* Iran has shared no details of alleged new cyber attack
* Experts doubt whether “Stars” is a new Stuxnet
By Peter Apps and Georgina Prodhan
LONDON, May 5 (Reuters) - More than a week after Iran said it had been the victim of another cyber attack by its enemies, foreign computer experts say they have seen no evidence, and some doubt its existence.
On April 25, the commander of Iran’s civil defence agency, Gholamreza Jalali, told the semi-official Mehr news agency that experts were probing a virus they called “Stars”, but gave no details of its apparent target or intended impact.
Last year, Iran said computers at its first nuclear plant had been infected with the Stuxnet computer worm, widely believed to have been designed by a foreign intelligence agency to attack its nuclear program.
Stuxnet — believed to work by corrupting the plant’s industrial processes to cause physical damage — spread around the world, allowing computer experts to analyse it and close programming holes to halt its spread.
In contrast, no one at any of the range of anti-virus firms, technology consultancies and think tanks contacted by Reuters had any further details of “Stars”.
“Until the Iranians provide some more information or someone else can verify the nature of this apparent new threat, I think I need to remain sceptical,” said John Bassett, associate fellow at Britain’s Royal United Services Institute and former senior official at Britain’s signals intelligence agency GCHQ.
“We can’t exclude the possibility of exaggeration or even invention in such claims for domestic political purposes, particularly given the current unrest across the region.”
Iran — which crushed widespread protests after disputed elections in 2009 — has proved largely immune to the wave of dissent pressuring governments across the Middle East this year.
Iranian leaders have praised uprisings in the Arab world as “the Islamic awakening”, saying that they have been inspired by the 1979 Islamic Revolution that toppled its U.S.-backed shah.
But some foreign analysts suspect Iran and potentially in Syria might step up anti-Western and anti-Israeli rhetoric to distract from problems at home and entrench their positions.
Iranian officials declined to provide further updated comment on the “stars” attack. RUSI’s Bassett said that if it was genuine, Tehran should swiftly share details to stop it spreading globally and potentially inflicting more damage.
Experts said it was possible Iran was overreacting to a conventional computer virus or piece of malware. But it was also possible Iran had simply chosen not to share information.
“If it is real or a hoax is impossible to tell,” said Toralv Dirro, security strategist at the anti-virus firm McAfee. “There’s a possibility that they are working with some anti-virus company under a non-disclosure agreement for analysis/remediation, something that is not uncommon.”
Even if “stars” was a genuine foreign attack, it might be designed to extract information rather than do physical damage.
“It sounds more like cyber espionage than cyber sabotage,” said Mikko Hypponen, chief research officer at security firm F-Secure. “Cyber espionage happens all the time. Cyber sabotage doesn’t.”
Gauging the success of the original Stuxnet attack is still far from easy. Iran said at the time it had neutralised the worm before it do any damage, but foreign experts say it probably slowed Tehran’s pursuit of a nuclear weapon.
No country has claimed responsibility, although in Febuary, Israeli Deputy Prime Minister Dan Meridor said cyber warfare offered advanced nations an alternative to “ugly war”. In an age of rolling television news, he said traditional military strikes now had a much higher political cost.
Since Stuxnet was unleashed, there has been much less talk of a possible Israeli or U.S. strike on Iranian nuclear facilities, where Western powers believe it is working to develop a nuclear weapon, something Iran vehemently denies.
Many states are believed to be working on ever-more sophisticated cyber attack capabilities, but the time and effort required to design a weapon for a single target is considerable.
One veteran former government official described it as akin to “handcrafting nuclear weapons” that could become obsolete in a matter of months if left unused, while others say cyber defences are also becoming increasingly effective.
“Stuxnet is something that will work brilliantly the first time, less well the second time (and) hardly at all the third,” said Richard Aldrich, professor of international relations at the University of Warwick and a historian of GCHQ. “Maybe Stuxnet and similar forms of attack have already had their day.” (additional reporting by William Maclean and Dan Williams in Jerusalem)