Jacob Aron reports for New Scientist:
In 2010, Iran's nuclear facilities were infiltrated by Stuxnet, the centrifuge-wrecking malware allegedly cooked up by the US government. Now they seem to have been hit again by a bizarre attack forcing nuclear plant workstations to pump the song "Thunderstruck" by heavy metal band AC/DC through the speakers at full volume.
News of the attack comes from Mikko Hypponen, chief research officer at Finnish computer security firm F-Secure, who says he recently received a series of emails from a scientist working at the Atomic Energy Organization of Iran (AEOI):
"I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom."
The Iranian scientist goes on to say that they believe the attackers used Metasploit, a common hacking tool which provides a variety of ways to penetrate supposedly secure networks. "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out," says the scientist. "I believe it was playing 'Thunderstruck' by AC/DC."
While the US military has used heavy metal music as a weapon in the past it seems unlikely that a Stuxnet-like stealth attack would announce its presence with a few blasting power chords, suggesting the hit is more likely the work of a thrill-seeking hacker. Hypponen says he has been unable to verify any details of the attack, but has confirmed that the emails were sent and received from within the AEOI.EA WorldView: EA Iran