It’s the dead of the night, you’re the last person in the high-tech computer lab frantically working on that bit of code that will bring about world peace, resurrect unicorns and cure all terminal illnesses with single click when suddenly every computer around you blasts the same tune, AAAAhaaaAAAAhaaaAA…Thunder! No, this is not the opening of an epic short story, it’s just another night at Iran’s Atomic Energy Organization.

That’s what an unnamed Iranian nuclear scientist recently told Mikko Hypponen, lead researcher at the Finnish computer security firm F-Secure, in an email. It was one of series of emails that Hypponen received over the weekend regarding the heavy metal digital attack.

I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.

Who knew that hackers had a sense of humour, or a taste for classic rock? Jokes aside though, it’s actually quite serious when you consider that the hackers infiltrated an apparently secure Nuclear Facility. It also wasn’t the first cyber attack in recent months.

Just last month, Hypponen wrote in Wired how he had been notified by Iranian scientists that they believed their computer systems had been compromised by Flame, a cyberweapon jointly developed by Israel and the U.S.

The U.S.-Israeli collaboration was intended to slow Iran’s nuclear program, reduce the pressure for a conventional military attack and extend the timetable for diplomacy and sanctions.

However, as indicated in the email above, it is believed that another program, Metasploit, was responsible for the latest attack. Unlike other, similar cyberweapons, Metasploit is open source and significantly cheaper to develop, which is not good news if it gets into the hands of someone who has bigger plans than spreading AC/DC’s legacy.

Until then though, rock on anonymous headbanging hacker, spread your message of music played on actual instruments by real musicians.

[Source: F-Secure, Washington Post]