Stuxnet | intelNews.org

Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

September 4, 2019 by Joseph Fitsanakis 2 Comments

AIVD Holland An Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

► Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with AIVD (Netherlands), computer hacking, Iran, Iranian nuclear program, Netherlands, News, Stuxnet

NSA director made secret visit to Israel last week

March 28, 2016 by Joseph Fitsanakis 1 Comment

The head of the United States’ largest intelligence agency secretly visited Israel last week, reportedly in order to explore forging closer ties between American and Israeli cyber intelligence experts. Israeli newspaper Ha’aretz said on Sunday that Admiral Michael Rogers, who directs the United States National Security Agency (NSA), was secretly in Israel last week. The NSA is America’s signals intelligence (SIGINT) agency, which is responsible for electronic collection, as well as protecting US government information and communication systems from foreign penetration and sabotage.

According to Ha’aretz, Rogers was hosted in Israel by the leadership of the Israel Defense Forces’ SIGINT unit, which is known as Intelligence Corps Unit 8200. The secretive group, which is seen as Israel’s equivalent to the NSA, is tasked with collecting SIGINT from Middle Eastern locations and protecting Israel’s electronic information infrastructure from adversaries. According to the Israeli newspaper, Rogers’ visit was aimed at exploring ways in which the NSA and Unit 8200 can enhance their cooperation, especially against regional Middle Eastern powers like Iran or non-state groups like Hezbollah.

IntelNews readers will recall that the IDF’s Unit 8200 is viewed by some Middle East observers as the creator of the Stuxnet virus. Stuxnet is a sophisticated malware that is believed to have been designed as an electronic weapon against Iran’s nuclear program. Among these observers is New York Times correspondent David Sanger; in his 2012 book, Confront and Conceal, Sanger claimed that Stuxnet was designed by NSA and Unit 8200 programmers as part of a joint offensive cyber operation codenamed OLYMPIC GAMES. According to Sanger, the two agencies collaborated very closely between 2008 and 2011 in order to bring about Stuxnet and other carefully engineered malware, including Flame.

Ha’aretz said that Rogers’ visit was meant to solidify US and Israeli cooperation on offensive cyber operations, based on the legacy of Stuxnet and Flame. During his visit to Israel, the US intelligence official also met with the heads of other Israeli intelligence agencies, said Ha’aretz.

► Author: Joseph Fitsanakis | Date: 28 March 2016 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with IDF, intelligence cooperation, Israel, Michael Rogers, News, NSA, Operation OLYMPIC GAMES, SIGINT, Stuxnet, Unit 8200, United States

US and Israel behind computer virus that hit Iran, say sources

June 22, 2012 by Joseph Fitsanakis 5 Comments

Flame virus code segment By JOSEPH FITSANAKIS | intelNews.org |
Flame, a sophisticated computer malware that was detected last month in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum, was created by Israel and the United States, according to a leading American newspaper. Quoting “officials familiar with US cyber-operations”, The Washington Post reported on Wednesday that the malware, which is said to be “massive in size”, is part of a wider covert program codenamed OLYMPIC GAMES. The paper said that the US portion of the program is spearheaded by the National Security Agency, which specializes in cyberespionage, and the CIA’s Information Operations Center. The Post further claims that OLYMPIC GAMES has a three-fold mission: to delay the development of the Iranian nuclear program; to discourage Israeli and American officials from resorting to a conventional military attack on Iran; and to buy time for those officials who favor addressing the Iranian nuclear stalemate with diplomatic pressures coupled with sanctions. According to one “former intelligence official” quoted in The Post, the scale of OLYMPIC GAMES “is proportionate to the problem that’s trying to be resolved”. Russian antivirus company Kaspersky Lab, which first spotted the Flame virus in May, said that it is “one of the most complex threats ever discovered”. It is over 20 megabytes in size, consisting of 650,000 lines of code. In comparison, Stuxnet, a computer super-virus that was detected by experts in 2010, and caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with CIA, cyberespionage, cybersecurity, cyberwar, Flame, Iran, Iranian nuclear program, Israel, News, NSA, Project OLYMPIC GAMES, Stuxnet, United States

Comment: Who authored computer virus that ‘dwarfs Stuxnet’?

