Iranian Brigadier General Gholam Reza Jalali Saturday accused the German electronics giant Siemens with helping U.S. and Israeli teams craft the Stuxnet worm that is responsible for the attack on his country's nuclear facilities.
April 18, 2011
by Gregg Keiser
– An Iranian military commander Saturday accused the German electronics giant Siemens with helping U.S. and Israeli teams craft the Stuxnet worm that attacked his country’s nuclear facilities.
According to the Islamic Republic News Service (IRNA), Iran’s state news agency, Brigadier General Gholam Reza Jalali laid some of the blame for Stuxnet on Siemens.
“Siemens should explain why and how it provided the enemies with the information about the codes of the SCADA software and prepared the ground for a cyber attack against us,” Jalali told IRNA.
Siemens did not reply to a request for comment on Jalali’s accusations.
Jalali heads Iran’s Passive Defense Organization, a military unit responsible for constructing and defending the country’s nuclear enrichment facilities. He is a former commander in Iran’s Revolutionary Guard.
Stuxnet, which first came to light in June 2010 but hit Iranian targets in several waves starting the year before, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH.
According to both Symantec and Langner, Stuxnet was designed to infiltrate Iran’s nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its plants, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.
Jalali suggested that Iranian officials would pursue Siemens in the courts.
“The Foreign Ministry and other relevant political and judicial organizations should lodge complaints at international courts,” said Jalali. “The attacking countries should be held legally responsible for the cyberattack.”
He also claimed that Iranian researchers had traced the attack to Israel and the U.S. “The investigations and research showed that the Stuxnet worm had been disseminated from sources in the U.S. and Israel,” said Jalali, who added that the worm sent reports of infected systems to computers in Texas.
Jalali’s allegations of U.S. and Israeli involvement were the first from an Iranian official, although President Mahmoud Ahmadinejad has repeatedly blamed the two countries for trying to destabilize his government.
In January, the New York Times, citing confidential sources, said that Stuxnet was jointly created by the U.S. and Israel, with the latter using its covert nuclear facility at Dimona to test the worm’s effectiveness on centrifuges like the ones Iran employs.
According to the Times, Siemens cooperated in 2008 with the Idaho National Laboratory (INL) to help experts there identify vulnerabilities in the SCADA hardware and software sold by the German firm. The lab — located about 30 miles east of Idaho Falls, Idaho — is the U.S. Department of Energy’s lead nuclear research facility.
Jalali repeated earlier claims by others in Iran, including Ahmadinejad, that Stuxnet did not cause major damage or disrupt its nuclear enrichment program because researchers discovered the worm and instituted defenses.
“If we were not ready to tackle the crisis and their attack was successful, the attack could have created tragic incidents at the country’s industrial sites and refineries,” said Jalali.
He suggested that massive casualties could have resulted, and suggested that they might have been on the scale of the Bhopal, India disaster, where in 1984 a Union Carbide pesticide plant released chemicals that killed between 4,000 and 8,000 people.
Symantec, however, has said that Stuxnet was very successful. In a February update to its research on the worm, Symantec said the first attacks in June 2009 infected Iranian computers just 12 hours after the worm was compiled. The average time between compilation and infection was 19 days for the 10 successful attacks Symantec monitored over an 11-month span.