New computer attack detected on Iran nuclear facility
Computer systems at Iran’s nuclear facilities were attacked recently by a new worm that forced some workstations to randomly play the heavy metal rock song Thunderstruck, U.S. officials said.
The computer attack followed several U.S.- and Israeli-origin virtual strikes on Iran’s illicit nuclear program that involved the insertion of malicious software into Iranian industrial control networks. Those attacks were carried out under the code names Stuxnet and Flame.
The latest attack took place about a week ago and was discovered after an Iranian scientist revealed it in emails sent to a Finnish computer security expert asking for assistance in countering the malicious software attack.
The senior security specialist at the Finnish computer security company F-Secure, Mikko Hypponen, wrote on a blog post that he received several emails beginning July 21 from the Atomic Energy Organization of Iran, which is in charge of Iran’s nuclear program.
The Iranian scientist stated that the nuclear program was “compromised” from an attack by a new worm or hacker software called Metasploit.
The attack penetrated the Iranian virtual private network and shut down the computer control networks at the Natanz nuclear facility as well as a second plant called Fordo near Qom. Both sites have been linked by U.S. intelligence agencies to Iran’s covert nuclear program.
Additionally, the computer attack shut down the Siemens software used to control industrial facilities.
Officials believe the software also caused several workstations to randomly play the song by the heavy metal group AC/DC in the middle of the night at a high volume.
The music element of the hack prompted one security specialist to note that it was similar to a characteristic of the Stuxnet worm that hit Iran which contained a coded copy of the Israeli national anthem Hatikvah that supposedly played using the variable drive frequency motors of uranium enrichment centrifuges that were destroyed by the computer attack.