WASHINGTON (AFP) – The Stuxnet worm attacking computers in Iran includes a reference to the Book of Esther, the Old Testament story in which the Jews pre-empt a Persian plot to destroy them, and is a possible clue of Israeli involvement, The New York Times reported on Thursday.
A file inside the Stuxnet code is named “Myrtus,” an allusion to the Hebrew word for Esther, and is a possible Israeli calling card or, perhaps, a “red herring” designed to throw investigators off the track, the Times said.
According to security software experts and analysts, Stuxnet may have been designed to target Iran’s nuclear facilities and suspicions have fallen on Israel and the United States.
Iran said this week that Stuxnet is mutating and wreaking havoc on computerised industrial equipment there but denied the Islamic republic’s first nuclear plant at Bushehr was among the facilities penetrated.
Stuxnet specifically attacks Siemens supervisory control and data acquisition, or SCADA, systems commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.
The self-replicating malware has also been found lurking on Siemens systems in India, Indonesia and Pakistan, but the heaviest infiltration appears to be in Iran, according to researchers.
No one has claimed credit for Stuxnet and a top US cybersecurity official said last week that the United States does not know who is behind it or its purpose.
The Times noted that there is no consensus among security experts about who may be behind Stuxnet but said “there are many reasons to suspect Israel’s involvement.”
Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and Stuxnet may be a “clear warning in a mounting technological and psychological battle” with Iran over its nuclear program, the newspaper said.
The Times said Ralph Langner, a German computer security consultant, was the first to note that “Myrtus” is an allusion to the Hebrew word for Esther.
Shai Blitzblau, head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, told the Times he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”