Read Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon Online
Authors: Kim Zetter
Then in January 2012, just a day after Israel’s military chief of staff said that 2013 would be a crucial year for Iran’s nuclear program, motorcycle assassins struck again in Iran, this time killing Mostafa Ahmadi Roshan with an explosive attached to his car. Roshan was initially identified as a thirty-two-year-old chemist who worked at Natanz, but an Iranian official later revealed he actually managed the Natanz facility and also worked procuring specialized equipment for Iran’s nuclear program.
Roshan’s title was deputy for trade affairs at Kala Electronics Company, which provided parts for Natanz. Kala, of course, was one of the companies believed to have been struck by Stuxnet.
16
A string of mysterious explosions also began to plague Iran. In November 2011, a massive explosion at a long-range-missile testing site killed more than thirty members of Iran’s Revolutionary Guard, including the general said to be the architect of Iran’s missile program.
17
Iran denied the explosion was the result of sabotage, insisting that it was an accident. But a Western intelligence source told the
New York Times
that the actual cause mattered little. “Anything that buys us time and delays the day when the Iranians might be able to mount a nuclear weapon on an accurate missile is a small victory,” he said. “At this point, we’ll take whatever we can get, however it happens.”
That same month, a blast occurred at the uranium conversion plant in Esfahan, reportedly damaging a facility where raw materials for the uranium enrichment program were stored.
18
Then in August 2012, explosions
took out power lines feeding electricity from the city of Qom to the underground enrichment plant at Fordow. News reports indicated that one of the explosions occurred when security forces found an electronic monitoring device disguised as a rock and tried to move it. The booby-trapped device was reportedly designed to intercept data from computer and phone lines at the enrichment plant.
19
In discussing the incident, an Iranian official revealed that power lines feeding electricity to the plant at Natanz were also taken out in a separate incident, though he didn’t say when or offer further details.
20
Whatever Stuxnet’s gains, they weren’t enough to allow the West to relax.
None of this should have been a surprise to anyone, according to Henry Sokolski, executive director of the Nonproliferation Policy Education Center. Every president since Bill Clinton had tried covert operations to disrupt Iran’s nuclear program, he noted to the
New Republic
, and none had succeeded. “Bush did it, Obama is doing it,” he said. But covert action was never a substitute for sound foreign policy. It could only ever be “a holding action” not a solution, he said.
21
Questions about the true nature of Iran’s nuclear pursuits remained. Toward the end of 2011, an IAEA report, described as “the most damning report ever published” about Iran by the agency, declared that the Islamic Republic had been working on building a nuclear weapon since 2003, despite earlier assertions by US intelligence that Iran had abandoned its
weapons program that same year.
22
The IAEA report wasn’t based on new information but on earlier documents the agency had received, including ones from the Iranian mole known as “Dolphin.” But although the information wasn’t new, the IAEA’s willingness to now assert that the documents were evidence of a nuclear weapons program was.
23
Israeli prime minister Benjamin Netanyahu once again renewed his call for a military strike against Iran. This time, however, the Iranians welcomed it. Iranian foreign minister Ali Akbar Salehi said defiantly that Iran was “ready for war” with Israel.
24
IF THERE IS
one thing to be said in Stuxnet’s favor, it’s that the digital attack, along with other covert operations, did succeed in staving off an ill-advised military attack against Iran. And despite continuing tension and gamesmanship, nobody has been willing to take that step in the wake of Stuxnet—a fact that ultimately left the door open for historic negotiations with Iran over its nuclear program that began in 2013. The initial discussions resulted in Iran agreeing to freeze core parts of its nuclear program—including halting the installation of new centrifuges and limiting the amount of enriched uranium Iran produces—in exchange for some loosening of sanctions against it.
25
But any Stuxnet gains have to be weighed against the negative residual effects as well. At a time when the United States was battling an epidemic of cyber espionage attacks from China, attacking Iran made it harder to condemn other nations for cyber transgressions against the United States.
As the party that fired the first known digital weapon, the United States was no longer in a position to preach abstinence to others.
One final and more lasting consequence of Stuxnet also had to be weighed against its limited and uncertain benefits: the malware’s release had launched a digital arms race among countries big and small that will alter the landscape of cyberattacks forever. Stuxnet’s authors had mapped a new frontier that other hackers and nation-state attackers will inevitably follow; and when they do, the target for sabotage will eventually one day be in the United States.
1
David Albright, Paul Brannan, and Christina Walrond, “Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? Preliminary Assessment,” Institute for Science and International Security, December 22, 2010, available at
isis-online.org/isis-reports/detail/did-stuxnet-take-out-1000-centrifuges-at-the-natanz-enrichment-plant
.
2
William J. Broad, John Markoff, and David E. Sanger, “Israeli Test on Worm Called Crucial in Iran Nuclear Delay,”
New York Times
, January 15, 2011.
3
Yossi Melman, “Outgoing Mossad Chief: Iran Won’t Have Nuclear Capability Before 2015,”
Ha’aretz
, January 7, 2011.
4
Mark Landler, “U.S. Says Sanctions Hurt Iran Nuclear Program,”
New York Times
, January 10, 2011.
5
Ivanka Barzashka, “Are Cyber-Weapons Effective?” Royal United Services Institute for Defense and Security Studies, July 23, 2013, available at
tandfonline.com/doi/pdf/10.1080/03071847.2013.787735
. It should be noted that Barzashka only examined the IAEA reports for 2009 and did not take into consideration other rounds of attack by Stuxnet in 2008 and 2010.
6
David Albright and Christina Walrond, “Performance of the IR-1 Centrifuge at Natanz,” Institute for Science and International Security, October 18, 2011, available at
isis-online.org/isis-reports/detail/test1
.
7
Olli J. Heinonen, “Iran Ramping Up Uranium Enrichment,” Power and Policy blog, July 20, 2011, published by the Belfer Center at Harvard Kennedy School, July 20, 2011, available at
powerandpolicy.com/2011/07/20/Iran-ramping-up-uranium-enrichment/#.UtM6Z7SYf8M
.
8
Barzashka, “Are Cyber-Weapons Effective?”
9
David Albright, Jacqueline Shire, and Paul Brannan, “Enriched Uranium Output Steady: Centrifuge Numbers Expected to Increase Dramatically; Arak Reactor Verification Blocked,” Institute for Science and International Security, November 19, 2008, available at
isis-online.org/publications/iran/ISIS_analysis_Nov-IAEA-Report.pdf
.
10
Author interview with Heinonen, June 2011.
11
Heinonen left the IAEA in October 2010 before the centrifuges were removed, therefore he didn’t have access to the inspector reports themselves to see the exact numbers, but he was certain the number of damaged centrifuges exceeded 1,000.
12
A July 2010 letter from the IAEA to Iran referenced “a number of incidents” involving broken seals at the plant. See IAEA Board of Governors, “Implementation of the NPT Safeguards Agreement and Relevant Provisions of Security Council Resolutions in the Islamic Republic of Iran” (report, September 6, 2010), 3; available at
iaea.org/Publications/Documents/Board/2010/gov2010-46.pdf
. The report does not specify whether the references are to seals placed on the walls or seals placed on gas canisters and other equipment, but an IAEA source told me they referred to wall seals.
13
An IAEA source told me that it was Iran who alerted inspectors to the broken seals, rather than the inspectors finding them on their own. The IAEA investigated the broken seals and found no wrongdoing on Iran’s part. But the investigation, he said, focused only on whether Iran might have broken the seals to remove nuclear material from the rooms out of the view of cameras, not on whether centrifuges might have been secretly removed from the rooms. When inspectors found that all of the uranium was accounted for, they concluded that the seals had not been intentionally broken for illicit purposes, but they left unexplored the possibility that they had been intentionally broken to remove broken centrifuges.
14
Author interview with Albright, February 2011.
15
Ulrike Putz, “Mossad Behind Tehran Assassinations, Says Source,”
Spiegel Online
, August 2, 2011, available at
spiegel.de/international/world/sabotaging-iran-s-nuclear-program-mossad-behind-tehran-assassinations-says-source-a-777899.html
. See also “Israel Responsible for Iran Killing: Report,”
Global Security Newswire
, August 2, 2011, available at
nti.org/gsn/article/israel-responsible-for-iran-killing-report
.
16
Roshan was given the title of “young nuclear martyr” after his death, and city streets and plazas were named after him. Saeed Kamali Dehghan and Julian Borger, “Iranian Nuclear Chemist Killed by Motorbike Assassins,”
Guardian
, January 11, 2012. See also Zvi Bar’el, “Iran Domestic Tensions Boil as West Battles Its Nuclear Program,”
Ha’aretz
, April 8, 2014. David Albright noted to me that when a scientist in the nuclear program is killed, the intent is to eliminate expertise and cripple the program. But killing someone involved in procurement for the program is meant to send a message and scare others from serving a similar role.
17
David E. Sanger and William J. Broad, “Blast That Leveled Base Seen as Big Setback to Iran Missiles,”
New York Times
, December 4, 2011.
18
Sheera Frenkel, “Second Blast ‘Aimed at Stopping Tehran’s Nuclear Arms Plans’,”
Times
(London), November 30, 2011. Iranian news agencies reported the blast initially, though the reports were later removed from websites, and officials retracted statements they had made confirming the blast. In February 2012, an Israeli ad joked about the explosion. The ad, for the Israeli cable TV company HOT, was later pulled offline. It featured members of an Israeli comedy series,
Asfur
, who sneak into Iran in drag dressed as Muslim women—likely a mock reference to the time former Palestinian leader Yasser Arafat was said to have escaped capture dressed as a Muslim woman. The three arrive in Esfahan, the site of the uranium conversion facility in Iran where the mysterious explosion occurred. As the comedians walk through town, a nuclear facility visible behind them, one of them spreads sunscreen on his face. When his companions look askance at him, he replies, “What? Don’t you know how much radiation there is here?” The bungling travelers then encounter a bored Mossad agent sitting at an outdoor café who tells them he’s been in town two months conducting surveillance and has been killing time watching on-demand episodes of
Asfur
on his Samsung Galaxy tablet, a gift his wife and he received for subscribing to HOT. “Nuclear reactor or no nuclear reactor, I’m not missing
Asfur
,” he says. One of the travelers reaches toward the tablet and asks, “What’s this application here?” As he presses something on the screen, a fireball explodes behind them at the nuclear facility. His companions look at him in shock and he replies, “What? Just another mysterious explosion in Iran.”
19
“Sources: Iran Exposed Spying Device at Fordo Nuke Plant,” Ynet (online news site for the Israeli newspaper
Yediot Ahronot
), September 23, 2012, available at
ynetnews.com/articles/0,7340,L-4284793,00.html
.
20
Fredrik Dahl, “Terrorists Embedded in UN Nuclear Watchdog May Be Behind Power Line Explosion,” Reuters, September 17, 2012, available at
news.nationalpost.com/2012/09/17/terrorists-embedded-in-un-nuclear-watchdog-may-be-behind-power-line-explosion-iran
. An Iranian official disclosed both incidents at the IAEA general conference in Vienna, accusing the IAEA of collusion. He noted that the day after the explosion that took out power lines feeding electricity to Fordow an IAEA inspector asked to conduct an unannounced inspection there. “Who other than the IAEA inspector can have access to the complex in such a short time to record and report failures?,” the official asked.
21
Eli Lake, “Operation Sabotage,”
New Republic
, July 14, 2010.
22
George Jahn, “UN Reports Iran Work ‘Specific’ to Nuke Arms,” Associated Press, November 8, 2011, available at
news.yahoo.com/un-reports-iran-specific-nuke-arms-184224261.html
.
23
Ali Vaez, “It’s Not Too Late to Peacefully Keep Iran from a Bomb,”
The Atlantic
, November 11, 2011.
24
“Iran Says United and ‘Ready for War’ with Israel,”
Ha’aretz
, November 3, 2011.
25
Anne Gearan and Joby Warrick, “Iran, World Powers Reach Historic Nuclear Deal,”
Washington Post
, November 23, 2013, available at
washingtonpost.com/world/national-security/kerry-in-geneva-raising-hopes-for-historic-nuclear-deal-with-iran/2013/11/23/53e7bfe6-5430-11e3-9fe0-fd2ca728e67c_story.html
.
On May 30, 2009, just days before a new version of Stuxnet was unleashed on computers in Iran, President Barack Obama stood before the White House press corps in the East Room to address the grave state of cybersecurity in the United States. “We meet today at a transformational moment,” he said, “a moment in history when our interconnected world presents us, at once, with great promise but also great peril.”