Worm 'a weapon for angry employees'

Steve Martin of Symantec says physical security is important. Photo / Supplied

A computer virus that caused havoc in Iranian critical infrastructure systems this year could become a weapon for disgruntled employees, says an Australian IT security expert.

Steve Martin, a Sydney representative of internet security firm Symantec, said the Stuxnet worm could be obtained by workers with a grudge and used to attack their employers' facilities.

Stuxnet was identified in June and targets supervisory control and data acquisition (Scada) systems made by Siemens, which are typically used to run power plants, dams, oil refineries and manufacturing sites.

"I would be highly confident that governments and criminals around the world have got that [Stuxnet] code and are reverse engineering it to understand how it works to see how they might be able to use it for their advantage," he said.

Until now the Stuxnet virus has predominantly affected Iran. Speculation has been rife that it was created by either the Israeli Defence Force or United States Government to target facilities used in Iran's nuclear programme.

Barry Brailey, of the Centre for Critical Infrastructure Protection, which is run by the New Zealand Government, said viruses targeting Scada systems were a threat to this country. It was possible, but unlikely, that such viruses could find their way into the hands of discontented workers, he said.

"The insider threat is widely accepted."

As Scada systems were not normally connected to the internet, Martin said, the Stuxnet virus must enter them through an infected USB stick. Companies needed to put strict physical security in place to limit the number of employees who could gain access to such systems.

Attacks on Scada systems have already happened in this part of the world. In 2000 Queensland's Maroochy Water Services plant was breached with a laptop computer and radio transmitter.

The attack on the Queensland plant's Scada system resulted in one million litres of raw sewage being dumped, according to Symantec.

A Symantec survey released last week found 53 per cent of the critical infrastructure providers that responded had been the target of what they perceived as a politically motivated cyber attack.

Respondents to the survey, done in 15 countries but not New Zealand, said the average cost to their businesses of such an attack had been US$850,000 ($1.13 million).