Yesterday, the security research group F-Secure received a puzzling email claiming to be from a nuclear scientist with the Atomic Energy Organization of Iran (AEOI). In it, the author claimed that the country’s nuclear facilities were once again under attack. Only this time, the hackers brought Angus Young along for the ride.
F-Secure’s Mikko Hypponen said that a strange new chapter in the ongoing strife over Iran’s nuclear activities may be unfolding. He posted the following email which, although he cannot confirm the veracity of the claims, he does say came from within the AEOI. It reads:
I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.
According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.
There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.
Emphasis ours.
Earlier this year, the New York Times presented an excerpt from reporter David E. Sanger’s book Confront and Conceal which claimed that U.S. and Israeli intelligence had begun a series of sophisticated electronic attacks against Iranian nuclear facilities. Sanger makes the case that the Stuxnet worm, long hypothesized to be a state-sponsored cyberweapon, was crafted specifically to physically destroy the centrifuges used in Iran for nuclear enrichment activities.
Shortly after that, Iran claimed that it was being targeted by the U.S., Israel, and Great Britain in an ongoing cyberwar.
Up to the part about Thunderstruck, this story seems similar to the previous ones. The writer specifically mentions “Siemens hardware,” which could be a reference to the P-1 centrifuges that were also targeted by Stuxnet. The inclusion of an AC/DC song is more than a little bit strange. However, now that Iran has made it clear that it is aware of the cyberattacks against its facilities, perhaps its attackers are giving up on stealth and are simply trying to frustrate and irritate facility employees.
Then again, perhaps it’s all an elaborate ruse. Personally, I hope that someone out there in the bowels of the Pentagon had enough of a sense of humor to make this happen.
(F-Secure via Venture Beat via Techmeme, original image via Grumpy-Puddin)
- Iran has a rail gun, but it’s probably not a big deal
- They have a U.S. drone, though
- Stuxnet may be the work of the U.S. and Israel
- Then what is Flame?
