John Markoff: Growing fears of cyberwar exposed by 'smoking gun'

The malware was so skilfully designed that computer security specialists who have examined it are almost certain it was created by a government and is a prime example of clandestine cyberwarfare. While there have been suspicions of other government uses of computer worms and viruses in cyberwarfare, Stuxnet is the first to go after industrial systems.

If Stuxnet is the latest example of what a government organisation can do, it contains some glaring shortcomings. The program splattered on thousands of computer systems around the world and much of its impact has been on those systems, rather than on what appears to have been its intended target, Iranian equipment. Computer security specialists are also puzzled by why it was created to spread so widely.

Global alarm over the computer worm has come months after the program is suspected of entering an Iranian nuclear enrichment plant. Computer security specialists have speculated that, once inside the factory and software that controls equipment, the worm reprogrammed centrifuges made by a specific company, Siemens, to fail in a way that would be virtually undetectable. Whether the program achieved its goal is not known.

A time stamp found in the Stuxnet program says it was created in January, suggesting any digital attack took place long before it was identified.

Siemens has said the worm was found in only 15 plants around the world using its equipment and no factory's operations were affected. But now the malware is not only detectable, it is continuing to spread through computer systems around the world.

It is also raising the spectre of dangerous proliferation. Stuxnet has laid bare significant vulnerabilities in industrial control systems.

The program is not only being examined for clues by the world's computer security companies, but also by intelligence agencies and countless underground hackers.

"Proliferation is a real problem, and no country is prepared to deal with it," said Melissa Hathaway, a former US national cybersecurity co-ordinator. The attack techniques revealed by the software has set off alarms among the community of industrial control specialists, she said.

"All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it."

One of the pieces of the Stuxnet puzzle is why its creators let the software spread widely, giving up many of its secrets in the process.

One possibility is they simply did not care.Their government may have been so anxious to stop Iran's nuclear work that the urgency of the attack trumped the tradecraft techniques that do not leave fingerprints.

It is likely there have been many other attacks of similar sophistication by intelligence agencies from many countries in the past.

Security specialists contrast Stuxnet to an intrusion discovered in the Greek mobile phone network in 2005. It also displayed a level of skill only the intelligence agency of some foreign power would have.

A two-year investigation by the Greek government found as sophisticated Trojan horse hidden by someone who was able to modify and then insert 29 secret programs into each of four telephone switching computers.

An even more remarkable set of events surrounded the 2007 Israeli Air Force attack on what was suspected of being a Syrian nuclear reactor under construction.

Accounts initially indicated sophisticated jamming technology was used to blind the radar so Israeli aircraft went unnoticed. Last December, however, a report in a US technical publication, IEEE Spectrum, cited a European industry source raising the theory Israel used a built-in kill switch to shut down the radar.

But if the attack was based on a worm or a virus, there was never a smoking gun like Stuxnet.