The Stuxnet worm blamed for infecting hundreds of thousands computers and critical infrastructure in Iran could have been an inside job, according to security experts.
Graham Cluley, senior technology consultant at Sophos, told V3.co.uk the malware could have been created by someone with detailed knowledge of Siemens’ computer systems, possibly a current or former employee.
Attending the Virus Bulletin 2010 conference in Vancouver, Cluley said the worm appears to have been written by someone with inside knowledge of how Siemens’ systems work. However, “unless we get access to the computer it was written on, or someone admits writing it, we’ll probably never know,” he said.
F-Secure Chief Research Officer Mikko HyppÃ¶nen told V3.co.uk that based on the evidence he had seen, the Stuxnet worm looks like a government attack.
“The obvious conclusion from Stuxnet is that there isn’t any clear motive other than sabotage,” he said. “Crucially, no one has found a way that anyone could make money from this, which makes criminal involvement unlikely. If you look at the level of difficulty and complexity behind Stuxnet, it has to be a government effort.”
The Stuxnet malware was discovered in July of this year, and according to F-Secure, its “kill date” is June 24, 2012.