Experts and U.S. officials are warning that a computer virus that may have originally targeted Iran's nuclear facilities has spread around the world, and has the potential to cause disruptions across a number of industries.
The Stuxnet worm, as the virus is known, is able to take control of computer systems in manufacturing processes. It can also quietly steal intellectual property, according to experts.
Sean McGurk, the acting director of U.S. cybersecurity operations centre, said Stuxnet can enter a computer system, "steal the formula for the product you are manufacturing, alter the ingredients being mixed in your product and indicate to the operator and your antivirus software that everything is functioning as expected."
The virus operates by honing in on businesses that use Windows operating systems as well as a Siemens AG control system. Those two ingredients are present in a number of key industrial processes, such as assembling automobiles and mixing chemicals, Mcgurk said.
Dean Turner, director of the Global Intelligence Network at security firm Symantec Corp., told a U.S. Senate committee that the "real-world implications of Stuxnet are beyond any threat we have seen in the past."
By the end of last week, the malicious worm had infected some 44,000 computers across the globe, Turner said. Of those, 1,600 were in the United States. Sixty per cent of the infections took place in Iran, and several employees' laptops at the Bushehr nuclear plant were infected there.
"It's pretty much spread around the world right now. But it's only attacking control systems in these particular types of plants," said Richard Stiennon, the author of "Surviving Cyberwar."
Now that the virus is in the public domain, he said regular hackers could begin to tinker with it, producing a more dangerous incarnation of Stuxnet.
"Worst case scenaraio is we have a new generation of worms and viruses to worry about that penetrate manufacturing and control systems, and start shutting down manufacturing plants -- which would be very, very expensive," he told Â鶹´«Ã½ Channel.
The Iranian government has said it believes Stuxnet represents a Western plot to interfere with its nuclear program. However, experts say they have seen little evidence that Iranian nuclear facilities have been seriously damaged.
Now that Stuxnet has spread to countries including the U.S., Michael Assante, president and CEO of the National Board of Information Security Examiners, recommended that industrial control systems be isolated from other computer networks to make it harder for hackers to breach them.
"We can no longer ignore known system weaknesses and simply accept current system limitations," Assante told U.S. lawmakers. "We must admit that our current security strategies are too disjointed and are often, in unintended ways, working against our efforts to address" cybersecurity problems.
Sen. Joe Lieberman, who chaired the panel overseeing Thursday's hearing, said Congress would make it a priority to create legislation to help protect critical infrastructure from the new brand of computer threat.
Stuxnet is believed to have taken two years and several million dollars to create, according to Liam O Murchu, a researcher with security firm Symantec.
Because there was no apparent financial incentive to create the virus, Stiennon said that a national government is the most likely culprit rather than an organized criminal group.
"Right now the top three suspects are Russia, the U.S. and Israel," he said, because they would be motivated to disrupt Iran's nuclear program.
With files from The Associated Press
