Iranian engineer recruited by Holland helped CIA and Mossad deliver Stuxnet virus

AIVD HollandAn Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. Discovered by researchers in 2010, Stuxnet is believed to have been designed with the aim of sabotaging the nuclear program of the Islamic Republic of Iran. The virus targeted the industrial computers —known as programmable logic controllers— that regulated mechanical and electronic hardware in Iranian nuclear installations. By compromising the software installed on these computers, Stuxnet manipulated the rotor speed of nuclear centrifuges at Iran’s Natanz Fuel Enrichment Plant. By increasing the centrifuges’ rotor speed to unmanageable levels, Stuxnet rendered many of these machines permanently inoperable.

Most observers agree that Stuxnet was a joint cyber sabotage program that was devised and executed by the United States and Israel, with crucial assistance from Germany and France. But now a new report from Yahoo News claims that the contribution of Dutch intelligence was central in the Stuxnet operation. Citing “four intelligence sources”, Yahoo News’ Kim Zetter and Huib Modderkolk said on Monday that Holland’s General Intelligence and Security Service (AIVD) was brought into the Stuxnet operation in 2004. In November of that year, a secret meeting took place in The Hague that involved representatives from the AIVD, the United States Central Intelligence Agency, and Israel’s Mossad.

It was known that the Islamic Republic’s nuclear weapons program was crucially assisted by A.Q. Khan, a Pakistani nuclear physicist and engineer. In 1996, Khan sold the Iranians designs and hardware for uranium enrichment, which were based on blueprints he had access to while working for a Dutch company in the 1970s. By 2004, when the Dutch were consulted by the CIA and the Mossad, the AIVD had already infiltrated Khan’s supply network in Europe and elsewhere, according to Yahoo News. It also had recruited an Iranian engineer who was able to apply for work in the Iranian nuclear program as a contractor. This individual was provided with proprietary cover, said Yahoo News, which included two “dummy compan[ies] with employees, customers and records showing a history of activity”. The goal of the AIVD, CIA and Mossad was to have at least one of these companies be hired to provide services at the Natanz nuclear facility.

That is precisely what happened, according to Yahoo News. By the summer of 2007, the AIVD mole was working as a mechanic inside Natanz. The information he provided to the AIVD helped the designers of Stuxnet configure the virus in accordance with the specifications of Natanz’s industrial computers and networks. Later that year, the AIVD mole was able to install the virus on Natanz’s air-gapped computer network using a USB flash drive. It is not clear whether he was able to install the virus himself or whether he was able to infect the personal computer of a fellow engineer, who then unwittingly infected the nuclear facility’s system. The Yahoo News article quotes an intelligence source as saying that “the Dutch mole was the most important way of getting the virus into Natanz”.

It is believed that, upon discovering Stuxnet, the Iranian government arrested and probably executed a number of personnel working at Natanz. The Yahoo News article confirms that there was “loss of life over the Stuxnet program”, but does not specify whether the AIVD mole was among those who were executed. The website said it contacted the CIA and the Mossad to inquire about the role of the AIVD in the Stuxnet operation, but received no response. The AIVD declined to discuss its alleged involvement in the operation.

Author: Joseph Fitsanakis | Date: 04 September 2019 | Permalink

Advertisements

NSA director made secret visit to Israel last week

Michael RogersThe head of the United States’ largest intelligence agency secretly visited Israel last week, reportedly in order to explore forging closer ties between American and Israeli cyber intelligence experts. Israeli newspaper Ha’aretz said on Sunday that Admiral Michael Rogers, who directs the United States National Security Agency (NSA), was secretly in Israel last week. The NSA is America’s signals intelligence (SIGINT) agency, which is responsible for electronic collection, as well as protecting US government information and communication systems from foreign penetration and sabotage.

