Your email is not valid
Recipient's email is not valid
Submit Close

Your email has been sent.

Click here to send another

Coded

Israel may or may not have been behind the Stuxnet ‘worm’ attack on Iran—and it doesn’t matter whether it was

Print Email
(Photoillustration: Tablet Magazine; Natanz photo: Getty Images; code: Wikimedia Commons)
Related Content

Modern Warfare, Too

The Stuxnet attack on Iran is a new development in the evolution of cyberwarfare

Spies Like Us

Spy vs. spy intrigue between the CIA and Israel, centered around the U.S. Embassy in Tel Aviv

A year and a half ago, the German engineering giant Siemens won a contract to supply the Israel Airports Authority with a new conveyor system worth $50 million. The deal raised eyebrows inside and outside Israel. For years, Siemens had been the largest German trade partner with the ayatollahs in Iran, providing them with sophisticated hardware and software for key industrial plants, including oil rigs, gas pipelines, and refineries, to the tune of over one billion euros. Occasionally, it was reported that some of the Siemens equipment and “dual use” components had found their way to Iran’s nuclear installations. Why was the Israeli government allowing one of its state-owned authorities to do business with Siemens?

Complaints about the dubious deal were brought to Uzi Arad, the national security adviser who, together with his boss, Prime Minister Benjamin Netanyahu, rarely misses an opportunity to sound alarms over the threat of Iran destroying the Jewish state with a second Holocaust. Arad shrugged the situation off, explaining that the matter was neither under his watch nor part of his turf; instead it was for the Ministry of Finance. But that ministry also did nothing.

The Siemens deal was interpreted at the time as a typical Israeli bureaucratic entanglement—or an example of official Israeli hypocrisy. But with the discovery of Stuxnet, the malicious software—a “worm”—that was eating and damaging Iran’s nuclear computers and slowing down at least two key installations (the uranium enrichment facility at Natanz and the nuclear reactor at Bushehr), a third possibility suggests itself: a hidden connection between the Israeli intelligence community and a German company that was selling advanced machinery to Israel’s most dangerous adversary.

Computer experts agree that the Stuxnet worm was created by a powerful, resourceful, and technologically skillful organization—and not by freelance hackers. The worm contaminated Siemens control software that was sold by the company to Iranian civilian projects but somehow found its way into its nuclear sites despite U.N. Security Council sanctions.

The major question is how the creators of Stuxnet did it. There are a few possibilities. One is that the intelligence agency behind the attack recruited a Siemens programmer who sold his secrets for financial gain or for other reasons. Another explanation could be that Siemens, suffering from a degree of liability and guilt—Germans perpetrating a second Holocaust—willingly cooperated with Israeli intelligence, which in return offered Siemens a way out of being implicated if and when the worm was discovered.

This last seems to be the least plausible scenario, since the German corporation admitted that 15 of its customers have been affected—including chemical and power plants and production facilities. Five of the 15 companies affected have their headquarters in Germany, while the others are based in the United States, other Western European countries, and Asia. But even if Siemens itself didn’t cooperate, it’s also possible that the BND—Germany’s foreign espionage agency, which is a strong ally of both the Israeli Mossad and the CIA and is a partner in the battle against Iranian nuclear program—was somehow involved in the operation.

Whatever the facts are, Siemens has invested extensively in Israeli high-tech and industrial companies.

According to computer security experts, the worm managed to penetrate the Siemens software and find its way into Iran via Taiwan. Two and a half years ago, the writers of Stuxnet broke the security protections of two Taiwanese firms and planted the worm on their equipment. One, JMicron, is a small and relatively unknown company. The other, Realtek Semiconductors, is large and fairly well-known in its field. A few months later, both the Mossad and the CIA filed complaints to the Taiwanese government that Iranian agents had penetrated the market and acquired 100 transducers, which were secretly shipped to Tehran. The transducers, an essential component for operating centrifuges in Natanz, were originally manufactured in Europe and then sold to a company in Taiwan, which then sold them to Iran’s defense ministry.

Can it be that the complaints about the transducers were a decoy to divert attention from the original Mossad or CIA break-in via Taiwan? In the dark world of secret intelligence operations, characterized by disinformation and webs of lies, everything is possible.

