A COMPUTER virus created to sabotage Iran’s nuclear programme and stop Tehran developing an atomic bomb was designed by American and Israeli experts, it was claimed yesterday.
The Stuxnet computer worm, the most sophisticated cyber weapon ever made, crippled uranium enrichment facilities across Iran last year and set the country back five years in the nuclear arms race.
US military and intelligence sources have told The New York Times that a simulation of Iran’s uranium enrichment facility was built at the nuclear plant at Dimona, in southern Israel, possibly using centrifuges identical to Iran’s, surrendered by Colonel Muammar Gaddafi, the Libyan leader, after the US invasion of Iraq in 2003.
At Dimona the Israelis perfected the weapon, using the Siemens computer operating system that runs Iran’s nuclear plants, the paper said. The virus was first detected last June. Israel, which does not acknowledge its covert operations or its own nuclear arsenal, has denied knowledge of Stuxnet, although officials have not hidden their delight.
“Whoever did it should be blessed in my point of view,” Ilan Mizrahi, a retired deputy head of Mossad, Israel’s spy agency, said.
The genius of Stuxnet appears to have been that not only did it infect the protected computer system at Natanz, where uranium is enriched, but it also told the Iranian technicians monitoring the plant that all was well.
In fact it was causing the centrifuges to spin so fast that about 1,000 of them, a fifth of the total, broke before the alarm was raised. Siemens, a German company that produces computer controls for the US, co-operated with American cyber-security experts two years ago on developing defences against cyber attacks, such as the Conficker worm that penetrated the Pentagon in 2009.
Knowledge of vulnerabilities in the Siemens’ system may have been passed to the designers of Stuxnet to enable them to take out Iran’s programme without the military strikes being threatened at the time by the Israeli Prime Minister, Binyamin Netanyahu.
Stuxnet was first analysed by a German computer security expert, Ralph Langner, who said that the designer knew too much about the Siemens operating system to have been merely a hacker.
“Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,” Mr Langner said. “It is about destroying its targets with utmost determination in military style.”
The New York Times said that at Dimona, in the Negev desert, Israel built an exact replica of the Iranian uranium cascades, using centrifuges either from Libya or bought on the black market, possibly through the network established by the Pakistani nuclear scientist, A.Q. Khan. The Israelis overcame the great difficulties encountered by both US engineers and the Iranians in making the primitive system work. Finally, they got the system at Dimona working, then used it to develop the worm.
How the worm entered the Iranian nuclear facility at Natanz remains a mystery, as the plant’s computer control system is not connected to the internet, to avoid precisely this kind of sabotage.
Last month, however, the Institute for Science and International Security (Isis), which issued the first detailed report of how Stuxnet might have ordered the centrifuges to rotate so fast that they broke, said that foreign agents might have introduced the worm through the laptops of Natanz nuclear technicians.
“Stuxnet would have needed to travel on a removable drive from an infected computer to the Natanz control system,” the Isis report said. “Natanz personnel could have unknowingly transported Stuxnet after using infected personal computers. Perhaps the attackers first targeted the personal computers of Natanz personnel.”
Israel has been blamed by Iran for several assassinations and abductions of key nuclear physicists. Tehran’s controversial nuclear programme has also been hit by international sanctions in the past two years, making it difficult to replace broken hardware.
But so far Stuxnet has proved to be the most dangerous weapon against Tehran’s nuclear plans. Last November, President Ahmadinejad of Iran admitted that a cyber attack had caused “minor problems with some of our centrifuges”, although he insisted Iran’s experts had fixed the fault. However, two weeks ago, the outgoing chief of Mossad, Meir Dagan, abruptly revised the estimate of the nuclear threat level from Iran, down from “imminent” to 2015 at the earliest.
The region, which had been poised for a dangerous shift in power and a potential nuclear arms race if Iran created the bomb, appeared to draw a collective sigh of relief.
Only one person appeared unhappy: Mr Netanyahu. The Israeli Prime Minister was clearly worried that the news could divert international attention away from the threat.
“I think that intelligence estimates are exactly that, estimates,” Mr Netanyahu said. “They range from best-case to worst-case possibilities, and there is a range there, there is room for differing assessments.”
For months before that, there had been hints and clues pointing to Israel’s fingerprints on the Stuxnet worm. Last September, researchers in Vancouver said that they had found a marker with the digits “19790509” buried deep inside the worm’s code.
They took the marker to be a reference to Iran’s execution of a leading Iranian Jewish businessman on charges of spying for Israel. He was killed by a firing squad on May 9, 1979, the date that they said was hidden in the code.
Other experts found another part of the code entitled Myrtus, a possible allusion to the Old Testament’s Book of Esther, about the foiling of an anti-Jewish Persian plot.
But Yaniv Leviathan, an expert in cyber warfare at the University of Haifa in Israel, asked why a security agency would leave an obvious calling card.
“If a state wants to plant something by stealth, why put its signature on it?” He said it could be a double bluff. “This is a world of lies upon lies upon lies.”