According to Ha’aretz, Rogers was hosted in Israel by the leadership of the Israel Defense Forces’ SIGINT unit, which is known as Intelligence Corps Unit 8200. The secretive group, which is seen as Israel’s equivalent to the NSA, is tasked with collecting SIGINT from Middle Eastern locations and protecting Israel’s electronic information infrastructure from adversaries. According to the Israeli newspaper, Rogers’ visit was aimed at exploring ways in which the NSA and Unit 8200 can enhance their cooperation, especially against regional Middle Eastern powers like Iran or non-state groups like Hezbollah.

IntelNews readers will recall that the IDF’s Unit 8200 is viewed by some Middle East observers as the creator of the Stuxnet virus. Stuxnet is a sophisticated malware that is believed to have been designed as an electronic weapon against Iran’s nuclear program. Among these observers is New York Times correspondent David Sanger; in his 2012 book, Confront and Conceal, Sanger claimed that Stuxnet was designed by NSA and Unit 8200 programmers as part of a joint offensive cyber operation codenamed OLYMPIC GAMES. According to Sanger, the two agencies collaborated very closely between 2008 and 2011 in order to bring about Stuxnet and other carefully engineered malware, including Flame.

Ha’aretz said that Rogers’ visit was meant to solidify US and Israeli cooperation on offensive cyber operations, based on the legacy of Stuxnet and Flame. During his visit to Israel, the US intelligence official also met with the heads of other Israeli intelligence agencies, said Ha’aretz.

Author: Joseph Fitsanakis | Date: 28 March 2016 | Permalink

US and Israel behind computer virus that hit Iran, say sources

Flame virus code segmentBy JOSEPH FITSANAKIS | intelNews.org |
Flame, a sophisticated computer malware that was detected last month in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum, was created by Israel and the United States, according to a leading American newspaper. Quoting “officials familiar with US cyber-operations”, The Washington Post reported on Wednesday that the malware, which is said to be “massive in size”, is part of a wider covert program codenamed OLYMPIC GAMES. The paper said that the US portion of the program is spearheaded by the National Security Agency, which specializes in cyberespionage, and the CIA’s Information Operations Center. The Post further claims that OLYMPIC GAMES has a three-fold mission: to delay the development of the Iranian nuclear program; to discourage Israeli and American officials from resorting to a conventional military attack on Iran; and to buy time for those officials who favor addressing the Iranian nuclear stalemate with diplomatic pressures coupled with sanctions. According to one “former intelligence official” quoted in The Post, the scale of OLYMPIC GAMES “is proportionate to the problem that’s trying to be resolved”. Russian antivirus company Kaspersky Lab, which first spotted the Flame virus in May, said that it is “one of the most complex threats ever discovered”. It is over 20 megabytes in size, consisting of 650,000 lines of code. In comparison, Stuxnet, a computer super-virus that was detected by experts in 2010, and caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Read more of this post

Comment: Who authored computer virus that ‘dwarfs Stuxnet’?

Flame virus code segmentBy JOSEPH FITSANAKIS | intelNews.org |
When the Stuxnet computer virus was detected, in 2010, it was recognized as the most sophisticated malware ever created. It had been specifically designed to sabotage Siemens industrial software systems, which were used in Iran’s nuclear energy program. Not surprisingly, most Stuxnet-infected computers were in Iran. Now a new, massive and extremely sophisticated piece of malware has been detected in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum. It is called Flame and, according to antivirus company Kaspersky Lab, which first spotted the virus last week, it is “one of the most complex threats ever discovered”. Simply consider that Stuxnet, which caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is over 20 megabytes in size, consisting of 650,000 lines of code; it is so complex that it is expected to take programming analysts around a decade to fully comprehend. The two are different, of course. Stuxnet was an infrastructure-sabotaging malware, which destroyed hundreds —maybe even thousands—of Iranian nuclear centrifuges. Flame, on the other hand, appears to be an espionage tool: it aims to surreptitiously collect information from infected systems. What connects them is their intended target: Iran. We now have Stuxnet, the most complex sabotaging malware ever discovered, which must have taken dozens of programmers several months to create, and Flame, the world’s most powerful cyberespionage tool ever detected by computer security experts. And both have been primarily directed at Iranian government computers. Read more of this post

