Stuxnet infected Chevron, achieved its objectives

Chevron was infected by Stuxnet almost immediately after it spread into the wild, but the nature of the malware meant that it identified its systems as the wrong target and caused no damage.
Written by Michael Lee, Contributor

The malware responsible for disrupting Iran's nuclear facilities also infected the network of energy giant Chevron during its spread.

Stuxnet, which is alleged to be part of a US-led operation to stop Iran from becoming nuclear weapons-capable, infiltrated nuclear enrichment facilities in Natanz, Iran, in 2010 and successfully modified its industrial grade equipment to malfunction. Stuxnet's payload was specific to the systems in place in Iran, but its spreading mechanism was not as picky. As a result, the malware managed to escape from the facility and spread far beyond its initial target.

Stuxnet only delivers its payload if the industrial equipment is one of two Siemens Programmable Logic Controllers (PLCs) and a specific network card is used. Nevertheless, this had lead some researchers to speculate on the effects that Stuxnet may have on other targets with similar industrial equipment in place. Until now, no companies fitting the description had reported being infected.

However, Mark Koelmel, Chevron's general manager of its earth sciences department, has now told The Wall Street Journal that its network had been infected shortly after Stuxnet's discovery in July 2010.

Although the energy giant had been infected, Stuxnet's achieved its aim of identifying it as an innocent target and withheld its payload. As a result, it caused no damage to Chevron's systems and the company was able to remove it.

"Two years ago, our security systems identified the Stuxnet virus. We immediately addressed the issue without incident," Chevron told ZDNet's sister-site CNET.

Although Chevron wasn't adversely affected by Stuxnet's payload, the identification and removal of the malware does require action by all that are infected. This cost, while small, is significant when the total number of infected businesses is considered — an oversight that Koelmel criticised the US government for.

"I don't think the US government even realised how far it had spread," he said. "I think the downside of what they did is going to be far worse than what they actually accomplished."

This includes several subsequent iterations or modified copy-cats of Stuxnet, such as Duqu, Flame, and Gauss. Kaspersky believes that some of them may have been created by the original authors of Stuxnet.

Editorial standards