Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus
September 4, 2019 2 Comments
An Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.
Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.
It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.
That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.
It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.
► Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink
A group of hackers, allegedly working for the Chinese military, accessed thousands of classified diplomatic cables from the European Union during a protracted cyber-espionage operation, a report has revealed. Over 100 organizations are believed to have been targeted in the multi-year cyber-espionage campaign, including the United Nations, international labor groups, as well as government ministries from dozens of countries. The operation was revealed on Tuesday by Area 1, a cyber-security company founded by former officials of the United States National Security Agency, and 
Russia “paved the way” for last November’s seizure of Ukrainian Navy ships by launching a major cyber attack and disinformation campaign aimed at Ukraine, according to a cyber security firm and the European Union. In what has become known as the Kerch Strait incident of November 25, border service coast guard vessels belonging to the Russian Federal Security Service (FSB) opened fire on three Ukrainian Navy ships that were attempting to enter the Sea of Azov through the Kerch Strait. All three Ukrainian vessels, along with crews totaling 24 sailors, were captured by the Russian force and remain in detention. Ukraine condemned Russia’s action as an act of war and declared martial law in its eastern and southern provinces. But Moscow said the incident had been caused by a provocation by the Ukrainian government, in a desperate effort to increase its popularity at home. Meanwhile, the three Ukrainian ships and their crews remain in Russia.
A new report by the British government alleges that the so-called ‘Cyber Caliphate’, the online hacker wing of the Islamic State, is one of several supposedly non-state groups that are in fact operated by the Russian state. The group calling itself Cyber Caliphate first appeared in early 2014, purporting to operate as the online wing of the Islamic State of Iraq and Syria (ISIS), which was later renamed Islamic State. Today the Cyber Caliphate boasts a virtual army of hackers from dozens of countries, who are ostensibly operating as the online arm of the Islamic State. Their known activities include a strong and often concentrated social media presence, as well as computer hacking, primarily in the form of cyber espionage and cyber sabotage.
Western intelligence agencies thwarted a plot involving two Russians intending to travel to a Swiss government laboratory that investigates nuclear, biological and chemical weapons, and hack its computer systems. According to two separate reports by Dutch newspaper 
An American cyber security firm has reported the discovery of a previously undetected, “highly active” Iranian cyber espionage group, whose extensive target list consists mainly of large organizations and companies in the Middle East. The cyber security firm Symantec, makers of Norton antivirus software, which uncovered the cyber espionage group’s existence, has dubbed it “Leafminer”. It said the group has been active since the beginning of 2017, but has “significantly ramped up its activities” in 2018 and is currently involved in dozens of ongoing attacks.
The head of Germany’s domestic security agency has publicly blamed the Russian government for a large-scale cyberattack that has targeted German energy providers. The comments follow a June 13 announcement on the subject by Germany’s Federal Office for Information Security (BSI), which is charged with securing the German government’s electronic communications. According to the BSI, a widespread and systematic attack against Germany’s energy networks has been taking place for at least a year now. The attack, which the BSI codenamed BERSERK BEAR, consists of various efforts by hackers to compromise computer networks used by German companies that provide electricity and natural gas to consumers around the country.