June 6, 2012 by Joseph Fitsanakis 9 Comments

Flame virus code segment By JOSEPH FITSANAKIS | intelNews.org |
When the Stuxnet computer virus was detected, in 2010, it was recognized as the most sophisticated malware ever created. It had been specifically designed to sabotage Siemens industrial software systems, which were used in Iran’s nuclear energy program. Not surprisingly, most Stuxnet-infected computers were in Iran. Now a new, massive and extremely sophisticated piece of malware has been detected in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum. It is called Flame and, according to antivirus company Kaspersky Lab, which first spotted the virus last week, it is “one of the most complex threats ever discovered”. Simply consider that Stuxnet, which caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is over 20 megabytes in size, consisting of 650,000 lines of code; it is so complex that it is expected to take programming analysts around a decade to fully comprehend. The two are different, of course. Stuxnet was an infrastructure-sabotaging malware, which destroyed hundreds —maybe even thousands—of Iranian nuclear centrifuges. Flame, on the other hand, appears to be an espionage tool: it aims to surreptitiously collect information from infected systems. What connects them is their intended target: Iran. We now have Stuxnet, the most complex sabotaging malware ever discovered, which must have taken dozens of programmers several months to create, and Flame, the world’s most powerful cyberespionage tool ever detected by computer security experts. And both have been primarily directed at Iranian government computers. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Analysis, computer hacking, cyberespionage, cybersecurity, Flame, Iran, Iranian Ministry of Petroleum, Iranian National Oil Company, Iranian nuclear program, Israel, News, Stuxnet

News you may have missed #689: NSA edition

March 2, 2012 by Ian Allen Leave a comment

By IAN ALLEN| intelNews.org |
►►Ex-NSA Director calls Stuxnet a ‘good idea’. General Michael Hayden, once head of the NSA and CIA, who was no longer in office when the Stuxnet attack on Iran occurred, but who would have been around when the computer virus was created, denies knowing who was behind it. He calls Stuxnet “a good idea”. But he also admits “this was a big idea, too. The rest of the world is looking at this and saying, ‘clearly, someone has legitimated this kind of activity as acceptable'”.
►►NSA develops secure Android phones. The US National Security Agency has developed and published details of an encrypted VoIP communications system using commercial off-the-shelf components and an Android operating system. A hundred US government employees participated in a pilot of Motorola hardware running hardened VoIP called ‘Project FISHBOWL’, NSA Information Assurance Directorate technical director Margaret Salter told the RSA Conference in San Francisco on Wednesday. “The beauty of our strategy is that we looked at all of the components, and took stuff out of the operating system we didn’t need”, said Salter. “This makes the attack surface very small”.
►►Senior US Defense official says DHS should lead cybersecurity. In the midst of an ongoing turf battle over how big a role the National Security Agency should play in securing America’s critical infrastructure, Eric Rosenbach, deputy assistant secretary of Defense for Cyber Policy in the Department of Defense, said on Wednesday that the NSA should take a backseat to the Department of Homeland Security in this regard. “Obviously, there are amazing resources at NSA, a lot of magic that goes on there”, he said. “But it’s almost certainly not the right approach for the United States of America to have a foreign intelligence focus on domestic networks, doing something that throughout history has been a domestic function”.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 0 Ex-NSA Director calls Stuxnet a 'good idea', 0 NSA develops secure Android phones, 0 Senior US Defense official says DHS should lead cybersecurity, Android, cellular telephony, cybersecurity, Eric Rosenbach, Margaret Salter, Michael Hayden, Motorola, NSA, NSA Information Assurance Directorate, Project FISHBOWL, Stuxnet, turf wars, United States, US Department of Homeland Security, US DoD, VOIP

News you may have missed #675

January 31, 2012 by Ian Allen Leave a comment

Eugene Forsey By IAN ALLEN | intelNews.org |
►►US ‘has engaged in cyberwarfare’. Former National Security Agency Director Mike McConnell said in an interview with Reuters that the United States has already used cyber attacks against an adversary. Most believe he was referring to Stuxnet, the computer virus unleashed against Iran in 2010.
►►Philippines studying US offer to deploy spy planes. The Philippines is considering a US proposal to deploy surveillance aircraft on a temporary, rotating basis to enhance its ability to guard disputed areas in the South China Sea, the Philippine defense minister said last week. The effort to expand military ties between the United States and the Philippines, which voted to remove huge American naval and air bases 20 years ago, occurs as both countries grapple with the growing assertiveness of China.
►►Canadian intelligence spied on constitutional expert. Canadian security forces kept close tabs on renowned constitutional scholar Eugene Forsey from his early days as a left-wing academic to his stint as a senator, according to newly declassified documents. The collection of more than 400 pages, which has been obtained by Canadian newspaper The Toronto Star, reveals the RCMP Security Service (the predecessor to the Canadian Security Intelligence Service), followed Forsey for four decades throughout his career as an economics professor, research director for the Canadian Congress of Labour (now called the Canadian Labour Congress), a two-time Ottawa-area candidate for the Cooperative Commonwealth Federation and then his 1970 appointment as a Liberal senator. No surprises here.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 0 Canadian intelligence spied on constitutional expert, 0 Philippines studying US offer to deploy spy planes, 0 US 'has engaged in cyberwarfare', Canada, Canadian Congress of Labour, Canadian Labour Congress, Canadian Liberal Party, China, Cooperative Commonwealth Federation (Canada), cyberwar, declassification, domestic intelligence, Eugene Forsey, Mike McConnel, News, news you may have missed, NSA, Philippines, political policing, RCMP Security Service, Royal Canadian Mounted Police, Stuxnet, United States

News you may have missed #566 (analysis edition)

August 14, 2011 by Ian Allen Leave a comment

Jeffrey Richelson

►►Stuxnet virus opens new era of cyberwar. Well-argued article by quality German newsmagazine Der Spiegel on Stuxnet, the sophisticated computer virus that attacked the electronic infrastructure of Iran’s nuclear program last year. The article argues that, in terms of strategic significance, the virus, which is widely considered a creation of Israeli intelligence agency Mossad, is comparable to cracking Germany’s Enigma cipher machine by Polish and British cryptanalists during World War II.
►►The fallout from the Turkish Navy’s recent spy scandal. Recently, the Turkish High Criminal court indicted members of an alleged spy ring operating inside the Turkish Navy. According to the indictment, members of the ring stole more than 165,000 confidential documents and obtained dozens of surveillance records and classified military maps. Its biggest customers were allegedly the intelligence services of Israel, Greece and Russia.
►►New edition of classic intelligence handbook published. A new edition of Jeffrey Richelson’s encyclopedic work on Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 0 New edition of classic intelligence handbook published, 0 Stuxnet virus opens new era of cyberwar, 0 The fallout from the Turkish Navy's recent spy scandal, book news and reviews, computer hacking, counterintelligence, cyberwar, Enigma, espionage, Greece, Iran, Iranian nuclear program, Israel, Jeffrey Richelson, Mossad, News, news you may have missed, nuclear proliferation, Russia, Stuxnet, Turkey, Turkish Navy

Ex-CIA counterterrorist chief says al-Qaeda to turn to computer hacking

August 5, 2011 by Joseph Fitsanakis Leave a comment

Cofer Black

By JOSEPH FITSANAKIS | intelNews.org |
The strategic retreat currently being experienced by al-Qaeda will force the group to concentrate on inflicting damage on its enemies through the Internet. This is the opinion of Cofer Black, the straight-talking CIA veteran who retired in 2002 as Director of the Agency’s Counterterrorism Center. Black, who is known for his hawkish views on Washington’s ‘war on terrorism’, gave the keynote speech on Wednesday at the Black Hat Technical Security Conference in Las Vegas, Nevada. He told an audience of nearly 7,000 conference participants that “the natural thing” would be for al-Qaeda in the post-bin-Laden age to continue to engage in terrorism by “fall[ing] back to things that are small and agile”, with computer hacking being an ideal candidate. Black, who since 2002 has worked for private contractors, including Blackwater/Xe, illustrated his point by referring to Stuxnet, the elaborately programmed computer virus that targeted electronic hardware in Iran’s nuclear energy program in July of 2010. “The Stuxnet attack is the Rubicon of our future”, said the former CIA official, adding that it was the computer virus designed to cause “physical destruction of a national resource”. Black is rightly revered by intelligence observers for having warned US government officials of a large-scale terrorist attack in August of 2001, one month prior to the September 11 hijackings. Having said this, it is not exactly prophetic to state, as he did, that “cyber will be a key component of any future conflict”. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with al-Qaeda, Black Hat Technical Security Conference, CIA, CIA Counterterrorism Center, Cofer Black, computer hacking, cybersecurity, cyberwar, Iran, News, Stuxnet, threat validation, United States, War on Terrorism

News you may have missed #538

July 15, 2011 by Ian Allen Leave a comment

Wali Karzai

By IAN ALLEN | intelNews.org |
►►Egyptian diplomat dead in London after bizarre suicide attempt. Police in London are trying to solve the mysterious apparent suicide of Ayman Mohammed Fayed, a 41-year-old employee of the Egyptian embassy, who plunged to his death from one of the embassy’s third-floor windows last week. Embassy officials said he did so after hurriedly signing a brief suicide note to his family. Interestingly, one witness saw him trying to get back into the building from the window, apparently having changed his mind about killing himself. But, says The Daily Mail, he seems to have “lost control and fell”. The death does not seem to be related to the political changes that have taken place in Egypt this year. ►►CIA agent Wali Karzai dead in Afghanistan. Another death, that of Afghan President Hamid Karzai’s brother, has featured all over the news media in the past few days. Ahmed Wali Karzai, Afghan drug lord and influential strongman, was shot dead by his bodyguards last Tuesday. Wali Karzai’s role as a CIA agent is less widely advertised in obituaries (with a few notable exceptions). IntelNews readers will remember that, in October of 2009, The New York Times revealed that Wali Karzai had been financially sustained by the CIA ever since the initial US invasion of Afghanistan, in 2001, and that he was still —as of 2009— receiving “regular payments” from the Agency. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 0 CIA agent Wali Karzai dead in Afghanistan, 0 Egyptian diplomat dead in London after bizarre suicide attempt, 0 How Digital Detectives Deciphered Stuxnet, Afghanistan, Ahmed Wali Karzai, assassinations, Ayman Mohammed Fayed, CIA, computer hacking, Egypt, Egyptian embassy in the UK, Hamid Karzai, Iran, Iranian nuclear program, London, News, news you may have missed, sabotage, Stuxnet, suicides, suspicious deaths, UK, United States

Iran admits some of its nuclear scientists spied for the West

October 22, 2010 by intelNews Leave a comment

Ali Akbar Salehi

By JOSEPH FITSANAKIS | intelNews.org |
A top-level Iranian government official has admitted that some scientists and technicians in Iran’s nuclear energy program were successfully lured into spying for Israeli and Western intelligence agencies in the past. The disclosure, which was characterized as “stunning” by the Associated Press, marked the first-ever open admission by the Iranian government that the country’s nuclear energy program has been penetrated by foreign spies. It was made last weekend by Ali Akbar Salehi, Iran’s Vice President and Director of the country’s Atomic Energy Organization. According to the Iranian government-controlled Fars News Agency, Vice President Salehi told an audience that individual scientists and technicians working in Iran’s nuclear program had used their access to classified relevant information to benefit from “foreign purchases and commercial affairs”. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Abdul Qadeer Khan, Ali Akbar Salehi, espionage, Iran, Iranian nuclear program, Israel, News, sabotage, scientific intelligence, Stuxnet, United States

News you may have missed #438 (Stuxnet edition)

October 5, 2010 by intelNews Leave a comment

Stuxnet cyber superweapon moves to China. The Stuxnet computer virus, dubbed the world’s “first cyber superweapon” by experts, and which may have been designed to attack Iran’s nuclear facilities, has found a new target: China. The computer worm has infecting millions of computers around the country, Chinese state media reported this week.
Stuxnet worm heralds new era of global cyberwar. The Stuxnet worm, which Iran admits has affected 30,000 of its computers, was a sophisticated attack almost certainly orchestrated by a state. It also appears that intelligence operatives were used to deliver the worm to its goal.
Israeli cyber unit allegedly responsible for Iran computer worm. Some experts claim that Unit 8200, an elite Israeli military group responsible for cyberwarfare, has been accused of creating a virus that has crippled Iran’s computer systems and stopped work at its newest nuclear power station.

[Research credit to Arthur Sbygniew]

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with 0 Israeli cyber unit allegedly responsible for Iran computer worm, 0 Stuxnet cyber superweapon moves to China, 0 Stuxnet worm heralds new era of global cyberwar, China, cyberwar, Internet, Iran, Iranian nuclear program, Israel, News, news you may have missed, Stuxnet, Unit 8200

Iran announces arrests of alleged nuclear spies

October 4, 2010 by intelNews Leave a comment

Heidar Moslehi

By IAN ALLEN | intelNews.org |
The Iranian government has announced the arrest of an unspecified number of alleged nuclear spies, reportedly in connection with a sophisticated virus that infected computers used in Iran’s nuclear energy program. The arrests were publicized on Sunday by Heidar Moslehi, Iran’s Minister of Intelligence, who said those arrested had helped facilitate the spread of the so-called Stuxnet virus last June. The malicious program, which appears to have been designed to sabotage sensitive hardware components found specifically in nuclear centrifuges, has infected at least 100,000 computer systems worldwide, most of which are located in Iran. Speaking to Iranian media, Moslehi accused Israel and the United States of trying to sabotage the Iranian nuclear energy program, but noted that Iran’s intelligence services have resumed “complete supervision of cyberspace” and will successfully prevent “any leak or destruction” of the Islamic Republic’s nuclear research and development program by outside forces. But elsewhere in Tehran, Hamid Alipour, an Iranian government Senior Information and Technology official, admitted that technical experts are still working on containing the virus, which appears to be mutating. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with computer hacking, Habib Elghanian, Hamid Alipour, Heidar Moslehi, Heydar Moslehi, Internet, Iran, Iranian nuclear program, Israel, News, Queen Esther, Stuxnet, United States

Experts see nation-state behind sophisticated computer virus attack

September 29, 2010 by intelNews 2 Comments

Ahmadinejad

By IAN ALLEN | intelNews.org |
Computer forensics specialists are split as to the purpose and initial target of a sophisticated computer virus that infected computers used in the Iranian government’s nuclear energy program. The virus, named Stuxnet, was discovered in Iran in June by a Belarusian computer security firm doing business in the Islamic Republic. It has since infected at least 100,000 computer systems in countries such as Brazil, India, Russia and the United States. But the primary target of the virus appears to have been the Iranian nuclear energy program, specifically computers located at the Islamic Republic’s nuclear reactor facility in Bushehr and the uranium enrichment plant in Natanz. Several commentators, including Wired magazine, dispute the existence of any evidence pointing to a clear target inside Iran. But Israeli media maintain that computers at Natanz were the primary target of Stuxnet, and that subsequent infections at computer labs at Bushehr were in fact an unintended side effect. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with Belarus, Bushehr nuclear power plant, cybersecurity, cyberwar, Iran, Israel, Israeli military, Middle East, Mossad, Natanz Enrichment Facility, News, nuclear proliferation, sabotage, Stuxnet, Unit 8200

News you may have missed #435 (cyberwarfare edition)

September 28, 2010 by intelNews Leave a comment

Analysis: Cyber attacks test US Pentagon. US military and civilian networks are probed thousands of times a day, and the systems of the North Atlantic Treaty Organization headquarters are attacked at least 100 times a day. Meanwhile, more than 100 countries are currently trying to break into US defense networks.
US should be able to shut Internet, ex-CIA chief says. Cyberterrorism is such a threat that the US President should have the authority to shut down the Internet in the event of an attack, Former CIA Director Michael Hayden has said.
Iran battling alleged ‘spy virus’. Iranian officials have confirmed reports that a malicious computer code, called Stuxnet, was spreading throughout the nation’s nuclear infrastructure. But they have given differing accounts of the damage, said to be capable of taking over computers that operate huge facilities, including nuclear energy reactors. Did someone say ‘Israel‘?