causing mayhem with a financial computers would likely create a huge set of problems, but it seems benign compared to messing with nuclear controls.
