Iran’s nuclear facilities given worm treatment

Two of Iran's nuclear plants have been struck by a computer worm - Thunderstruck to be precise.

That's if you believe an email allegedly sent by an Iranian nuclear scientist to the chief research officer of Finland IT security firm F-Secure, Mikko Hypponen, this week and published on F-Secure's blog.

Hypponen said he couldn't confirm whether the details of the email were true, but could confirm it was sent from someone within the Atomic Energy Organisation of Iran. It describes how a computer worm allegedly compromised two Iranian nuclear plants by shutting them down and making workstations play Australian rock band AC/DC's Thunderstruck song late at night, at full volume.

A suspected uranium-enrichment facility near Qom, 156 kilometres southwest of Tehran, is seen in this September 27, 2009 satellite photograph released by DigitalGlobe on September 28, 2009. Photo: Supplied

Hypponen, who recently made an appearance at the annual AusCERT security conference on the Gold Coast in Queensland to reveal what he believed was evidence to suggest governments the world over were stockpiling on computer exploits to attack other nations, said he wasn't "sure what to think" of the scientist's email. In an interview with Gawker he said he didn't buy the scientist's story.

"I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom," the email sent by the Iranian scientist to Hypponen and published on the F-Secure blog states.

"According to the email our cyber experts sent to our teams, they believe the hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert."