The Mystery of a Scary Computer Superworm's Hidden Messages
Last week, the whole world freaked out over Stuxnet, the super-sophisticated computer worm possibly cooked up as an act of cyberwar against Iran. Now, security researchers are finding clues embedded in Stuxnet's codes that point to... something?
Stuxnet was programmed to attack a class of Siemans computers used in industrial settings—including in nuclear facilities. Last week, Iran's official news agency confirmed the government was battling a Stuxnet epidemic, which prompted researchers all over the world to pick the worm apart. They discovered Stuxnet was found overwhelmingly in Iranian computers, which points to a deliberate act of cyberwar.
No one knows who's behind Stuxnet, but its sophistication suggests government involvement. And Israel, with its strong cyberwar capabilities and obvious interest in stopping Iran's nuclear program, is a prime suspect. A couple of clues found by researchers in the Stuxnet code may back this up, as detailed in Wired:
- First, researchers studying the worm have found evidence that the worm was named "Myrtus" (Latin for myrtle), which scholars say might be an allusion to the Old Testament's Book of Esther. The book "tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively," according to the Times.
Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and [the Book of Esther], noting that Queen Esther's original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, "someone was making a learned cross-linguistic wordplay.
- Researchers also found the value "19790509" included in a line which determines when the worm should stop infecting a target. Wired says this may refer to the date May 9, 1979, which "marks the day Habib Elghanian, a Persian Jew, was executed in Tehran and prompted a mass exodus of Jews from that Islamic country."
- Finally, there's the value 0xDEADF007 tucked into the end of the code. Jonathan Last says it is "presumably a dark joke about 'deadf*ckers' and the James Bond call-sign '007.'" Researchers at Symantec think it might stand for "Dead Foot, a term referring to an airplane engine failure," according to Wired. Either way, it suggests this computer worm was meant to make something blow up in the real world. Maybe an Iranian uranium enrichment plant?
Of course, hackers are notoriously duplicitous and all of these "clues" could easily be red herrings to throw code detectives off the scent. (The U.S., after all, has the same capabilities and motivations as Israel when it comes to Iran.) We'll likely never know who was behind Stuxnet—a fact that's creepier than any hidden message.