Might Stuxnet have been the preemptive first strike in Israel’s campaign against Iran’s nuclear program?
My post yesterday about Stuxnet noted cybersecurity experts who analyzed the massive computer worm which heavily infected computers in Iran speculated that the likely target was the Bushehr reactor. But there are several reasons leading away from Bushehr and towards Natanz as the more likely target. It is Natanz which is using centrifuges to enrich uranium which could potentially be used to create a nuclear weapon. The centrifuge enrichment process requires precise timing of industrial processes which could easily be disrupted by a worm taking over the factory controls.
Wired reports on this aspect of the story:
Frank Rieger, chief technology officer at Berlin-based security firm GSMK, thinks the more likely target in Iran was a nuclear facility in Natanz. The Bushehr reactor is designed to develop non-weapons-grade atomic energy, while the Natanz facility, a centrifuge plant, is designed to enrich uranium and presents a greater risk for producing nuclear weapons. Rieger backs this claim with a number of seeming coincidences.
The Stuxnet malware appears to have begun infecting systems in January 2009. In July of that year…WikiLeaks posted an announcement saying that an anonymous source had disclosed that a “serious” nuclear incident had recently occurred at Natanz… The site decided to publish the tip after news agencies began reporting that the head of Iran’s atomic energy organization had abruptly resigned for unknown reasons after 12 years on the job.
There’s speculation his resignation may have been due to the controversial 2009 presidential elections in Iran that sparked public protests — the head of the atomic agency had also once been deputy to the losing presidential candidate. But information published by the Federation of American Scientists in the U.S. indicates that something may indeed have occurred to Iran’s nuclear program. Statistics from 2009 show that the number of enriched centrifuges operational in Iran mysteriously declined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned would have occurred.
The same German security expert attempts to explain the fact that computers outside the target country were infected as well, by noting the Russian contractor building Bushehr had lax security and the worm could’ve spread both to its Iranian clients and ones in other countries as well like India and Pakistan. Though it’s true that the Russian contractor was working only on Bushehr and not Natanz, it’s entirely possible that the worm infected a computer at Bushehr and then was transferred to the Natanz system.
A correction to a point I made yesterday. Two digital certificates were used as part of the attack, but they weren’t forged as I reported. They were actually legitimate certificates stolen from two Taiwanese companies, which likely required a physical presence in Taiwan to do so. Again, this could easily have involved the Mossad or even Chinese intelligence (though that takes us in an entirely different direction).