US multinational energy firm Chevron has revealed that it was hit by the Stuxnet virus, widely believed to have been launched by the US and Israel to spy on and disrupt Iran's nuclear facilities.
Stuxnet was designed to target only the specific Siemens Programmable Logic Controllers (PLCs) of centrifuges and network cards, used by Iran’s nuclear enrichment facilities in Natanz.
But now Mark Koelmel, general manager of its earth sciences at Chevron, has told the Wall Street Journal that its network was infected shortly after Stuxnet's discovery in July 2010.
The news confirms speculation that Stuxnet could affect other organisations that use the same equipment as the nuclear facility in Natanz, suspected of being part of a secret weapons programme.
"I don't think the US government even realised how far [Stuxnet] had spread," said Koelmel.
"I think the downside of what they did is going to be far worse than what they actually accomplished," he added.
Chevron, however, claims that it was not adversely affected by Stuxnet because the company makes “every effort” to protect its data systems from that type of cyber threat.
Chevron is the first US company to acknowledge that its systems were infected by Stuxnet, although most security experts believe the vast majority of hacking incidents go unreported.
The fact that Chevron’s systems were infected, means that every industrial company around the world that uses similar equipment is at risk of being infected.
In October 2010, Stuxnet was reported to have infected millions of computers in China, but authorities downplayed the threat, saying it had not caused any severe damage.
According to Koelmel, companies are left to clean up the mess associated with viruses such as Stuxnet.
“We’re finding it in our systems and so are other companies,” he said.
In July 2012, Siemens finallyissued a fix for the software vulnerabilities in its PLCs that were exploited by Stuxnet.
09 Nov 2012