A senior Iranian military official involved in investigating a mysterious computer worm targeting Iranian nuclear facilities and other industrial sites said Saturday the malware could have caused large-scale accidents and loss of life.
It first emerged in September that Iran was battling a powerful computer worm known as Stuxnet, which has the ability to send centrifuges — used in nuclear fuel production — spinning out of control. Its appearance and the suspicion that Israel and the U.S. might have been involved raised the prospect of covert attempts to thwart a nuclear program that the West fears is aimed at weapons production.
Iran has acknowledged the code infected laptops belonging to employees at its first nuclear power plant, whose launch has been repeated delayed. It is also believed to have temporarily crippled Iran's uranium enrichment program last year.
On Saturday, Gholam Reza Jalali, head of a military unit in charge of combatting sabotage, said Iranian experts have determined that the United States and Israel were behind Stuxnet, which can take over the control systems of industrial sites like power plants.
Jalali said disastrous accidents and loss of life were averted by Iranian experts fighting the computer code. He gave no specific examples.
In recent months, Iranian state media have reported dozens of explosions at industrial sites, particularly oil and petrochemical facilities, that have killed at least 10 people. But there were no official explanations for the blasts.
"Enemies have attacked industrial infrastructure and undermined industrial production through cyber attacks. This was a hostile action against our country," the official IRNA news agency quoted Jalali as saying. "If it had not been confronted on time, much material damage and human loss could have been inflicted."
Jalali heads a military unit called Passive Defense that primarily deals with countering sabotage. The unit was set up on an order from Iran's Supreme Leader Ayatollah Ali Khamenei.
Jalali said Iranian experts have traced the Stuxnet virus back to the U.S. state of Texas and Israel, IRNA reported. Western experts say only a number of powerful countries could have developed Stuxnet.
Jalali also blamed the German engineering conglomerate Siemens, whose equipment and software is used at the Bushehr nuclear power plant, where technical issues have halted its planned startup.
"Siemens should explain why and how it provided the enemies with the codes of the SCADA software and paved the way for a cyber attack against us," IRNA quoted him as saying.
Iran has acknowledged Stuxnet affected a limited number of centrifuges at its main uranium enrichment facility in Natanz, central Iran, but has said its scientists discovered and neutralized the malware before it could cause serious damage.
The Natanz enrichment plant is of key concern to those nations who fear Iran is intent on weapons production because the technology can produce either fuel for power plants or material for bombs.
Iran insists its nuclear work is entirely peaceful.
Iran has confirmed that Stuxnet was found on several laptops belonging to employees at the Russian-built Bushehr power plant but has said it didn't affect the facility's control systems. Western intelligence reports have suggested that Stuxnet has infected the control systems there.
Bushehr is not a proliferation concern because of international safeguards on its spent fuel. But Iran has celebrated the plant extensively as a major technological achievement and a sign of its determination to master all aspects of nuclear technology.