Read Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon Online
Authors: Kim Zetter
While Chien and O’Murchu contemplated their new role in international politics, thousands of miles away in Iran, technicians at Natanz were still struggling over problems with their centrifuges. Though about 1,000 of the devices had been replaced months earlier, the cascades were only operating at 45 to 66 percent capacity, being fed much less uranium gas than they were capable of enriching. It was unclear to IAEA inspectors whether the problems were due to the natural growing pains that come with raising a new plant to maturity—Natanz began enriching uranium in 2007, but technicians were still installing new cascades and working out the kinks—or if something sinister was at play. The latter wouldn’t have been a surprise. Natanz was the focus of intense international scrutiny, and it was no secret that there were many who would do anything to shut it down. In fact, they’d been trying to do so for nearly a decade.
THE ANCIENT TOWN
of Natanz is located about two hundred miles south of Tehran and is home to the shrine of the thirteenth-century Sufi sheik Abd Al-Samad Esfahani, a model of early Persian architecture with
elegant terracotta bricks and intricately patterned cobalt tiles. Although it sits on the edge of the Dasht-e Kavir Desert in the shadow of the Karkas Mountains, the elevated garden town has an invigorating mountain climate and is filled with natural springs. It has long been known for its fertile orchards in general, and its succulent pears in particular. But on August 14, 2002, it became known for something else. That’s the day the National Council of Resistance of Iran (NCRI), a coalition of Iranian opposition groups in exile, convened a press conference at the Willard InterContinental Hotel in Washington, DC, two blocks from the White House, to announce that Iran was building an illicit nuclear facility near Natanz.
About two dozen reporters and representatives from NGOs, think tanks, and Iran watch groups filed into the Taft Room on the hotel’s second floor to hear what the group had to say. Among them was a twenty-nine-year-old blond woman named Corey Hinderstein who worked for the Institute for Science and International Security (ISIS), a nonprofit nuclear nonproliferation group that tracked nuclear activities in Iran and elsewhere.
As guests sat down and a cameraman for C-SPAN took up position in the back of the room, Alireza Jafarzadeh, spokesman for the group, wasted no time getting to his point. “Although on the surface, [Iran’s] main nuclear activity revolves around [the] Bushehr nuclear plant …” he said into the bank of microphones, “in reality, many secret nuclear programs are at work without any knowledge of [the] International Atomic Energy Agency.… Today, I am going to reveal to you two top-secret sites of the Iranian regime that they have succeeded to keep secret until today.”
1
Hinderstein and others shifted to attention.
Iran’s nuclear power reactor at Bushehr, an ancient coastal city overlooking the Persian Gulf, had been under construction on and off for thirty years. It was one of three sites that Iran had identified as nuclear facilities
under its safeguards agreement with the IAEA, the UN agency that tracks nuclear activities around the world to make sure that countries like Iran don’t use civilian nuclear facilities for covert nuclear weapons production.
For years Iran had insisted that its program at Bushehr, which was expected to be operational in 2005, was entirely peaceful in nature.
2
But there had long been rumors of secret nuclear facilities in Iran, including a covert uranium enrichment plant that might be used to create material for nuclear weapons. In 2001, US and foreign government sources had told Hinderstein’s colleagues at ISIS that secret nuclear sites did exist in Iran, but provided no details that would help them investigate. Now it seemed that Jafarzadeh’s ragtag group of dissidents might finally offer the proof that ISIS, and others, had been seeking.
Jafarzadeh, a thick dark mustache covering his upper lip, revealed the names of the two nuclear facilities, both of which were far north of Bushehr. One was a heavy-water production plant being built on the banks of the Qara-Chai River near Arak. “Anybody who has any kind of nuclear plans for nuclear weapons, they would definitely want to have heavy-water projects,” he said.
3
The other was a nuclear fuel manufacturing plant being built near an old highway that linked the town of Natanz to the town of Kashan. It was a joint operation of Iran’s Atomic Energy Organization (AEOI) and its Supreme National Security Council. To hide the plant’s true purpose, however, front companies had been established to secretly procure materials and technology for it. One of these was a company called Kala Electric
(also known as Kalaye Electric Company), which would later factor into Stuxnet as one of the companies believed to have been infected by the digital weapon.
