•    HOME   
•    NEWS   
•    BUSINESS   
•    INTERNATIONAL   
•    TECH   
•    SPORTS   
•    LIFE & TIMES   
•    OPINION   
•    MY JAKARTA   
•    BLOGS   
•    EYEWITNESS   

Security experts have long theorized that hackers would one day develop viruses that target industrial control systems to steal sensitive data or sabotage major infrastructure facilities. Now the existence of such a virus has been confirmed, and it is reportedly widespread in Indonesia.

PT Siemens Indonesia and its domestic clients, including state utility PT Perusahaan Listrik Negara, are trying to determine whether they have been struck by the virus, which was designed to attack Siemens’s industrial control systems, which in Indonesia are used in the industrial and energy sectors, including for the power grid.

Citing antivirus software developer Symantec, technology Web site CNET.com reported that Indonesia ranked behind only India in the number of attempted infections worldwide, and that critical infrastructure in India and Iran had been affected.

Microsoft said on its Web site that Indonesia ranked second behind the United States in the number of reported attempted infections.

Siemens said the malware was a Trojan worm dubbed Stuxnet that spread via USB thumb drives, exploiting a yet-to-be-patched vulnerability in Microsoft’s Windows operating systems.

“Just viewing the contents of the USB stick can activate the Trojan,” said Alexander Machowetz, a spokesman for Siemens corporate headquarters. “Siemens recommends avoiding the use of a USB stick.”

Siemens first learned of the problem on July 14.

Stuxnet is among the first viruses to surface that attacks software programs that run supervisory control and data acquisition systems.

Such Scada systems are used to monitor automated plants — from food and chemical facilities to power generators.

Once the worm infected a Siemens system, it quickly set up communications with a remote server that could be used to steal data or take control of the system, said Randy Abrams, a researcher with private security firm ESET.

Siemens said it had so far only identified one client whose Scada systems were infected by the virus, a customer in Germany that was not identified by name.

Julieta Glasmacher, head of corporate communications for Siemens Indonesia, said there were no reports of infections here, but Siemens technicians were in the field assessing the problem.

While Siemens declined to release information about its Indonesian clients, the company’s Web site said it supplied Scada systems to manage power grids at the Java-Bali control center, Medan regional control center, Jakarta distribution control center and the Ungaran regional control center.

Glasmacher confirmed two sectors — energy and industrial — used Scada systems, although only PLN used it in the energy sector.

“Looking at what happened with one of Siemens’ customers in Germany, this has the potential to be a serious issue in Indonesia, but we’re still unable to determine whether it is, as we’re still gathering info about it and whether any of our clients have fallen victim or not,” she said.

Affandi, communications manager at PLN’s Java-Bali control center in Gandul, West Java, told the Jakarta Globe the control center’s Scada system had not experienced any problems.