/ 15 February 2011

Anonymous claims to have Stuxnet access

The “hacktivist” group Anonymous claims to have access to the sophisticated computer virus reportedly developed as a joint Israeli-US cyber attack against Iran’s nuclear facilities.

Anonymous says it has obtained details of the Stuxnet worm from the emails of HBGary, a US security company the loose hacker collective attacked earlier this month.

It is not yet clear whether Anonymous plans to deploy the computer virus, but last week the group signalled an intention to attack Iranian government websites in support of a planned green movement rally in Tehran.

However, security experts told the Guardian on Monday that even though Anonymous does have access to parts of Stuxnet, it does not control the crucial code enabling it to attack Iran’s Bushehr nuclear plant — an attack Russia’s Nato ambassador said could potentially trigger a “new Chernobyl”.

Orla Cox, a security operations manager at Symantec, the cyber security firm that has been researching Stuxnet since its discovery, said it was “very difficult to tell” how dangerous Anonymous’s copy of Stuxnet is.

“It would be possible [for Anonymous to use Stuxnet in an attack],” Cox said. “But it would require a lot of work, it’s certainly not trivial.

“The impressive thing about Stuxnet is the knowledge its creators had about their target. So even if you have got access to it you need to understand the target — that requires a lot of research.”

‘Difficult’to use in attack
Iran admitted its controversial nuclear programme had been delayed by Stuxnet last year, with reports later claiming that the worm was a joint US-Israeli project intent on knocking Tehran’s nuclear ambitions off course. No group has yet claimed responsibility for building Stuxnet. Experts told the Guardian last year that Stuxnet would have taken five to 10 people around six months to create and required large amounts of funding.

Computer viruses are largely uncharted territory for Anonymous, which has built its notoriety on crippling the websites of governments and multinational corporations, such as Visa and MasterCard, which it deems a threat to freedom of speech.

Late last month the Metropolitan police arrested and then released five people on bail, including three teenagers, it suspected of being involved in December attacks in support of WikiLeaks.

Snorre Fagerland, a senior threat researcher at the Norwegian internet security firm Norman, said it would be “very difficult” for Anonymous to use its version of Stuxnet in an attack. The hacker collective has obtained a “decompiled” version of the virus, rather than the critical source code which would enable an attack.

“The trouble with this [version of Stuxnet] is that you lose almost all context to its abilities,” Fagerland said. “The original source code would contain all the text information about why it’s built this way — that’s gold if you want to use it. If you decompile it you lose all of that.”

A new Symantec report released on Friday shows that Stuxnet was built to repeatedly infect five key industrial facilities in Iran over a 10-month period.

The worm, reportedly tested at Israel’s nuclear development centre at Dimona, worked by sending Iran’s centrifuges spinning out of control, while making it appear that everything was working as normal. – guardian.co.uk