The US and Israel made the Stuxnet virus as a new kind of weapon targeted against Iran, a media investigation revealed. The operation reportedly started in the Bush era, but was intensified by Obama administration.
The top-secret massive sabotage targeting Iran’s Natanz uranium enrichment facility was arguably the first episode of a new age of warfare, similar to the first use of nuclear weapons or the first military drone attack, according to an investigation by the New York Times.
The newspaper interviewed current and former American, European and Israeli officials involved in the clandestine program called Olympic Games. None of them agreed to have his name mentioned due to the highly sensitive nature of the operation.
The US and Israeli authorship of the Stuxnet virus, which caused damage to Iranian uranium enrichment effort by destroying hundreds of centrifuges at the Natanz facility, was long hinted at by the media. The virus is estimated to have pushed back the controversial nuclear program by as much as 18 months, although skeptical assessments say the impact may have been lower.
The Olympic Games operation dates back to 2006, the NYT reports. The Bush administration at the time had its credibility at a low, after being to have falsely accused Saddam Hussein of having weapons of mass destruction. This limited the amount of international pressure Washington could put on Tehran.
At the same time Iran’s renewed enrichment of uranium made Israel extremely nervous, because it suspected the Islamic Republic would build up a stockpile of enough nuclear fuel to enrich it further to a weapons-grade level later. If Iran’s enrichment program remained unhindered, Israel would be prompted to launch a pre-emptive military attack on it and trigger a major regional war, Washington believed, as several US officials told the newspaper.
Launching a secret cyber attack on Iran and making Israelis part of the operation both bought more time for sanctions and gave Israel’s hawks a tangible alternative to trying to bomb the Natanz plant.
The report names General James E. Cartwright, who had established a small cyber operation unit inside the United States Strategic Command, as the father of Olympic Games operation. George W. Bush was skeptical over the risky and radical proposal, but nevertheless approved it.
The virus that was programmed by American and Israeli cyber weapons experts especially for the operation was more sophisticated than anything the world had seen before. Also, unlike the overwhelming majority of malware, which can only damage computer performance or steal information, the new virus could cause actual damage to machinery. The code infecting control computers at Natanz was designed to abruptly speed up or slow down the fast-spinning centrifuges, tearing them apart.
Before attacking the Iranian facilities, the people in charge of the operation reportedly tested it at several of the Energy Department’s secret national laboratories. They built a replica of the Natanz site with centrifuges similar to those used by Iran. The US obtained them from Libyan leader Muammar Gaddafi after he abandoned his own nuclear program in 2003.
With proof of the potential power of the new cyber weapon at hand, the Olympic Games went into the next phase in 2008. Through agents and unsuspicious accomplices the virus was downloaded into Natanz computers and spread across the facility. It then began to occasionally destroy centrifuges, giving the impression of a series of unrelated malfunctions plaguing the enrichment site.
According to the report, Iranians facing centrifuge malfunctions were convinced that their problems were with faulty parts (which the US was actually working hard to supply to them with), incompetence or human sabotage. Some specialists were actually fired over the disruptions.
The effect Olympic Games had on the plant was also confirmed by video taken by the International Atomic Energy Agency cameras, which had been put in place to monitor Iranian activities at Natanz between inspections.
The game changed in 2010, when the virus infected a laptop of one of the engineers and later escaped into the internet, quickly spreading “in the wild”. This contingency was not expected, as the malware was supposed to infect only computers at Natanz.
The Americans blamed Israeli programmers’ contributions to the code, claiming they “went too far”, as US Vice President Joe Biden reportedly commented at a secret meeting after the news broke. It was then just a matter of time before the virus would be detected by cyber security experts, its code dissected and analyzed.
Still, President Obama ordered the operation to continue, the NYT was told. Within a week from that moment, a newer version of the virus brought down just under 1,000 Iranian centrifuges.
The report says American cyber attacks are not limited to Iran, but the focus was overwhelmingly on Tehran’s nuclear program. Obama reportedly was hesitant to expand the use of the new brand of weapon. In fact, the US is arguably the one country in the world most vulnerable to cyber attacks on its infrastructure. Pioneering such operations would give other countries and power groups a justification to target America.
It is not clear whether the US has anything to do with the recently-discovered Flame virus. The malware is a sophisticated cyber weapon, which is believed to be part of a major spy operation in the Middle East, including Iran and Israel. Cyber security experts say a government-level effort must be behind Flame.