The story of the Stuxnet attack is still one of the most intriguing case of modern information warfare. The virus was developed by the US and Israel to interfere with the nuclear enrichment program conducted by Iran in the plant of Natanz.
The unanswered question is, how did the U.S. and Israel get Stuxnet onto the highly secured Natanz plant?
For years, experts speculated the involvement of a spy that infiltrated the Iranian plant and installed the malware. Now,
The Dutch intelligence agency AIVD received critical data on the plant by an Iranian engineer that it recruited. That mole physically spread the malware inside the plant using a USB flash drive.
“An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S.
In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems.
The development of the deadly cyber weapon started under the administration of George Bush Junior as part of a military operation named “Olympic Games”, but the Obama administration has been pushing a more energetic on the
The Olympic Games operation was carried out by a joint U
Germany provided technical specifications and knowledge about the ICS systems manufactured by Siemens that were controlling the centrifuges at the Natanz Iranian plant. France only provided support to intelligence.
“But the Dutch were in a unique position to perform a different role — delivering key intelligence about Iran’s activities to procure equipment from Europe for its illicit nuclear program, as well as information about the centrifuges themselves.” continue the journalists. “This is because the centrifuges at Natanz were based on designs stolen from a Dutch company in the 1970s by Pakistani scientist Abdul Qadeer Khan. Khan stole the designs to build Pakistan’s nuclear program, then proceeded to market them to other countries, including Iran and Libya.”
In 1996, Iran secretly purchased a set of blueprints and centrifuge components from Pakistani scientist Abdul Qadeer Khan
The AIVD, along with U.S. and British intelligence, infiltrated Khan’s supply network of European consultants and front companies who helped build the nuclear programs in Iran and Libya. The spies used both conventional and cyber capabilit
In 2003, British and U.S.
In 2004, Mossad and the CIA asked for help from AIVD. The U.S.seized the components from the ship and those already in Libya and sent them to the Oak Ridge National Lab in Tennessee and to a facility in Israel where scientists assembled the centrifuges and devised methods to hack them.
The Dutch, with an insider in Iran, established a dummy company with employees, customers, and records showing a history of activity.
In 2006, the researchers conducted a sabotage test with centrifuges, and President George Bush authorized the operation.
By May 2007, Iran had 1,700 centrifuges installed at Natanz, while the Dutch mole was inside Natanz in the summer of the same year.
A first company established by the mole had failed to access to Natanz, but fortunately, the second one with the support of
The mole visited Natanz a few times to collect configuration information about the systems in the plant.
“[He] had to get … in several times in order to collect essential information [that could be used to] update the virus accordingly,” one of the sources told Yahoo News.
Symantec researchers discovered that the Stuxnet code was updated over time, in May 2006 and in February 2007, when the Iran’s government began installing the centrifuges at Natanz. The final updates were made
The code was designed to close exit valves on random numbers of centrifuges so that gas would go into them but couldn’t get out. This was intended to raise the pressure inside the centrifuges and cause damage over time and also waste gas.
The mole installed the code by inserting a USB into the control systems or he infected the system of one of the engineers that unwittingly delivered Stuxnet when he programmed the control systems using a USB stick.
Once the systems were infected, the
This new version of Stuxnet was dropped into Natanz by infecting
“It’s amazing that we’re still getting insights into the development process of Stuxnet [10 years after its discovery],” said Liam O’Murchu, director of development for the Security Technology and Response division at Symantec. O’Murchu was one of three researchers at the company who reversed the code after it was discovered. “It’s interesting to see that they had the same strategy for [the first version of Stuxnet] but that it was a more manual process. … They needed to have someone on the ground whose life was at risk when they were pulling off this operation.”
Researchers pointed out that the spreading mechanisms implemented in the latest version caused Stuxnet to spread wildly out of control. The malware first infected the customers of the five contractors, then thousands of other machines around the world. This is the root cause of the discovery of Stuxnet in June 2010.
Months after the discovery of the cyber weapon, Iranian authorities arrested and possibly executed several workers at Natanz plant, but it is not clear if one of them was the Dutch mole.
(Security Affairs – Stuxnet, ICS)