As Iran pushed further, more aggressively in developing nuclear capabilities, America, Israel, and countless other nations watched with great concern. A nuclear armed Iran would prove hostile to the Middle East, and with a hawkish Israeli Prime Minister – Benjamin Netanyahu – ready to take decisive military action against Iran’s weapons development, the Obama administration was naturally worried. An Israeli strike against Iran would almost certainly plunge the Middle East into a regional conflict of chaotic proportions, killing thousands of innocent lives and infuriating millions of Muslims.
Perhaps Iran’s nuclear initiatives – specifically, their centrifuges – could be physically wiped out, destroyed, inoperable – all without a single bullet being fired. Impossible? Hardly. It happened with a combination of American and Israeli cyber ingenuity – though both countries have publicly denied involvement – that essentially decimated Iran’s nuclear dreams – at least temporarily.
A Malicious Code is Born
There’s a long, twisted, and winding road regarding who developed Stuxnet, how it was implemented, and how the world found out about it. But what’s equally important, is what it did, and what software like Stuxnet can do – and will do – in the future. Technically speaking, Stuxnet is a form of malicious code, a computer worm – uncovered in 2010 – and used against Iran’s Supervisory Control and Data Acquisition (SCADA) systems for essentially knocking out and flattening their nuclear facilities.
According to David Sanger, a leading authority on Iran’s nuclear programs, “It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives.”[i]
Says former Director of the CIA and NSA, Michael Hayden, “Someone, probably a nation-state, because it’s too hard to do from a garage or a basement, just used a weapon comprised of ones and zeros, during a time of peace, to destroy what another nation could only describe as critical infrastructure…I also say, for somebody of my background, Director of C.I.A., crashing 1,000 centrifuges at Natanz? Almost an absolute good…This is an incredibly important event in our history. Theoretically, this smells like August of 1945, and somebody has used an entirely new class of weapon to affect destruction.” Yet when pressed further to speculate on Stuxnet, Hayden noted how “I say with great sincerity, it would be irresponsible for someone of my background to even speculate who might have done this.”[ii]
But according to computer specialist Ralph Langer, a leading authority on Stuxnet, “If you think about who would have the capabilities to launch such an attack of that sophistication, completely unprecedented, well, you would certainly think about the United States, in the first place.”[iii]
Eric Chien, a security expert at the anti-virus giant Symantec found himself digging deep into the actual code of what would be called Stuxnet, said that “We had never seen a threat that was so large and so dense [in terms of malware]. I mean this threat was maybe 20-times the normal size of any threat that we had seen before.” Chien’s co-worker, Liam O’Murch concurred, “Normally, we can analyze malware in a very short period of time, from five minutes, maybe, up to a week, but with Stuxnet, we spent six months.”[iv]
If the bombing of Hiroshima and Nagasaki was the inception of the nuclear age, the attack on Iran’s nuclear facilities with Stuxnet is without question the dawn of the new cyberwar age. The dismantling of another country’s critical SCADA systems by foreign entities (in this case, America and Israel) shows just how powerful the new cyber weapon can be. The Iranians were completely blindsided. They were clueless as to what was happening. Engineers were fired. Nuclear facility personnel were interrogated for hours. They simply could not determine why their centrifuges were spinning out of control.
Embarrassed and perplexed, Iran initially denied that they were hit by Stuxnet, then they backtracked and said the malicious worm had been successfully contained. Their response? Iran began to build their own military cyber unit to “…fight our enemies”, according to Gholamreza Jalali, then head of Iran’s Passive Defense Organization.
Operation Olympic Games
Stuxnet was the cyber weapon that sent the Iranian centrifuges crashing at the Natanz nuclear facility, a highly coordinated effort between the United States and Israeli known by the code name Olympic Games. Operation Olympic games began in earnest in 2007 as a way to deter, and ultimately destroy, Iran’s uranium enrichment measures.
The United States – and many of its allies – had claimed for years that Iran was involved in clandestine nuclear operations with the goal of developing weapons grade materials. One only has to look at Iran’s record to reflect such facts.