News you may have missed #689: NSA edition

Michael HaydenBy IAN ALLEN| intelNews.org |
►►Ex-NSA Director calls Stuxnet a ‘good idea’. General Michael Hayden, once head of the NSA and CIA, who was no longer in office when the Stuxnet attack on Iran occurred, but who would have been around when the computer virus was created, denies knowing who was behind it. He calls Stuxnet “a good idea”. But he also admits “this was a big idea, too. The rest of the world is looking at this and saying, ‘clearly, someone has legitimated this kind of activity as acceptable'”.
►►NSA develops secure Android phones. The US National Security Agency has developed and published details of an encrypted VoIP communications system using commercial off-the-shelf components and an Android operating system. A hundred US government employees participated in a pilot of Motorola hardware running hardened VoIP called ‘Project FISHBOWL’, NSA Information Assurance Directorate technical director Margaret Salter told the RSA Conference in San Francisco on Wednesday. “The beauty of our strategy is that we looked at all of the components, and took stuff out of the operating system we didn’t need”, said Salter. “This makes the attack surface very small”.
►►Senior US Defense official says DHS should lead cybersecurity. In the midst of an ongoing turf battle over how big a role the National Security Agency should play in securing America’s critical infrastructure, Eric Rosenbach, deputy assistant secretary of Defense for Cyber Policy in the Department of Defense, said on Wednesday that the NSA should take a backseat to the Department of Homeland Security in this regard. “Obviously, there are amazing resources at NSA, a lot of magic that goes on there”, he said. “But it’s almost certainly not the right approach for the United States of America to have a foreign intelligence focus on domestic networks, doing something that throughout history has been a domestic function”.

News you may have missed #675

Eugene ForseyBy IAN ALLEN | intelNews.org |
►►US ‘has engaged in cyberwarfare’. Former National Security Agency Director Mike McConnell said in an interview with Reuters that the United States has already used cyber attacks against an adversary. Most believe he was referring to Stuxnet, the computer virus unleashed against Iran in 2010.
►►Philippines studying US offer to deploy spy planes. The Philippines is considering a US proposal to deploy surveillance aircraft on a temporary, rotating basis to enhance its ability to guard disputed areas in the South China Sea, the Philippine defense minister said last week. The effort to expand military ties between the United States and the Philippines, which voted to remove huge American naval and air bases 20 years ago, occurs as both countries grapple with the growing assertiveness of China.
►►Canadian intelligence spied on constitutional expert. Canadian security forces kept close tabs on renowned constitutional scholar Eugene Forsey from his early days as a left-wing academic to his stint as a senator, according to newly declassified documents. The collection of more than 400 pages, which has been obtained by Canadian newspaper The Toronto Star, reveals the RCMP Security Service (the predecessor to the Canadian Security Intelligence Service), followed Forsey for four decades throughout his career as an economics professor, research director for the Canadian Congress of Labour (now called the Canadian Labour Congress), a two-time Ottawa-area candidate for the Cooperative Commonwealth Federation and then his 1970 appointment as a Liberal senator. No surprises here.

News you may have missed #566 (analysis edition)

Jeffrey Richelson

Jeffrey Richelson

►►Stuxnet virus opens new era of cyberwar. Well-argued article by quality German newsmagazine Der Spiegel on Stuxnet, the sophisticated computer virus that attacked the electronic infrastructure of Iran’s nuclear program last year. The article argues that, in terms of strategic significance, the virus, which is widely considered a creation of Israeli intelligence agency Mossad, is comparable to cracking Germany’s Enigma cipher machine by Polish and British cryptanalists during World War II.
►►The fallout from the Turkish Navy’s recent spy scandal. Recently, the Turkish High Criminal court indicted members of an alleged spy ring operating inside the Turkish Navy. According to the indictment, members of the ring stole more than 165,000 confidential documents and obtained dozens of surveillance records and classified military maps. Its biggest customers were allegedly the intelligence services of Israel, Greece and Russia.
►►New edition of classic intelligence handbook published. A new edition of Jeffrey Richelson’s encyclopedic work on Read more of this post