clock menu more-arrow no yes

Filed under:

Is Conficker part of the operation that sabotaged Iran's nuclear program?

New, 32 comments

John Bumgarner of the U.S. Cyber Consequences Unit has analyzed Stuxnet and Conficker, and he sees a connection.

Iran nuclear
Iran nuclear

As you're no doubt aware, Conficker is a Microsoft Windows worm that has been bouncing around the web-o-sphere for the last three years or so. It's incredibly prevalent, and like most malware its origins remain a mystery, although it's commonly believed that it may have been developed by a criminal organization in Eastern Europe. That said, there have been alternative hypotheses — one of the most compelling coming from John Bumgarner, CTO of a nonprofit called the U.S. Cyber Consequences Unit. Billed as "a celebrated 'uber-hacker' with 18 years of service in Special Operations and intelligence," Bumgarner claims that analysis of the worm's code reveals striking similarities with Stuxnet. As you'll recall, Stuxnet targets Siemens industrial equipment, especially the Supervisory Control And Data Acquisition (SCADA) systems that are used in, among other places, Iranian uranium enrichment facilities — which many believe to be the ultimate target of the worm in the first place. According to Bumgarner, Conficker is actually "an elaborate smoke screen around the whole world to mask the real operation, which was to deliver Stuxnet."

Of course, the next question is: who launched this operation in the first place? As Haaretz points out, it's commonly thought that Stuxnet was intended to "sabotage the uranium enrichment facility at Natanz [Iran] — where the centrifuge operational capacity has dropped over the past year by 30 percent," and it's widely believed that the US and Israel are behind the worm. But Bumgarner won't say what he thinks, except that "the matter [is] too sensitive to discuss." Which is all well and good but, as you know, once something like Stuxnet is unleashed, no one knows where it will turn up.