A new worm targeted Iran’s nuclear program, closing down the “automation network” at the Natanz and Fordo facilities, the Internet security site reported, citing an e-mail it said was sent by a scientist inside Iran’s Atomic Energy Organization.
The virus also prompted several of the computers on site to play the song “Thunderstruck” by AC/DC at full volume in the middle of the night, according to the e-mail, part of which is published in English on the website.
F-Secure Security Labs, which is linked to F-Secure Oyj (FSC1V), the Finnish maker of security and cloud software, said that while it was unable to verify the details of the attack described, it had confirmed that the scientist who reported them was sending and receiving the e-mails from within Iran’s Atomic Energy Organization.
Iran’s nuclear program and oil facilities have been subject to a succession of cyber attacks that the Foreign Ministry said in May were launched by hostile governments as part of a broader “soft war.” Iran accuses the U.S. and Israel of trying to sabotage its technological progress. Both countries say Iran’s nuclear activities may have military intent, an allegation that Iran denies.
Mikko Hypponen, chief security officer at F-Secure Security Labs and the person involved in the correspondence, said he received three e-mails on July 22 from an individual with an aeoi.org.ir e-mail address, receiving replies after he responded. After researching the person’s name on the internet, Hypponen said he found “plenty of nuclear science papers and articles published by someone with this name.”
“I can’t confirm that the person was who he said he was. And I can’t confirm any of the things he said actually happened,” Hypponen wrote in reply to e-mailed questions. “But I can confirm I was emailing with someone who had access to an aeoi.org.ir address.”
Iran has called on the United Nations to condemn organized cyber attacks against nations, the head of Iran’s Information Technology Organization, Ali Hakim Javadi, said today, according to a report by the state-run news channel Press TV. Significant investment is needed for the creation of malware viruses such as Stuxnet or Flame, which previously targeted Iran, indicating that they were not produced by individuals, the Iranian official said.
AC/DC have played “high voltage rock ’n’ roll” since they were formed in 1973 in Australia, according to the band’s website. Their songs were among the loud music played to detainees at the Guantanamo Bay prison facility in preparation for interrogations, the Associated Press reported in October 2009, citing the National Security Archive in Washington.
An attack where the infected PCs start playing AC/DC isn’t that likely “unless the attacker really wants the victim to know they are hit,” Hypponen said.
F-Secure Security Labs is involved in analyzing viruses, spyware and spam attacks, according to its website.
To contact the reporter on this story: Ladane Nasseri in Dubai at firstname.lastname@example.org
To contact the editor responsible for this story: Andrew J. Barden at email@example.com.