4
Construction on the Natanz complex, which Jafarzadeh said covered 100,000 square meters of land and had cost $300 million already, began in 2000 and was expected to be completed in three months, at which point workers would begin to install equipment. The cover story for the plant was that it was a desert-eradication project. But if this was true, then it was an extremely important desert-eradication project, because a former prime minister of Iran had toured the site earlier that month as a representative of the Supreme National Security Council, and the head of the AEOI made monthly visits to nearby Kashan just to keep tabs on the project. Workers at the plant also were not allowed to discuss the project with local officials. A major argument had in fact recently broken out between the AEOI and the Kashan Governor’s Office because the AEOI would not discuss information about the site with the office, Jafarzadeh said. And when the deputy governor general of the province tried to visit the construction site at Natanz, he was turned away.
As Jafarzadeh rattled off details about the site and pointed to poster boards at the front of the room showing the network of front companies and individuals who were running the project, Hinderstein scribbled away in her notebook. With the general location of facilities cited, as well as the names and addresses of front companies revealed, it was the first solid evidence ISIS had received about Iran’s illicit nuclear program that might be independently verified.
The timing of the revelations wasn’t lost on Hinderstein. Iran was a signatory to the Treaty on the Nonproliferation of Nuclear Weapons, and under its safeguards agreement with the IAEA it was obligated to disclose the existence of any new nuclear facility 180 days before introducing nuclear material to the site so that inspectors could begin monitoring it. If the Natanz plant was indeed ninety days away from completion, then
Jafarzadeh’s group had exposed it just in time for IAEA inspectors to demand access to it before it opened.
All of this raised obvious questions about how the NCRI got their hands on top-secret intelligence that had seemingly eluded the world’s top spy agencies for years. Jafarzadeh insisted that his group obtained the information from people inside Iran who were directly associated with the program, as well as through extensive research and investigation by his group. But more likely it had come from US or Israeli intelligence agencies.
5
Israel had a history of leaking intelligence by proxy in order to sway public opinion without tainting the intelligence with its own political agenda. Israel was naturally the country with the most to fear from a nuclear-armed Iran, but it had obvious integrity issues when it came to calling out the nuclear activities of other nations, since it had long maintained its own covert nuclear weapons program, which it has never publicly acknowledged.
6
For this and other reasons, it conducted its political machinations behind the scenes by feeding intelligence to Western governments, the IAEA, and groups like Jafarzadeh’s.
If the information did come from the United States or Israel, Jafarzadeh’s group was an odd choice to leak it. The NCRI was the political arm of the Mujahedin-e Khalq, or MEK, an Iranian opposition group once known for its anti-Israel and anti-US stance. It was accused of killing six Americans in Iran in the 1970s as well as setting off bombs in Iran in 1981 that killed more than 70 people, including the Iranian president and prime
minister. The group had been on the US State Department’s list of terrorist organizations since 1997 but had been trying to rehabilitate its image to get off the list ever since. Helping to expose secret nuclear facilities in Iran would no doubt earn it support in Congress to achieve that aim.
7
The NCRI had made provocative claims about Iran’s nuclear program in the past, but some of them had proved to be false. There were questions about the accuracy of this new information as well. Jafarzadeh had identified the Natanz facility as a fuel-manufacturing plant, but this didn’t make sense to Hinderstein and her colleagues at ISIS. Iran was already planning to build a fuel-manufacturing plant not far from Natanz, so it didn’t seem logical to build a second one so close. Nonetheless, they were willing for now to accept the revelations as true. To help verify them, however, Hinderstein decided to seek out satellite images to see if she could spot evidence of construction that matched Jafarzadeh’s description.
Hinderstein had been with ISIS for six years—she’d come to the job straight out of college—and over time had become its resident expert on satellite imagery, an emerging tool that only recently had become available to groups like hers. For decades, satellite imagery, particularly high-resolution images, had been the sole domain of governments and intelligence agencies. The only time anyone else could see pictures from space was if a government agency or research institute decided to release them, which rarely occurred. Images only became available for the public to buy in the mid-1990s, but these weren’t very sharp. It wasn’t until several years later that images at 1.6-meter resolution—the resolution at which you could actually see details clearly—became available.
ISIS was one of the first nongovernmental organizations to invest in the expensive software needed to analyze the images, recognizing early on the important role they could play in nonproliferation work. Hinderstein’s first experience analyzing satellite images came in 1998, after Pakistan conducted
six underground nuclear tests in response to underground atomic detonations made by India. Working with a satellite imagery expert, she learned how to identify pixelated objects in the images and interpret shadows and gradations in order to decipher depth in the two-dimensional pictures.
About two months after the press conference, armed with the details from Jafarzadeh and extensive additional research, Hinderstein logged into their account at Digital Globe, one of two commercial providers of satellite images in the United States, to scour the archive for available images.
8
Today, satellites have imaged nearly every part of the Earth, with most pictures available to anyone via Google Earth. But in 2002, the only way to find images in Digital Globe’s archive was if someone had already commissioned the company to photograph a site, or if Digital Globe had taken images of a location on its own initiative, such as Niagara Falls or the Grand Canyon—images the company knew would sell well. To commission an image that wasn’t in the archive cost about $10,000, but once an image existed, it became available for others to purchase at one-third the price.
The Digital Globe interface that Hinderstein used looked like Google Maps, with small gray boxes that popped up on-screen wherever satellite images were available. But clicking on a gray box produced only a browsing image—a rough image of 16-meter resolution, which meant that every pixel showed 16 meters of ground. To see more detail, you had to buy the 1.6-meter version.
Hinderstein couldn’t believe her luck when she found images for both Arak and Natanz available in the archive. Jafarzadeh hadn’t provided exact coordinates for either of the two sites, so Hinderstein had to first locate Arak on the Digital Globe map, then move slowly outward from the town, searching in concentric circles until a gray box popped up. When she clicked on the image, it was clear this was a heavy-water production
plant as Jafarzadeh described. ISIS had identified such a plant in Pakistan a couple of years earlier, and the site near Arak looked very similar.
When she searched the region of Natanz, however, she found two possible locations in the middle of the desert where images were available. At each of the sites, three gray boxes stacked on top of each other popped up, indicating multiple images were available for both sites. It was as if someone had left a giant arrow directing her to them. The dates on the images indicated they had all been snapped September 16 and 26—weeks after Jafarzadeh’s press conference. It was clear that someone else had been seeking the same information that she was seeking. Hinderstein suspected it was the IAEA. The IAEA had established a satellite imagery analysis lab of its own the previous year, and it would have made sense for the agency to commission images after Jafarzadeh’s revelations.
9
Hinderstein clicked on the gray boxes at one of the sites and quickly eliminated it as the nuclear facility. It was nowhere near the 100,000 square meters Jafarzadeh described and looked more like a water-purification or sewage plant than anything to do with nuclear fuel. The other site, however, was more suspect. It was much larger than the first and showed obvious signs of massive, ongoing excavation. Despite the blurry 16-meter image, Hinderstein could make out what looked to be a collection of buildings and large mounds of churned earth inside two layers of security fences. She also noted a single road leading out to the site, suggesting the area had restricted access.
After she purchased and loaded the 1.6-meter image into their viewing tool, she could see numerous pipes laid out on the ground as well as large piles of gravel for mixing concrete. There was also a traffic roundabout that had already been partially paved. But as she studied the image more closely, she noticed something odd. Jafarzadeh had said the site was a fuel-manufacturing plant, but fuel-manufacturing was a very industrial process and tended to involve aboveground facilities with large smokestacks. There were no smokestacks at the Natanz site, however, and what’s more,
there were three large buildings that were being built deep underground, with a tunnel connecting them. The buildings were in the final stage of construction. She could also make out what appeared to be a series of circles around the perimeter of the site, suggesting the future location of anti-aircraft guns.