As far back as the late 1980’s and early 1990’s, Iran began working with Pakistan and China in that both countries were training Iranian personnel in nuclear issues, with China actually agreeing to provide Iran a miniature neutron source reactor (MNSR) and two 300 MW Qinshan power reactors. Russia also announced in 1995 that it would assist the Iranian’s in building a number of reactors.[v]
In 2002, Mujahedeen Khalq, an Iranian dissident group also known as the M.E.K., obtained and ultimately shared documentation confirming a clandestine Iranian nuclear program, including a uranium enrichment plant at Natanz that was previously unknown to the United Nations. By December, 2006, satellite photographs of Natanz and Arak appear throughout multiple news outlets, prompting the United States to accuse the Iranian’s of an “across-the-board pursuit of weapons of mass destruction.[vi]
In 2004, Foreign Minister Kamal Kharrazi of Iran stated that though a preliminary agreement had been reached to suspend Iran’s production of enriched uranium immediately, he emphasized that such a suspension would be only temporary. Said Kharrazi, “We hope that the deal between Iran and Europeans can be finalized and create necessary confidence,” but added that “The talk is about continuing the suspension for a short period to build confidence.”[vii]
In July, 2005, U.S. officials summoned personnel from the International Atomic Energy Agency (IAEA) to show them data accessed from a stolen Iran computer showing efforts by the Iranians to develop a nuclear warhead. While the documents did not prove the Iran had a nuclear bomb, it did, according to U.S. experts, confirm the intentions of a clandestine nuclear operations.[viii]
In January, 2006, Iran resumed enrichment activities at Natanz following the collapse of talks with European and American officials.[ix]
In August, 2006, President Ahmadinejad formally kicked off a heavy-water production plant in Arak, approximately 120 miles southwest of Tehran, effectively giving Iran the capability to produce plutonium, the essential fuel used in nuclear weapons.[x]
In December, 2006, the United Nations Security Council unanimously approved sanctions aimed at thwarting Iran’s growing nuclear ambitions. The resolution, put forth by Germany and the Security Council’s five permanent members — the United States, Britain, France, Russia and China — effectively banned the import and export of nuclear materials and technology used in uranium enrichment, reprocessing and ballistic missiles.[xi]
The United States and Israel on the Offensive
With Iran essentially ignoring internal pleas to discontinue its nuclear proliferation ambitions, the United States – and Israel – decided to act. The depth and sophistication of Olympic Games was astounding, requiring massive resources that even included building a replica Natanz plant at American laboratories. The timeline of America’ s highly targeted cyber-attack against Iran is as follows:
- 2006: Iran resumes nuclear activities at the Natanz facility that consists of uranium enrichment, this, after talks with the international community stall. The U.S. decides to embark upon a top-secret cyber program to possibly use against Iran.
- 2007: The program, given the name “Olympic Games”, kicks into high-gear with Israel joining to help develop a new and sophisticated computer worm to use against Iran.
- 2008: With Olympic Games underway, Iran’s centrifuges begin spinning out of control and crashing. Iran’s engineers are clueless as to why, blaming it on various technical issues and constraints. Engineers are fired at random for supposed incompetence.
- 2009: Just as President Bush is leaving office – accounts of the secret cyber program begin to surface. Bush strongly urges incoming President-elect Barack Obama to continue the program, telling him the importance of it.
- Spring, 2010: The National Security Agency (NSA), along with Unit 8200, Israel’s super-secret intelligence division, get aggressive on the Iranians. They target a specific set of centrifuges comprised of almost 1,000 machines, that if they failed, would be a huge setback to Iran. A special version of the computer worm is developed, with the Israeli’s putting the finishing touches on the program.
- Summer, 2010: The developers of Stuxnet determine that copies of the worm have escaped Natanz and have become available online, where they are replicating very quickly. Within weeks, stories appear regarding a new computer worm carried on USB keys that exploits a hole in the Windows operating system. This is Stuxnet. President Obama ultimately decides against stopping the program, and a subsequent attack take out nearly 1,000 Iranian centrifuges in Iran.
- 2011 – 2012: While Olympic Games was successful in knocking out Iran’s centrifuges – it set them back 1 to 2 years – Iran nevertheless becomes more determined to continue its weapons development as a result of the attacks. The attacks embolden Iran as they begin to push towards more aggressive development of their nuclear capabilities.[xii]
Charles has helped thousands of businesses throughout the world in designing and implementing a wide-range of information technology & cybersecurity solutions. And he’s helped these very businesses grow by identifying their niche, launching new services, and ultimately obtaining a true competitive advantage in the marketplace.
Charles works with CEO’s, entrepreneurs, business owners – anyone with a true passion for securing & growing their company in today’s challenging & complex business arena. Charles also consults regularly with top political and business leaders including former Vice Presidents of the United States, Secretaries of State, ambassadors, high-ranking intelligence officials, CEO’s, entrepreneurs, civic leaders, and others. Learn more at charlesdenyer.com.