An internal investigation has discovered that some of the computers at the International Atomic Energy Agency (IAEA) headquarters in Vienna have been infected for months with data-stealing malware.
However, the organisation – which reports to both the UN General Assembly and Security Council – says it believes that its network was not compromised.
Reuters, which first reported on the security incident after seeing a confidential note sent to member states, quoted agency spokesman Serge Gas, who confirmed some details:
Data from a number of Vienna International Centre (VIC) visitors’ USB drives (data memory sticks) is believed to have been compromised. The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further. No data from the IAEA network has been affected
As Kevin Townsend at InfoSecurity Magazine reports, there’s something a bit odd here.
Normally, USB-aware malware has no qualms about infecting USB devices as they are inserted into infected PCs. But on this occasion, it appears that the malware was designed to harvest information from USB sticks as they were plugged into compromised computers.
In short, the intention wasn’t to spread – but to gather information.
This theory is given more credence by the acknowlegdement that the infected computers were located in the Vienna International Centre, a common area of the IAEA headquarters were staff and state officials work and meet.
Users of these shared computers might be very careful not to copy sensitive files from their USB sticks onto the PCs. But what if malware on those computers were secretly and silently harvesting any contents of plugged-in USB sticks anyway?
My hunch is that this was an attack, targeted against people who used the computers in the common area of the UN’s nuclear agency, with the intention of grabbing sensitive and confidential information.
The big questions that remain unanswered are this – who was behind the attack, and what happened to the sensitive data that the malware scooped up?
Iran getting its own back for the Stuxnet infection ???