Platt Perspective on Business and Technology

First Stuxnet and then Stars – a continuing cyber-security story

Posted in business and convergent technologies by Timothy Platt on May 28, 2011

This is my 14th installment in an occasional series on international cyber-security, and the changing nature of threats faced and responses offered (see Ubiquitous Computing and Communications, postings 58-60, 62-65, 67, 68, 70 and 73-75 for parts 1-13.) And it is about a cyber-threat that may or may not even exist.

On April 17th, 2011 Gholam-Reza Jalali, the Director of Iran’s Passive Defense Organization (a unit within their military) gave an interview with MehrNews, a semiofficial news outlet to announce that a new cyber attack had just been launched against his country in the form of a computer worm code named Stars. Iran has claimed that Stuxnet was an attack coming from Israel and the United States, and cited secret messages embedded in its reconstructed source code to validate that claim. They now claim that a new threat has been launched against Iranian government computer systems, with this one named after the Star of David.

Excerpts from this interview were published on April 25 and I quote from the English language edition of MehrNews here where Jalali is said to have stated:

• “(However), certain characteristics about the Stars worm have been identified, including that it is compatible with the (targeted) system and that the damage is very slight in the initial stage, and it is likely to be mistaken for executable files of the government,”

Very little has been released as to what that targeted system might be or what damage has been sustained, though I add that the official position coming out of Tehran is that Stuxnet did very little damage. And consensus is that the intended target for any second attack would also most likely be Iran’s nascent nuclear facilities (see the news story run in on April 25, 2011.)

Stuxnet was developed as a very precisely targeted cyber-weapon, and almost certainly with Iran’s very specific nuclear facilities in mind as discussed in earlier installments in this series. But while it may have been developed with that target in mind, it was found in computer systems in other countries, even if in systems where it could only reside but not effectively function.

Iranian officials claim to be studying this new threat in their computer laboratories but at least as of this writing, no one else has stepped forward to say that they have seen any of its source code or object code, or that they are in possession of a copy of this malware as found on their computers. That raises some interesting questions.

• Is Stars real, or was this story created within Iran for political purposes?
• If this is a fabrication on the part of Iranian officials, why have they done this and who is the primary intended audience for this story? Is this, for example intended primarily for internal consumption by the Iranian public?

Iran has officially claimed that Stuxnet did very little real damage to their nuclear facilities and that it did not add any significant delays into their nuclear programs. Did they need to find and thwart a second low level but irritating challenge to their programs to account for delays that have in fact taken place? Any such problems would be kept out of news channels such as MehrNews and their public release would be blocked by the Iranian government as disclosure of highly classified information, but recent events in the Middle East and elsewhere have highlighted that internet access means that news can and will leak in from the outside, and out to the world in spite of governmental censorship efforts.

This is a very curious story that I expect to follow up on, if and as more details emerge.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: