Iranian oil terminal 'offline' after 'malware attack'
April 27, 2012
The Iranian government agency that runs the country’s nuclear facilities, including those the West suspects are part of a weapons program, has reported that its engineers are trying to protect their facilities from a sophisticated computer worm that has infected industrial plants across Iran.
The computer virus is believed to have hit the internal computer systems at Iran's oil ministry and its national oil company. Equipment on the Kharg island and at other Iranian oil plants has been disconnected from the net as a precaution. Oil production had not been affected by the attack, said the Mehr news agency.
However, the attack is believed to have been responsible for knocking offline the websites of the Iranian oil ministry and national oil company. The Ministry website was back in action on Monday but the oil company site has remained unreachable. An Iranian oil ministry spokesperson was quoted as saying that data about users of the sites had been stolen as a result of the attack. Core data about Iran's oil industry remained safe because it was on computer systems that remain separate from the net, they added.
The terminal on Kharg Island handles about 90% of Iran's oil exports. Iran is reported to have mobilised a "cyber crisis committee" to handle the aftermath of the attack and bolster defences. This committee was set up following attacks in 2010 by a virus known as Stuxnet that was aimed at the nation's nuclear programme.
The malicious software - dubbed Stars - was capable of inflicting minor damage, according to the head of Iran's civil defence organisation. If the reports are accurate, it would be the second major attack in a year.The recently discovered Stuxnet worm is thought to have been created to take control of equipment used in Iran's nuclear programme.
It would take some time to establish Stars' intended purpose, said Gholam Reza Jalali, military head of the Iranian Passive Defence Organisation. "The Stars virus has been presented to the laboratory but is still being investigated," he said.
Stuxnet, which was first publicly identified several months ago, is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites. While it is not clear that Iran was the main target — the infection has also been reported in Indonesia, Pakistan, India and elsewhere — a disproportionate number of computers inside Iran appear to have been struck, according to reports by computer security monitors.
Given the sophistication of the worm and its aim at specific industrial systems, many experts believe it is most probably the work of a state, rather than independent hackers. The worm is able to attack computers that are disconnected from the Internet, usually to protect them; in those cases an infected USB drive is plugged into a computer. The worm can then spread itself within a computer network, and possibly to other networks.