Iranian ‘Stuxnet’ attack was inside job

J.J. Green,

WASHINGTON – In March 2010, Iran’s Natanz uranium enrichment plant was infected by the “Stuxnet” virus. Originally it was heralded as a “cyberattack,” but recent developments suggest the attack was launched on-site by a person who plugged a 32MB memory stick into a computer at the facility. The resulting infection and activity temporarily crippled Iran’s effort to develop nuclear weapons.

It was no accident. A Western intelligence source says an Iranian double agent working at the facility did it.

That would explain the October 2010 statement from Iran Intelligence Minister Heidar Moslehi, who said “an unspecified number of nuclear spies were arrested in connection with Stuxnet.”

But in keeping with the zipped-up world of intelligence, Moslehi gave few details.

Intelligence experts now believe that mole was assisted by a sophisticated support network that was based on real-time, human intelligence from inside the facility.

“(It) was probably several state actors, because the sophistication and the time that was required to build the thing means they had a budget,” says Yael Shahar, director of the Intelligence Project at the Israeli Institute of Counter-terrorism.

Press reports suggest the spy who detonated the virtual bomb that corrupted more than one-fifth of Iran’s centrifuges is a member the Iraqi terrorist organization Mujahedeen-e-Khalq (MEK).

Intelligence sources say there are a number of factors that might point to a coalition between the U.S. and Israel, including relationships with the MEK. The CIA declined to comment, and the Israeli Embassy in Washington told WTOP, “We don’t know about it. We do not comment about it.”

Seymour Hersh of The New Yorker magazine reported April 6 that U.S. Special Forces trained elements of the MEK inside the U.S. at a remote site north of Nevada in 2005.

U.S. military and intelligence officials will not confirm the report and there is little evidence that the training ever happened. In fact, the MEK has been on the State Department’s list of Foreign Terrorist Organizations for more than a decade.

The New Yorker article also suggests the MEK has very close ties to Israel’s Mossad, which if true would explain the group’s involvement in the Stuxnet operation.

However, former CIA Director Michael V. Hayden is not so sure.

“Reports that anyone would be using the MEK against the Iranian government — from my point of view that’s strange credulity,” he says.

Part of Hayden’s thinking is based on U.S. law. The MEK is No. 29 (alphabetically) on the State Department’s list of Foreign Terrorist Organizations.

According to U.S. law, “It is unlawful for a person in the United States or subject to the jurisdiction of the United States to knowingly provide ‘material support or resources’ to a designated FTO. That definition includes training, expert advice or assistance, weapons, lethal substances, explosives, personnel and transportation, except medicine or religious materials.”

There have been efforts in recent years to get the FTO designation lifted from MEK because of claims the group is no longer involved in terrorist activities.

The identity of the actual perpetrator of the cyberattack may never be known, but regardless of who the tip of the spear was in the Stuxnet operation, Israel is suspected of involvement.

“I think it’s a good bet, (they were involved). I don’t know for sure. But, even if Israel had no part in it, it would be in Israel’s interest to make people think they had some involvement in it,” Shahar says.

Iran has regenerated some of the capability that the virus took away, but Shahar says Iran’s challenges go much further and wider than that malware attack.

“Stuxnet, in a sense, was the latest in the whole process of sabotaging the Iranian nuclear machine. The whole idea here is to sell them components that aren’t what they are intended to be, to sabotage components that are going to them through third countries,” she says.

Shahar says forcing Iran to go through black market channels makes them just as vulnerable as a common black market criminal.

“It doesn’t help them that they have to buy all their things on the sly through rather shady characters and I think they’ve been jilted by criminals more than they’ve been jilted by actual saboteurs,” he says.

Follow J.J. Green and WTOP on Twitter.

(Copyright 2012 by WTOP. All Rights Reserved.)

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up