DUBAI, United Arab Emirates -- Fires at Iranian petrochemical plants and facilities have raised suspicions about hacking potentially playing a role, with authorities saying that "viruses had contaminated" equipment at several of the affected complexes.
Iran officially insists the six known blazes over the span of three months weren't the result of a cyberattack. However, the government's acknowledgment of the protected facilities being infected points to the possibility of a concerted effort to target Iranian infrastructure in the years after the Stuxnet virus disrupted thousands of centrifuges at a uranium enrichment facility.
Among the worst of the fires was a dayslong inferno in July at the Bou Ali Sina Petrochemical Complex in Iran's southwestern province of Khuzestan. Insurance officials later estimated the damage at some $67 million. Authorities blamed the blaze on a leak of paraxylene, a flammable hydrocarbon, without elaborating.
Other recent blazes include a July 29 fire at a storage tank at the Bistoon Petrochemical Complex in Iran's western province of Kermanshah that authorities blamed on an electrical fault; an Aug. 6 gas pipeline explosion in the port city of Genaveh that killed one person and injured three; an Aug. 7 fire at a storage area of the Bandar Imam Khomeini Petrochemical Complex that burned for two days; an Aug. 30 inferno in a sewage unit at Iran's South Pars gas field; and a Sept. 14 gas leak and fire at the Mobin Petrochemical Factory that services the South Pars gas field that injured four workers.
Initially, Brig. Gen. Gholam Reza Jalali, who heads an Iranian military unit in charge of combating cybersabotage, dismissed any notion that the fires could have been caused by hacking. Iran's aging oil pipelines and plants, hit hard by years of Western sanctions, have seen a rapid push to increase production this year to take advantage of the nuclear deal with world powers. Iran also faces occasional separatist attacks on its pipelines.
But on Aug. 27, Jalali acknowledged Iran's petrochemical industry had been the target of cyberattacks. He put the blame on imported and installed components at the facilities.
"The viruses had contaminated petrochemical complexes," he said, according to a report by the state-run IRNA news agency. "Irregular commands by a virus may cause danger."
But despite the infections, Jalali said cyberattacks had no hand in the fires and explosions. He also said "defensive measures are underway," without elaborating.
Beyond Jalali's vague comments, what actually infected the plants remains unclear.
It's unknown if Iran, which has boosted its own cyberwarfare and defense capabilities in recent years, has sought outside assistance in its investigation. The Russian antivirus firm Kaspersky Lab, whose analysts were among the first to investigate Stuxnet, said it wasn't involved in investigating this outbreak and declined to comment.
However, Jalali's comments that the viruses spread through imported parts suggests a concerted effort by a foreign power. Iran likely relied on black-market parts while the country faced international sanctions, said Robin Mills, a Dubai-based oil industry analyst and CEO of Qamar Energy.
"Maybe they couldn't always get the high-quality parts coming from countries who are sanctioning it and had to get second-hand parts or parts not of the right specifications and put these pieces together without a lot of international expertise," Mill said. "In that case, of course, accidents can happen."
But the number of fires in a row has raised suspicions of Iran being targeted.
Such an attack "requires a lot of resources" that individual hackers would not have, said Idan Udi Edry, a former Israeli air force captain who now is the CEO of Nation-E, a cybersecurity firm specializing in protecting industrial systems.
Asked if the Iranian blazes were the result of hacking, Edry said he was "100-percent" sure, based on his own company's experience and surveillance.
"No company, organization or nation in the world would like to admit they've been hacked," he said. "This specific attack was exact the same one [like Stuxnet], only on a different critical infrastructure area."
However, Ralph Langner, another industry expert who studied the Stuxnet virus, said it seemed "unlikely" the fires were caused by cyberattacks, though his firm hasn't investigated.
Stuxnet, widely believed to be a U.S. and Israeli creation, infected thousands of centrifuges at the Natanz uranium enrichment plant at the height of Western fears over Iran's nuclear program. The virus targeted the machines through the industrial control systems that set their speeds, causing them to spin out of control and destroy themselves.
Such control devices, used for years in fields ranging from utility companies to the oil industry, are especially susceptible to hackers.
That's because they weren't initially envisioned to be connected to the Internet and that most security attention focuses on consumer products such as email and laptops.
The Iranian oil industry is believed to be "air-gapped" -- or not connected directly to the Internet.
"Cyberattacks are no longer how to steal information," Edry said. "These are attacks that are meant to shut down a country."
Information for this article was contributed by Malak Harb of The Associated Press.
A Section on 09/23/2016