There could be, however, a simpler version of what happened.

Iran’s intelligence minister said on Saturday that authorities had arrested several “nuclear spies” who were working to derail Tehran’s nuclear program through cyberspace.

Without saying how many people had been arrested or when, Heydar Moslehi, the intelligence minister, was quoted on state television’s website as saying Iran had “prevented the enemies’ destructive activity.” He added that intelligence agents had discovered the “destructive activities of the arrogant (Western powers) in cyberspace, and different ways to confront them have been designed and implemented.” Behind Moslehi’s vague words was the suggestion that the enemies of Iran had planted the worm using the techniques of classical intelligence work: recruiting Iranian agents and providing them with the malicious software.

If indeed Israeli intelligence independently (or in a joint operation with its U.S. counterpart) is behind this unique and unprecedented cyberattack, they will never admit it. These are the rules of the espionage game. You spy, you steal secrets, you bug phone lines, you plant viruses that sabotage, and you even kill, but you never take the responsibility, even if you are caught red-handed. A worldwide search is now under way for clues to the identity of the creators and spreaders of the worm.

Last week the New York Times reported the discovery of the word “Myrtus” in the Stuxnet code, which corresponds to the Hebrew word for the Bible’s Queen Esther. The article noted that the Book of Esther describes “the Jews preempt[ing] a Persian plot to destroy them.” The computer security firm Symantec analyzed another data point about the worm. It found the digits 19790509. This is thought to be an infection marker, which, if set correctly, allows infection to occur. The digits appear to point to the date of May 9, 1979.

While a variety of historical events occurred on May 9, 1979, one of them, according to Wikipedia, is that “Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the closely knit Iranian Jewish community. [Elghanian] was the [president of Tehran’s Jewish society] and the first Jew and one of the first civilians to be executed by [Iran’s post-revolutionary] Islamic government. This prompted the mass exodus of the once 100,000 member strong Jewish community of Iran which continues to this day.”

These explanations have an anecdotal value. When you plan such an operation, you check and recheck and double check each digit and each letter. Israeli and U.S. intelligence are not so sloppy as to leave behind such clumsy fingerprints. If they wanted to engage in a mind game, they would have done it in a more amusing and sophisticated manner.

The evidence pointing to Israel remains circumstantial. Israel is threatened by Iran, whose president, Mahmoud Ahmadinejad, continues to talk about the need for history to wipe the Jewish state from the face of earth. Israelis fear—rightly or wrongly—that once Iran has nuclear weapons, Israelis might be victims of a nuclear attack. The Israeli government has attempted to mobilize international diplomatic pressure on Iran and utilize friendly intelligence agencies to collect data on Iran’s nuclear program. Since Meir Dagan was appointed as head of Mossad eight years ago and assigned to coordinate Israeli efforts, Iran’s nuclear program has topped Israel’s list of intelligence priorities.

Israel has recruited top agents among the upper echelon of Iran’s nuclear scientists and directors. Alone and together with other international espionage agencies, Israeli intelligence has been trying to sabotage Iranian facilities in order to slow down progress toward a bomb. Iran’s uranium enrichment complex is the prime target for any future Israeli or U.S. military assault. A glimpse into the shadow war against the Iranian nuclear program was provided in the sections of James Risen’s 2006 book State of War, in which he detailed joint Mossad and CIA plans to sabotage the electrical grids leading to Iranian nuclear sites—plans that failed to materialize.

Over the past decade, Mossad and CIA planners successfully set up front and dummy companies all over the world with the aim of gaining the trust of Iranian purchasing networks and then selling them flawed components—a method known in intelligence parlance as “poisoning” enemy systems. So, why not try to “poison” Iranian systems further by planting malicious worms?

Israeli intelligence was one of the first in the world to understand the importance of computers and to apply them for military-intelligence use. Rafi Eitan, a former Mossad agent who specialized in covert operations and served as a chief adviser to several prime ministers, told me that already in the late 1970s he realized the significance of the evolving Internet and the virtual world for intelligence-gathering operations. Since then, Israel’s unit 8200 of the military intelligence branch—the equivalent of the National Security Agency in the United States—has been at the forefront of military efforts into technological attacks. Unit 8200 pioneered sigint (signals intelligence—listening to, intercepting, and deciphering enemy communication lines), elint (electronic intelligence), visint (visual intelligence—the collection of data and imagery from satellites and reconnaissance flights), and, in the last decade, netint.

