Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers.
DEBKA DEBKAfile’s intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.
The impression DEBKAfile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.
None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.
One expert said: “The Iranians have been forced to realize that they would be better off not ‘irritating’ the invader because it hits back with a bigger punch.”
Looking beyond Iran’s predicament, he wondered whether the people responsible for planting Stuxnet in Iran – and apparently continuing to offload information from its sensitive systems – have the technology for stopping its rampage. “My impression,” he said, “is that somebody outside Iran has partial control at least on its spread. Can this body stop malworm in its tracks or kill it? We don’t have that information at present, he said.
As it is, the Iranian officials who turned outside for help were described by another of the experts they approached as alarmed and frustrated. It has dawned on them that the trouble cannot be waved away overnight but is around for the long haul. Finding a credible specialist with the magic code for ridding them of the cyber enemy could take several months. After their own attempts to defeat Stuxnet backfired, all the Iranians can do now is to sit back and hope for the best, helpless to predict the worm’s next target and which other of their strategic industries will go down or be robbed of its secrets next.
While Tehran has given out several conflicting figures on the systems and networks struck by the malworm – 30,000 to 45,000 industrial units – DEBKAfile’s sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.