China and India tensions likeliest Stuxnet culprit

A cyber security expert familiar with the matter has told us Stuxnet likely originated from ongoing tensions between India and China.

The W32/Stuxnet-B worm, which has caused major problems in Iran and found on Siemens SCADA systems, is spread via USB sticks, networked file-sharing PCs or CDs. It takes advantage of a flaw in Windows Shell to attack the PCs running Siemens’ WinCC software.

Viewing the contents of the USB stick triggers the worm, which has mainly been used to steal information rather than damage systems themselves.

As it had impacted the Bushehr nuclear power plant in Iran, it was thought Iran could have been the intended target. Israel had emerged as the prime suspect.

Security experts familiar with government security have told TechEye that a very likely source is China, which could have developed the worm in a bid to breach its neighbour, India’s, systems.

Along with Indonesia and Iran, India has had the most number of infections from Stuxnet. India and Iran had about 60,000 and 13,000 Stuxnet infections respectively until late September. Indonesia was at the third position with over 6,000 infections

“It’s no secret that India sees China as a threat and of course China isn’t a stranger when it comes to cyber threats. One reason why we think China could be behind the attack is because India had the highest number of infections from Stuxnet while Iran and Indonesia had less,” a security expert told us.  

“It is known the two countries are at a cyber war with each other and the fact that India was hit the most suggests China could have been behind this.”

India has plenty of cybersecurity staff working on “defence”. India is of course not green about possible cyber attacks. In August the country began to round up software professionals for the sole purpose of intelligence gathering and defence against attack from both friendly and hostile nations. 

Our source also told us the attack could have been a misfire from the US or Israel.

“It’s possible that India happened to get caught in the crossfire,” he said.

He also pointed out that only PCs using a specific Siemen’s software were infected, which are used by many Indian government agencies.