Netint is the art of using cyberspace for intelligence purposes: You engage and try to recruit enemy agents by emails and chat rooms, send coded messages, “poison” computers. A few months ago, General Amos Yadlin, the commander of Israeli Military Intelligence, gave a public lecture at the Institute for National Security Studies at Tel Aviv University. His topic was the changing nature of intelligence in the 21st century. The virtual world, he said, is important to the daily work of intelligence in two ways: defending one’s secrets and assaulting the enemy. His lecture was delivered long before the world learned about Stuxnet.

Yossi Melman is a senior writer on strategic affairs, intelligence, and nuclear issues for Haaretz. He is writing a book about the Mossad’s wars in the last decade.

Print Email

I don’t think Tablet should run stories that rehash what has been in the media for weeks and add nothing new.

Mike Murray says:

Good article. Surely such technology could be used against Israel and the United States.

michel wandel says:

excellent recap of the informations available on open sources: concise and well documented. thanks.

Rivka says:

If this excerpt is true, I applaud the creators.

nsatichman says:

Few of us are sophisticated or as up-to-date as David E Y Sama. I think Tablet is doing a service for the community that merits praise rather than blubberish blubber.

Devorah says:

I agree with Rivka. I am SO happy about the whole Stuxnet. Way to strike a winning blow without human casualty! Go brothers!

Rob Braun says:

Watch out about giving out too many congratulations, this kind of worm can metastasize into other computer systems world wide, even our own. We are all vulnerable. Remember the Beijing computer virus? The inter-connectedness of the world computer systems render everyone susceptible to computer worms and viruses. We need to treat this story as a cautionary tale for everyone. All of the world’s governments, militaries, banking commerce and industry run on very vulnerable computer systems. Dealing with hackers, whether government sponsored or private individuals, is always a catch up game. They usually aren’t discovered until the damage is done. This Iranian story is prime example of this.

The less is said, confirmed or speculated, the better. While highlighting the existence of alleged Unit 8200 may serve as a deterrent, such things ought not to be revealed one way or another in public.

That is a awesome read. I will be sure to often check Coded – by Yossi Melman > Tablet Magazine – A New Read on Jewish Life for more information!

This is just what I’ve been looking for all day long. Don’t stop updating this website.

Honestly I’m completely into this blog

I really appreciate this post. I’ve been looking everywhere for this! Thank goodness I found it on Bing. You’ve made my day! Thank you again

How is it that just anybody can create a weblog and get as popular as this? Its not like youve said something incredibly impressive more like youve painted a pretty picture more than an issue that you know nothing about! I dont want to sound mean, here. But do you seriously think that you can get away with adding some quite pictures and not really say something?

I’ve said that least 685733 times. The problem this like that is they are just too compilcated for the average bird, if you know what I mean

Mortgage loans can be handy http://macworld.web.id/forums/index.php?action=profile;u=172335 whatever more than once, originating from a remortgage and moreover locating a improve value, at the very least consuming among the developing justness in your residence to secure investing in guaranteed home mortgage, training capitol that will eliminate established financial obligations perhaps concluding these inevitably longed-for girl results.

Your blog is much cherished. Thank you very much for maintaining a collection of useful post.

Music began playing anytime I opened up this site, so irritating!

2000

Your comment may be no longer than 2,000 characters, approximately 400 words. HTML tags are not permitted, nor are more than two URLs per comment. We reserve the right to delete inappropriate comments.

Thank You!

Thank you for subscribing to the Tablet Magazine Daily Digest.
Please tell us about you.

Coded

Israel may or may not have been behind the Stuxnet ‘worm’ attack on Iran—and it doesn’t matter whether it was

More on Tablet:

Did Israel Say Hamas Didn’t Kidnap Its Teens? No.

By Batya Ungar-Sargon — New York, NYRB and Andrew Sullivan promulgate problematic claim