Tag: Nuclear

Posted on

Damage Control 101 – Blow out of proportions

I may be speculating here, but the Iran Virus story and media coverage made me think.

Facts:

  1. Siemens SCADA systems around the world were hit by Stuxnet virus.
  2. Some of the systems are in Iran
  3. From BBC report: “Stuxnet was first detected in June by a security firm based in Belarus, but may have been circulating since 2009.”
  4. “Siemens was neither involved in the reconstruction of Bushehr or any nuclear plant construction in Iran, nor delivered any software or control system,” he said. “Siemens left the country nearly 30 years ago.”
  5. “Siemens said that it was only aware of 15 infections that had made their way on to control systems in factories, mostly in Germany.”

Yet the Media speculates:

  • “The sophisticated super virus Stuxnet” – Deutche Welle
  • “One of the most sophisticated pieces of malware ever detected was probably targeting “high value” infrastructure in Iran, experts have told the BBC.”
  • “Stuxnet’s complexity suggests it could only have been written by a “nation state”, some researchers have claimed”
  • “The fact that we see so many more infections in Iran than anywhere else in the world makes us think this threat was targeted at Iran and that there was something in Iran that was of very, very high value to whomever wrote it,” Liam O’Murchu of security firm Symantec, who has tracked the worm since it was first detected, told BBC News.

Facts seem to contradict the speculation, but the story becomes more interesting, doesn’t it?

However, Mr O’Murchu and others, such as security expert Bruce Schneier, have said that there was currently not enough evidence to draw conclusions about what its intended target was or who had written it.

And now my speculation:

As Siemens are obviously do not actively involve themselves in the PR and reports of  “some researchers have claimed”, it looks like Symantec are doing all they can do to blow this story out of proportions. This is not a story of “Symantec software failed to identify and stop a malware”, but “Symantec cannot possibly identify and stop such a sophisticated Super Virus written by a Nation State”.