Categories: SecurityWorkspace

US And Israel ‘Spawned Stuxnet’

The Stuxnet virus was created by the US and Israel, according to a report today, confirming suspicions held by many in the security industry.

Stuxnet was considered to be the most sophisticated piece of malware ever created when it emerged in 2010, targeting Iranian nuclear power plant centrifuges.

A piece in the New York Times, which consists of an extract from the book ‘Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power’ (due to be published next week), claims President Obama had ordered sustained cyber attacks on Iran’s nuclear enrichment facilities.

According to participants in the programme,  Stuxnet was actually classed as a botched operation when the US government let it get out in the open. After Stuxnet “escaped”, the US held an emergency meeting to discuss whether to shut the operation down. It was decided that the programme should press on, but use a fresh version of the worm to attack Iran’s Natanz plant.

Olympic Games attacks

The attack, which formed part of a campaign codenamed Olympic Games, started under President Bush, temporarily disabled 1,000 of centrifuges Iran was using to purify uranium. Stuxnet packed a powerful punch, as it was able to exploit four zero-day vulnerabilities at once – something that was unprecedented at the time.

The information on the Stuxnet operation was discovered following interviews with current and former American, European and Israeli officials, indicating Europe was also involved.

Although the operation was led by the US agencies, Israeli Unit 8200, a part of its military forces, was brought in because of its strong technical skills. This was also done because the Americans feared a pre-emptive strike by Israel on Iran. To get Stuxnet installed on Natanz systems, the cyber-spy team had to rely on workers at the plant plugging in thumb drives left there by insider sources.

“The intent was that the failures should make them feel they were stupid, which is what happened,” said one participant in the attacks.

The information would indicate the US and Israel created Duqu too, which was designed to steal data rather than directly disrupt critical infrastructure. Duqu was believed to have been created by the same team as Stuxnet.

The Flame cyber-espionage worm, which was outed this week and is believed to be the work of a nation state, is considered by some to be the result of another US-Israel collaboration.

Israel has not officially distanced itself from the project, whilst a US source recently told MSNBC that America was involved. However, that source said he had “no first-hand knowledge” of the hit.

During the Olympic Games push, Obama expressed concerns that if the US acknowledged its use of cyber weapons, it might allow others to justify attacks on the country. US policy states that it has the right to respond with real-world attacks if it deems a cyber hit serious enough.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • Only four countries had the technical know-how to develop the Flame virus: "Israel, the U.S., China and Russia."
    Since the virus was obviously intended for Iran, we can eliminate its friends China and Russia.
    This leaves only Israel and us.
    Having thoroughly demonized Iran, anything we do to it has become fair game.
    But there is nothing fair or right about taking another country's data. Certainly we would not want China or Russia taking our data and spreading it to 80 separate servers.
    As a leader of the world community aspiring for governance through universal fairness, we can no longer afford to follow the beaten path of expediency chosen by Israel. Doing so will not only deprive us of our moral authority, but will also squander our unique opportunity to fashion a more just and fair world.

  • As usual one law for them and one for the majority. Kids are being imprisoned for doing far less. Would be nice then if all governments got off their imagined high moral horses and allowed everybody to hack with impunity. See how long their secrets would stay secret.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago