Stuxnet Revelations: Israel Screwed up US Cyberattack on Iran's Reactors
February 17, 2016 Ashley Carman / The Verge & The Jerusalem Post
In the early days of the Obama administration, thousands of American military and intelligence officers worked to develop a plan codenamed Nitro Zeus. It was designed to destroy large sectors of Iran's civilian infrastructure, including its power grid, phone lines, and air defenses. According to a new film, the plan -- which cost tens of millions of dollars and involved placing electronic implants in Iran's computer networks -- was undone by rash Israeli intelligence moves.
The US Spent Millions Planning an Elaborate Cyberattack on Iran Ashley Carman / The Verge
(February 16, 2016) -- In the early days of President Obama's administration, thousands of American military and intelligence officers worked to develop a plan that could feasibly take down critical infrastructure in Iran, according to a new documentary called Zero Days, which premieres tomorrow.
The plan was codenamed Nitro Zeus, and if it had ever been deployed, it would have taken down parts of Iran's civilian infrastructure, including its power grid, phone lines, and air defenses. The plan cost tens of millions of dollars to design and involved the placement of electronic implants in Iranian computer networks, in case it were ever decided to be implemented.
The reports claim Nitro Zeus was created as a contingency plan if the US/Iran nuclear negotiations never came to fruition; the US worried Israel would attack Iran's nuclear arsenal and drag the US into a conflict. The plan was intended to render a conventional conflict unnecessary, or at least minimize it.
The US also developed a narrower plan that would have taken down Iran's Fordo nuclear enrichment site, the Times reports. The nuclear facility was apparently high on the priority list for the US and Israel after the Stuxnet virus destroyed 1,000 centrifuges and halted activities at the separate Natanz nuclear facility. Fordo would have been more difficult to attack. The US's plan would have involved the insertion a malicious worm into the facility's computer system to cut its power.
The government has yet to clarify its prior offensive efforts or expand on its ability to conduct them. In the wake of the Sony attack, for example, Obama alluded to having retaliation possibilities at his disposal, but didn't elaborate on what exactly the US was capable of carrying out. This reported plan offers one of the most thorough looks at US cyberattack endeavors.
The New York Times reports that all aspects of Nitro Zeus have been shelved for the time being. Iran has already removed two-thirds of the centrifuges in Fordo since an agreement was reached this summer, and it's banned from conducting nuclear work there for the next 15 years.
Israel's Rash Behavior Blew Operation to Sabotage Iran's Computers, US Officials Say The Jerusalem Post
(February 16, 2016) -- Zero Days, Alex Gibney's film premiering at the Berlin Film Festival, explores the joint US-Israeli operation to develop the Stuxnet virus and sabotage Iran's nuclear program.
Gen. Michael Hayden, former head of both the CIA and the NSA, claims the goal of a potential Israeli strike on Iran would be to drag the US into war.
Hayden made the remarks in a documentary film premiering this week at the Berlin International Film Festival. The film also quotes other sources in the US intelligence community who accuse Israel of disrupting a joint covert operation to sabotage computers used in Iran's nuclear program by acting rashly and in opposition to agreed-upon plans. As a result, hundreds of millions of dollars that were invested in the operation went to waste.
The film, Zero Days, was directed by Alex Gibney, whose film Taxi to the Dark Side won the Academy Award for Best Documentary Feature in 2008.
The film contains testimony from NSA and CIA operatives who worked together with Israeli colleagues -- from the 8200 Military Intelligence Unit and Mossad -- to develop several versions of a deadly virus that penetrated computers at the uranium enrichment facility at Natanz in Iran. The testimony is delivered anonymously by an actress whose face remains hidden.
According to the claims in the film, the hasty Israeli action prevented the carrying out of a number of further planned actions that were intended to sabotage computers at a second, more fortified uranium enrichment facility at Fordow. The film also reveals another planned cyber unit covert operation code-named NZ (Nitro Zeus).
"We spent millions on this operation to sabotage all of the computers of the Iranian infrastructure in the instance of a war," a source quoted in the film said. "We penetrated the government, electricity lines, power stations and most of the infrastructure in Iran."
The deadly virus that was implanted at Natanz was named "Stuxnet" by computer security experts, but it had a different name among the Israeli and American intelligence communities that was not revealed in the film. The codename of the entire operation, as was revealed by New York Times' journalist David E. Sanger, was "Olympic Games."
Conventional wisdom holds that the implanting of the virus marked the first time that a country, or two countries in this case (the US and Israel), engaged in cyber warfare against another country (Iran).
Up until then, the majority of attacks were carried out by individual hackers for their own enjoyment or for political purposes, by criminals for the purposes of fraud and thievery, or by companies engaged in industrial and commercial espionage.
US Vice President Joe Biden was quoted in the film as saying in a meeting that the Israelis "changed the code" of the deadly virus's software. As a result, in opposition to the plan, the virus spread from nuclear program computers to many other computers in Iran, and from there, to computers around the world, even harming the computers of American companies.
The unplanned spread of the virus led to the exposing of the operation and enabled the Iranians, with the help of information security experts from Belarus and Russia, to invent a "vaccine" for their computers to better defend the nuclear program.
According to the film, the premature exposure of the operation caused by Israel's action's also caused the virus software, which was among the most classified and most advanced in the world, to leak to Russian and Iranian intelligence.
"Ironically," it is said in the film, "the secret formula for writing the code for the virus software fell into the hands of Russia and Iran -- the country against which it was developed."
The development of Stuxnet and the planning of Operation Olympic Games began in 2006, during George W. Bush's term as president, who wanted to thwart the Iranian nuclear program. Hayden, who was alternately the head of the NSA and the head of the CIA for 10 years starting in 1999, reveals in the film that "President Bush did not want to be left with the choice of ' to bomb or be bombed.'"
According to the film, experts from both countries came up with the idea to try to sabotage Iran's nuclear facilities, and in particular their computers. Pictures of then-Iranian president Mahmoud Ahmadinejad's visit to the Natanz facility helped the experts obtain needed intelligence on the computers. The computers, their configuration and their rear connections can be seen clearly in the pictures. Eventually, these entry and exit points served as portals to implant the virus.
Iranian nuclear experts accompanied Ahmadinejad on his tour of the facility. One of those photographed at Ahmadinejad's side was assassinated a few years later, in an operation that was attributed to the Mossad.
On Bush's orders, exact replicas of the centrifuges were built at the national laboratories in Oak Ridge, Tennessee, which is also used to produce nuclear weapons, and at Israel's nuclear reactor in Dimona.
The deadly virus was implanted in the centrifuges and their rotors were damaged and broken. Intelligence operatives brought the broken rotors to the White House situation room, showed them to President Bush and demonstrated for him the action. Bush was impressed, saying, "Go and try." He ordered a greater investment in offensive, covert cyber warfare and approved the operation.
According to the film, offensive cyber warfare against Iran was increased even more during Barack Obama's term, who feared that Israel under the leadership of Prime Minister Benjamin Netanyahu and then-defense minister Ehud Barak would take military action against the Islamic Republic.
Hayden reveals in the film that America's fear was that "the real goal of an Israeli attack [against the nuclear facilities in Iran], would be to drag us into war," because Israel's own attack capabilities were limited. "Israel has an excellent air force, but it's small. The distance is great and the facilities are spread throughout Iran."
In order to calm Israel down, and to prove that the administration was working diligently to thwart an Iranian nuclear weapon, Obama ordered the intelligence community to increase its efforts and its cooperation with the Mossad and Unit 8200. He did so despite having some doubts about the operation.
Obama expressed concern that "the Chinese and the Russians will do the same thing to us," and insert viruses into nuclear facilities and other strategic sites in the United States. However, Obama's greater fear was of an Israeli attack. "The goal was to gain time," Hayden added, "in order to force Iran to come to the negotiating table."
