Dirty deedsDirty deeds

Iran ‘Thunderstruck’ by AC/DC computer virus

Finnish cyber-security expert says Iranian nuclear scientist emailed him to report heavy metal song blasted in the middle of the night at Natanz and Fordo

The metal rock group, AC/DC, for their Highway to Hell album (photo credit: screen capture, YouTube)
The metal rock group, AC/DC, for their Highway to Hell album (photo credit: screen capture, YouTube)

A cyberspace security expert says he received a series of emails from an Iranian nuclear scientist complaining that computers at two plants bizarrely began playing a heavy metal anthem over the weekend.

The attack caused computers at the Natanz and Fordo nuclear plants to blast the metal anthem “Thunderstruck” by arena rock gods AC/DC at full volume in the middle of the night, the emails said. It also reportedly shut down “part of the automation network,” said Mikko Hypponen, a Finnish computer security expert who has advised governments on cyber-security.

Hypponen, the chief research officer at F-Secure, a well-regarded Finnish computer security firm, announced in his blog Wednesday that he had received the emails from a scientist at the Atomic Energy Organization of Iran.

Mikko Hypponen (photo credit: CC-BY-SA Vera de Kok, Wikimedia Commons)
Mikko Hypponen (photo credit: CC-BY-SA Vera de Kok, Wikimedia Commons)

One of the emails stated: “I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.”

It continued: “According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.”

The email concluded: “There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.”

Hypponen wrote that he didn’t know quite what to make of the emails, but that he had established they came from inside the Atomic Energy Organization of Iran. “I’m not sure what to think about this. We can’t confirm any of the details. However, we can confirm that the researcher was sending and receiving emails from within the AEOI.”

Unlike centrifuge-wrecking malware like the Flame and Stuxnet, the “Thunderstruck” attack was provoking more amusement than serious comment in the Twitter-sphere Wednesday, with people commenting on the sheer absurdity of the incident.

Still, using heavy metal as a confrontational tactic is not entirely new.

In 2010, US special forces in Afghanistan blasted Metallica and Thin Lizzy, AFP reported, when fighting the Taliban in Marjah. The approach included blasting a playlist that continued for hours on powerful speakers in an effort to subdue the Taliban, who hated the music.

The US military blared rock music outside the Vatican mission in Panama City, where the deposed dictator, General Manuel Noriega, had taken refuge to help force his surrender in 1990.

Coincidentally on Wednesday, the head of Iran’s Information Technology and Communications Organization, Ali Hakim Javadi, urged the United Nations to condemn organized cyber attacks.

He indicated that “high-cost viruses,” like Stuxnet and Flame, for example, were not made “by a single individual,” and that international bodies must confront them together, the state-run IRNA news service reported Wednesday.

Israel and the United States were fingered for the Stuxnet and Flame viruses, though they have never admitted culpability.

Flame was touted as “the most sophisticated cyber virus ever” when it hit systems in Iran and across the Middle East in May. It was said to be 20 times as powerful as Stuxnet, which, in 2010, caused some Iranian nuclear centrifuges to fail.

Most Popular
read more: