Skip to main content

Iran denies cyberattack hurt nuclear program -- but expert isn't sure

By the CNN Wire Staff
  • A new virus called Stuxnet may have been designed to hit Iran's nuclear program, an expert says
  • "It's the most complex piece of malware in the history of computing," Ralph Langner says
  • Only a government would have the resources and intelligence to build the virus, he says
  • Iran denies it was affected

(CNN) -- Iran denied Wednesday that its nuclear systems had been infected with a virus, after days of reports that a new kind of malware had struck the Bushehr nuclear plant.

But the head of its nuclear program admitted that a virus had been found on the personal laptops of some staff at the reactor, the Iranian Students News Agency reported.

"We succeeded in preventing the enemy from achieving its objectives," IRNA quoted Ali Akbar Salehi as saying on Wednesday.

But a top computer security expert who analyzed a new kind of virus called Stuxnet says Iran is the most probable target of the malware, which he says could only have been designed by "the best of the best.

"We have never seen anything like this before," said Ralph Langner. "It's the most complex piece of malware in the history of computing.

"What the thing does, is actually it's designed to blow something up, it's as simple as that," he said. "The virus is a cyberwar weapon."

Langner, who was among the first to study the virus, presented his findings at a cyber security conference in Maryland last week.

The virus is designed to attack only a specific machine at a specific time, Langner told CNN Wednesday.

Langner has detected "the highest number of infections" in Iran, suggesting that Tehran's controversial nuclear program is the target.

"If you look at all the sophistication that went into Stuxnet, if you look at the fact that it's about sabotage, about destroying a specific piece of machinery, then the only target that makes sense given the target region... would be the Iranian nuclear power program," he said.

A government is almost certainly behind it, he said.

"You can take for granted that a hacker group is not able to create anything like Stuxnet, because the development requires much more resources than any such hacker group could afford," he said.

To use it as a weapon would require insider information, he said.

"You need to have very detailed and specific knowledge about the targeted application and process," he said.

"You will need to build up a lab model to test all that and if you take all that together into account, the only background that makes any sense is to assume that a nation-state is behind it."

It was probably delivered via infected USB sticks, he said, speculating that a Russian engineering firm that worked on the Iranian nuclear program had been infiltrated.

That would explain the pattern of infections around the world, he said -- anywhere the company worked would end up with the virus.

But only one specific target would be affected by it.

It's as if a virus were designed not only to target a computer running Microsoft Word, he said, but to search for a specific document created with Word.

And it's designed to hit industrial control systems, he said, activating itself only once its target reaches a certain state, like a designated temperature or pressure.

"When it finds a specific match, let's say in specific temperatures or pressures to reach certain thresholds, then the attack routine is executed," he said.

Stuxnet itself is no longer a cause for concern, he said.

"Don't worry about Stuxnet any longer," he said. "Obviously it hit its target. It is so specific it won't attack anything else."

But now that it's out there, other people will try to replicate it, he warned.

"Everybody will be able to study exactly what Stuxnet does and how it is done," he said. "So we must assume that Stuxnet will now act as a template for any kind of hackers, organized crime, terrorists in order to study how it can be done.

"Stuxnet is history," he said. "We need to work on what will come next."

CNN's Atika Shubert contributed to this report.