According to the film, British intelligence also secretly took part in the operation through the GCHQ, its unit responsible for telephone surveillance, communications interception, code-breaking and cyber warfare. "But the main partner was Israel," the film says. "And in Israel the Mossad ran the show. 8200 provided technical help. Israel was the key to the whole story."
In the beginning, the virus acted as it was supposed to, according to the film. "As far as we knew, but they weren't telling us everything," an NSA source said. "The virus was implanted in the computers, probably by the Mossad, through its infiltration of two software companies in Taiwan that were working with the Iranians."
The plan was for the virus to harm the digital and computerized electric boxes made by the German company Siemens, which were hooked up to the computers that operated the centrifuges. About a thousand of the 5,000 centrifuges were damaged without the Iranians discovering the cause of the problem.
"The plan did what it was supposed to do," an anonymous American intelligence operative said. "The centrifuges blew up without leaving a trace."
The sabotage operation also had a psychological goal: to instill in the Iranian leadership and in the community of scientists a feeling that they were helpless and did not understand what was happening. An additional goal was to drive a wedge between the political and military leadership, and the scientists. And indeed, the Iranians accused their experts of failure, began firing them and threatened them.
According to testimony gathered by the film's producers, several hundred programmers, mathematicians and computer engineers worked in Tailored Access Operations (TAO) teams at CIA headquarters and the cyber command in Fort Meade, Maryland. Only these teams were authorized to infiltrate computers outside of the US, including those in Iran.
The sources quoted in the film say the US and Israel developed a few different versions of the Stuxnet virus. Each new version was more powerful than its predecessor. The idea was to gradually implant increasingly stronger versions of the virus.
In addition, it was established that each country had the right to act independently, as long as it informed the other of its actions. However, according to the film, as a result of pressure from Netanyahu on the chief of the Mossad to "show results," it was decided in Israel to use the most deadly version of the virus prematurely.
"We operated at a low profile," an NSA source said. "The Israelis, on the other hand, constantly pushed to be more aggressive."
In this way, after the strongest version of the virus was implanted in order to increase the force of the damage to the centrifuges at Natanz, the virus, according to German information security expert Ralph Langer, began to "jump from computer to computer," until it was out of control and unintentionally spread to thousands of computers, networks and systems, including computers in the United States.
"Our friends from Israel took a weapon that we developed jointly, among other things in order to defend Israel, and did something crazy with it, and actually blew the operation. We were very furious," a source said.
The film reveals that the presidential orders of Bush and Obama to activate the cyber weapon were based on their authority to use nuclear weapons. As a result of the American-Israeli cyber warfare, Iran began to develop and to enhance its own attack tools.
A few years ago, in revenge and as a message of deterrence, it attacked 30,000 computers belonging to the Saudi oil company Aramco and computers belonging to American banks.
On this backdrop, the film also delves into the philosophical-theoretical issue of the world's need to establish international treaties and rules of what's legal and illegal in cyber warfare, like the international conventions that govern the laws of conventional warfare.
In addition to Hayden, other US officials are interviewed in the film, including Richard Clarke, an anti-terrorism and cyber warfare consultant in the Bush, Clinton and Bush administrations, John C. Inglis, former deputy NSA chief, Gary Samore, from the National Security Council and the head of information and computer security branch of the Department of Homeland Security. The New York Times' Sanger also served as consultant to the film's director and producers.
On the Israeli side, interviews were conducted with former Military Intelligence chief Amos Yadlin, current National Infrastructure, Energy and Water and former Intelligence Minister Yuval Steinitz, as well as the writer of this article, who also served as a consultant on the film.
Computer security experts from the American firm Semantec appear in the film, as well as the German expert Ralph Langer and Eugene Kaspersky, who is considered one of the most well-known computer security experts in the world. Kaspersky was formerly a Russian intelligence operative and is considered to have close ties to the Kremlin.
Posted in accordance with Title 17, Section 107, US Code, for noncommercial, educational purposes.