Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon (29 page)

The halls of the White House may have been troubled over Stuxnet in 2010 after it was discovered, but in May 2008, optimism reigned among those who knew about the covert program, as the plot behind the digital weapon was unfolding exactly as planned.

At the time, the US presidential campaign was in full swing as candidates Barack Obama and John McCain were battling it out for the lead in the polls. President Bush was just beginning the final lap of his presidency when, during a visit to Israel to mark that country’s sixtieth anniversary, he was confronted with a bold request. The Israelis wanted US support and endorsement for an air strike to take out the uranium enrichment plant at Natanz.

The Israelis had been gunning for an air strike since at least 2003, when IAEA inspectors got their first look at Natanz and found highly enriched uranium particles in environmental samples taken from the plant. Talk of an air strike died down for a while after Iranian officials agreed to suspend their enrichment activities in 2003 and 2004, but returned in 2006 when Iran withdrew from the suspension agreement and proceeded to install the first centrifuges in one of the underground halls at the plant.
Now, with 3,000 centrifuges already in place and spinning, and the number expected to double soon, talk of a strike was growing louder than ever before.

Israel wasn’t the only one urging an attack. Behind closed doors, its Arab neighbors were just as adamant about halting Iran’s nuclear program, according to secret government cables released by WikiLeaks. “We are all terrified,” Egyptian President Hosni Mubarak told US diplomats at one point.
¹
Saudi Arabia’s King Abdullah privately urged the United States to do them all a favor where Iran and Ahmadinejad were concerned and “cut off the head of the snake.”
²
A nuclear-armed Iran threatened the peace of the entire region, not just Israel, Mohammad bin Zayed, crown prince of Abu Dhabi said. If Iran got the bomb, “all hell will break loose,” he said, warning that Egypt, Saudi Arabia, Syria, and Turkey would all seek nuclear weapons to maintain parity.
³
There were hawks within the Bush administration who supported an air strike as well—the “bomber boys,” as Bush called them. Vice President Dick Cheney, who had supported Israel’s attack on Syria the previous year, was among them.
⁴

But Bush opposed an air strike. “I think it’s absolutely absurd that people suspect I am trying to find a pretext to attack Iran,” he said in 2007.
⁵
Even if he did support a strike, he would have had difficulty drumming up widespread backing for one. A November 2007 Gallup poll showed that 73 percent of Americans preferred sanctions and diplomacy to an air strike against Iran, and the National Intelligence Estimate, released that year, asserted that Iran was not actively developing nuclear weapons, which also undermined support for an air strike.

Israel had, of course, been in this position before, seeking US support
for a strike—in 1981 when it took out Iraq’s Osirak reactor, and again in 2007 when it bombed the suspected nuclear reactor in Syria.
⁶
Israeli intelligence agents had obtained crucial information about the latter facility in 2006 when they tailed a senior Syrian official to London and installed a Trojan horse on his laptop after he unwisely left it behind in his hotel room one day. The malware siphoned dozens of documents from the computer, including blueprints and photos showing construction of the Al Kibar complex, which the Israelis believed was a nuclear reactor the Syrians were building to develop weapons. They won US support to attack the site after providing evidence that North Korea was helping Syria build it.
⁷

Late in the evening on September 5, 2007, Operation Orchard commenced when Israeli military jets departed from a base in Northern Israel and headed west toward the sea before suddenly banking east. They flew low as they crossed the border into Syria and took out a radar station near the Turkish border using electronic attacks and precision bombs. About twenty minutes later, they unloaded their cargo onto the Al Kibar complex before safely returning home without incident. Syrian president Bashar al-Assad downplayed the strike, saying the Israelis hit nothing but an empty military building. “There’s no people in it, there’s no army, there’s nothing in it,” he said.
⁸
But US intelligence determined that the reactor had been just weeks away from being operational before the Israelis took it out.
⁹

Now the Israelis wanted to do the same in Iran. They believed an air strike would set Iran’s nuclear program back at least three years. But an
attack on Iran carried many more complications and risks than the attacks on Syria and Iraq. In both of those cases, the Israelis had targeted a single, aboveground facility that was not heavily fortified, and in the case of Syria, the target was close enough to home that pilots could make their strike quickly and return before the Syrians had time to respond. A strike against Iran, however, would require refueling and a flight through large swaths of Arab airspace. And, instead of a single target, the planes would have to strike at least half a dozen sites dispersed throughout the country—the enrichment plant at Natanz and the uranium conversion plant at Esfahan being just two of them—some of which were underground. Iran had learned from the Israeli attack on Iraq decades earlier that the key to preserving its nuclear program was to disperse facilities around the country, and US officials had “little confidence” that Israel even knew the location of all the facilities it needed to strike to cripple the program.
¹⁰
Israel’s national security adviser Giora Eiland even admitted as much when he told a US congressional delegation in 2006, “We don’t know all the sites and we don’t know what we don’t know.”
¹¹

In his State of the Union address in January 2002, President Bush had identified Iran as part of the “axis of evil,” along with Iraq and North Korea, that threatened the peace of the world. The United States, he said, would not permit “the world’s most dangerous regimes” to “threaten us with the world’s most destructive weapons.”
¹²
They were strong words. But in the intervening years—years filled with the difficulties of prosecuting a war in Iraq—Bush had softened his stance. US Defense Secretary Robert M. Gates was convinced an attack on Iran would not only fail but would have wide-ranging repercussions on US troops in Iraq and Afghanistan. It might also trigger terrorist retaliation against Israel from pro-Iran groups in Lebanon and the Gaza Strip and disrupt oil prices, sending economic
shockwaves around the world. Most important, instead of curbing Iran’s nuclear ambitions, it could set Iran on an even more determined course to nuclear weapons and cause officials to kick IAEA inspectors out of the country, taking their nuclear activities even further underground and out of sight.

For all of these reasons and more, Bush rejected Israel’s push for an air strike, but not without an alternative strategy to take its place.
¹³

Two years earlier, Bush’s advisers had offered him what seemed like an even better solution to the problem with Iran, possibly even a brilliant one. And in the spring of 2008, while he was touring Israel for the last time as president, it looked like they might actually pull it off.

IT’S NOT CLEAR
exactly when the first planning and development on Stuxnet began, but sometime in 2006, after Iran withdrew from its suspension agreement, US military and intelligence officials reportedly brought the proposal for the cyber operation, later dubbed “Olympic Games,” to the president. Bush had been weighing his options for a while. With two protracted and complex wars already being fought in Iraq and Afghanistan, he had already decided he wanted no part in a third battle in the Middle East. On-the-ground covert attacks that physically sabotaged Iran’s nuclear sites also were ruled out, since they, too, would likely spark a war.
¹⁴

So his advisers proffered a third option—a digital bunker buster that, if designed and executed carefully, could achieve some of the same results as its kinetic counterparts, without all of the risks and consequences of those other attacks.

The military and intelligence communities had been preparing for an attack like this for nearly a decade and had engaged in smaller cyber operations
before, but nothing at the scale they were proposing now. Most previous operations were simply spy missions carried out with digital tools or digital operations conducted as adjuncts to conventional warfare—cyber activities meant to simply assist troops on the battlefield, not take their place.
¹⁵

This innovative new plan, however, called for a digital attack against the centrifuges and computer systems at Natanz to physically sabotage Iran’s uranium enrichment efforts. The requirements and restrictions for such an operation were extensive. It had to be a surgical strike capable of homing in on the specific machines the United States wanted to attack while leaving other systems unharmed. The code had to bypass internal security systems so that it could do its dirty deed undetected for months. And it had to cause enough damage for the results to have meaningful effects, without drawing attention to itself.

But if the attack succeeded, the potential payoff was huge. If a cyberstrike could destroy some of Iran’s IR-1 centrifuges or otherwise slow the country’s rapid race to nuclear breakout, it would relieve some of the pressure on diplomatic efforts and give the IAEA and intelligence agencies more time to gather evidence about Iran’s nuclear aspirations. It would also get the Israelis off their backs for a while. Israeli officials had accused the United States of dragging its feet on Iran; a digital attack on the nuclear program would prove that the United States wasn’t just sitting idly by, waiting for sanctions and diplomacy to succeed.

More important, if centrifuges were destroyed and uranium gas was wasted in the process, it would deplete Iran’s already dwindling supply of precious materials for the nuclear program. Experts estimated that Iran had only enough materials to build 12,000 to 15,000 centrifuges; if an attack could force Iran to waste a few thousand of the devices, it would cut sharply into that supply. If luck was on their side, it could also create a political rift in the Iranian regime. There was already pressure on Ahmadinejad and his supporters to achieve progress in the nuclear program; if a
covert attack thwarted their efforts and set the program back a few years, it could very well sow dissension within the regime.

The advantages of a cyberattack over other forms of attack were many. A digital bomb could achieve some of the same effects as a kinetic weapon without putting the lives of pilots at risk. It could also achieve them covertly in a way a physical bomb could never do, by silently damaging a system over weeks and months without being detected. The Iranians would eventually see the effects of the digital sabotage, but if done well, they would never know its cause, leaving them to wonder if the problem was a material defect, a programming error, or something else. Even if the Iranians discovered the malware, a digital attack done properly left no fingerprints to be traced back to its source. This plausible deniability was key, since the United States was trying to prevent a war, not start one.

There were other benefits to a digital attack. Air strikes had obvious disadvantages when it came to bombing facilities buried deep underground, as Natanz and other Iranian facilities were.
¹⁶
But a digital attack could slip past air-defense systems and electrified fences to burrow effortlessly into infrastructure deep underground that was otherwise unreachable by air and other means. It could also take out centrifuges not just in known facilities but in
unknown
ones. You couldn’t bomb a plant you didn’t know about, but you could possibly cyberbomb it. If Iran had other secret enrichment plants distributed throughout the country that used the same equipment and configuration as Natanz, a digital weapon planted in
the computers of the contractors who serviced them all could spread from known facilities to unknown ones.

Digital sabotage, albeit on a far less sophisticated level, wasn’t without precedent. In the 1980s, the CIA, the DoD, and the FBI had run a joint operation to sabotage software and hardware headed to the Soviet Union. It began after Lt. Col. Vladimir Ippolitovich Vetrov, a forty-eight-year-old official in the Line X division of the KGB’s Technology Directorate, began leaking intelligence to the French about a decade-long Soviet operation to steal technology from the West.

Vetrov leaked about three thousand documents, dubbed the “Farewell Dossier” by the French, detailing a long list of technologies the Soviets had already pilfered from the West as well as a wish list of items still to be procured. When the wish list made its way to Dr. Gus Weiss, an economics adviser to Reagan’s National Security Council, he proposed a shrewd plan to then-CIA director William Casey. The CIA would let the Soviets continue to obtain the technology they wanted—but with the spy agency slipping modified designs and blueprints into the mix to misdirect their scientific efforts toward money-wasting ventures. He also proposed modifying products and components before they reached the Iron Curtain so that they would pass any quality-assurance tests the Soviets might subject them to, then fail at a later date. The plan was a veritable win-win because even if the Soviets discovered the counterintelligence operation, they would forever be suspicious of any information or technology later acquired from the West, never certain how or if it had been altered or when it might malfunction. It would be a “rarity in the world of espionage,” Weiss later wrote in an internal CIA newsletter describing the scheme: “an operation that would succeed even if compromised.”
¹⁷

Under the scheme, “contrived computer chips found their way into
Soviet military equipment, flawed turbines were installed on a gas pipeline, and defective plans disrupted the output of chemical plants and a tractor factory,” Weiss wrote. Additionally, the Soviets were fed misleading information about stealth and tactical aircraft as well as Western space defense programs. The Soviet Space Shuttle was also built on “a rejected NASA design” that had been slipped to the Soviets, Weiss revealed.
¹⁸