Bloomberg News

Iran Nuclear Plants Hit By Virus Playing AC/DC, Website Says

July 25, 2012

Iran Nuclear Plants Hit By Virus Playing AC/DC, Website Says

Iranian President Mahmoud Ahmadinejad, center, visits the Natanz Uranium Enrichment Facility in this file photo. Photograph: Iranian President's Office via AP Images

Iran’s nuclear facilities have suffered a cyber attack that shut down computers and played music from the rock band AC/DC, the F-Secure Security Labs website said.

A new worm targeted Iran’s nuclear program, closing down the “automation network” at the Natanz and Fordo facilities, the Internet security site reported, citing an e-mail it said was sent by a scientist inside Iran’s Atomic Energy Organization.

The virus also prompted several of the computers on site to play the song “Thunderstruck” by AC/DC at full volume in the middle of the night, according to the e-mail, part of which is published in English on the website.

F-Secure Security Labs, which is linked to F-Secure Oyj (FSC1V), the Finnish maker of security and cloud software, said that while it was unable to verify the details of the attack described, it had confirmed that the scientist who reported them was sending and receiving the e-mails from within Iran’s Atomic Energy Organization.

Iran’s nuclear program and oil facilities have been subject to a succession of cyber attacks that the Foreign Ministry said in May were launched by hostile governments as part of a broader “soft war.” Iran accuses the U.S. and Israel of trying to sabotage its technological progress. Both countries say Iran’s nuclear activities may have military intent, an allegation that Iran denies.

E-Mail Exchange

Mikko Hypponen, chief security officer at F-Secure Security Labs and the person involved in the correspondence, said he received three e-mails on July 22 from an individual with an aeoi.org.ir e-mail address, receiving replies after he responded. After researching the person’s name on the internet, Hypponen said he found “plenty of nuclear science papers and articles published by someone with this name.”

“I can’t confirm that the person was who he said he was. And I can’t confirm any of the things he said actually happened,” Hypponen wrote in reply to e-mailed questions. “But I can confirm I was emailing with someone who had access to an aeoi.org.ir address.”

Iran has called on the United Nations to condemn organized cyber attacks against nations, the head of Iran’s Information Technology Organization, Ali Hakim Javadi, said today, according to a report by the state-run news channel Press TV. Significant investment is needed for the creation of malware viruses such as Stuxnet or Flame, which previously targeted Iran, indicating that they were not produced by individuals, the Iranian official said.

High Voltage

AC/DC have played “high voltage rock ’n’ roll” since they were formed in 1973 in Australia, according to the band’s website. Their songs were among the loud music played to detainees at the Guantanamo Bay prison facility in preparation for interrogations, the Associated Press reported in October 2009, citing the National Security Archive in Washington.

An attack where the infected PCs start playing AC/DC isn’t that likely “unless the attacker really wants the victim to know they are hit,” Hypponen said.

F-Secure Security Labs is involved in analyzing viruses, spyware and spam attacks, according to its website.

To contact the reporter on this story: Ladane Nasseri in Dubai at lnasseri@bloomberg.net

To contact the editor responsible for this story: Andrew J. Barden at barden@bloomberg.net.


We Almost Lost the Nasdaq
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

 
blog comments powered by Disqus