Technology

Thunderstruck: Iran's nuclear facilities given AC/DC treatment by computer worm

Two of Iran's nuclear plants have been struck by a computer worm - Thunderstruck to be precise.

That's if you believe an email allegedly sent by an Iranian nuclear scientist to the chief research officer of Finland IT security firm F-Secure, Mikko Hypponen, this week and published on F-Secure's blog.

AC/DC guitarist Angus Young plays in Sydney on February 18 2010.
AC/DC guitarist Angus Young plays in Sydney on February 18 2010. 

Hypponen said he couldn't confirm whether the details of the email were true, but could confirm it was sent from someone within the Atomic Energy Organisation of Iran. It describes how a computer worm allegedly compromised two Iranian nuclear plants by shutting them down and making workstations play Australian rock band AC/DC's Thunderstruck song late at night, at full volume.

Hypponen, who recently made an appearance at the annual AusCERT security conference on the Gold Coast in Queensland to reveal what he believed was evidence to suggest governments the world over were stockpiling on computer exploits to attack other nations, said he wasn't "sure what to think" of the scientist's email. In an interview with Gawker he said he didn't buy the scientist's story.

A suspected uranium-enrichment facility near Qom, 156 kilometres southwest of Tehran, is seen in this September 27, 2009 ...
A suspected uranium-enrichment facility near Qom, 156 kilometres southwest of Tehran, is seen in this September 27, 2009 satellite photograph released by DigitalGlobe on September 28, 2009. 

"I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom," the email sent by the Iranian scientist to Hypponen and published on the F-Secure blog states.

"According to the email our cyber experts sent to our teams, they believe the hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert."

Chief research officer of Finland IT security firm F-Secure, Mikko Hypponen.
Chief research officer of Finland IT security firm F-Secure, Mikko Hypponen. 

The scientist added: "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC."

If true, it's not the first cyber attack Iran's nuclear facilities have had to deal with - the country has, for some time, been the target of computer viruses like Stuxnet, Duqu and Flame. The New York Times reported in June that Stuxnet was built as part of a US and Israeli operation to stop Iran's nuclear efforts.

32 comments

Comment are now closed