Navigate to News section

How Stuxnet Came To Be

Worm, tested on Israeli centrifuges, is responsible for Iranian havoc

by
Marc Tracy
January 16, 2011
Iran's nuclear facility (and not an Israeli replica)(HAMED MALEKPOUR/AFP/Getty Images)
Iran's nuclear facility (and not an Israeli replica)(HAMED MALEKPOUR/AFP/Getty Images)

The New York Times reports today, in part quoting anonymous American intelligence officials, that Stuxnet, the mysterious computer worm reportedly disrupting Iran’s nuclear program, is the result of a multiyear Israeli-American collaboration that involved creating a replica of Iranian centrifuges at the secret Israeli nuclear facility in Dimona and testing the worm (which, remember, contains references to Esther, the historic Jewish underminer of Persian power). This testing was a crucial precondition for success. “To check out the worm, you have to know the machines,” an American expert says. “The reason the worm has been effective is that the Israelis tried it out.” They made a duplicate of their vault.

In many ways, the operation and this subsequent report bear a strong resemblance to the 2007 bombing of the Syrian nuclear reactor, which, as Yossi Melman detailed last week in Tablet Magazine, was essentially a coup of Israeli intelligence that was then stamped with an American brand as a gesture of alliance and diplomacy. And indeed the success of the mission is a P.R. victory for Israel at least as far as, say, the American public.

Over the past two weeks, we’ve received several hints that Iran’s nuclear program has slowed. It was believed that Stuxnet, the mysterious computer virus of likely Israeli origin (“Israeli officials grin widely when asked about its effects”), was playing a role in doing this. Stuxnet, the Times reports, has destroyed the effectiveness of at least one-fifth of Iran’s centrifuges by instructing them to spin way too quickly, while at the same time distorting what Iranian scientists think is happening, something it accomplishes by secretly recording normal operations and then playing the results of that back, “so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.” This, it must be pointed out, is also something that happens in Ocean’s 11.

The Times article confirms two pieces Tablet Magazine published last October. Michael Tanji reported then that Stuxnet’s most distinctive characteristic is that it “is much more in-line with traditional military or intelligence thinking than most malicious activity noted online;” the Times quotes a computer security expert, “Stuxnet is not about sending a message or proving a concept. It is about destroying its targets with utmost determination in military style.” And Melman guessed that the German industrial giant Siemens, which sold Iran much of the technology necessary to its nuclear program, “suffering from a degree of liability and guilt—Germans perpetrating a second Holocaust—willingly cooperated with Israeli intelligence;” while the Times does not prove Siemens’s knowledge of what exactly it was cooperating with (or certainly its motives), it does report that Siemens allowed American scientists to test its equipment for certain vulnerabilities.

“One small section of the code appears designed to send commands to 984 machines linked together,” the article notes. “Curiously”—that is some trademark Times coyness, folks—”when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer.”

A thought: In his recent profile of Dagan, for Tablet Magazine, Melman, a top Israeli spy correspondent, reported that the greatest success of Dagan’s tenure was Israel’s 2007 bombing of a then-secret Syrian nuclear reactor. The coup was both strategic and diplomatic:

For seven years no one—not Syrian ally Iran, not the CIA, neither French nor Israeli intelligence—had a clue about the North Korean-built reactor until April 2007, when Mossad agents discovered that Syria was within months of becoming a nuclear power. Dagan wasted little time. In September of that year, eight Israeli Air Force fighter planes and bombers destroyed the reactor. Israel never took responsibility for the attack. But Dagan’s people showed photos of the reactor before and after its destruction to the CIA, which presented the intelligence to Congress, creating the impression that the CIA was somehow involved in the operation.

This latest Israeli-American collaboration feels, as reported by the Times, awfully like a primarily Israeli job. Perhaps this is why the Obama administration has, over the past two months, been uncharacteristically reticent when it comes to Israeli building in the West Bank?

Israel Tests on Worm Called Crucial in Iran Nuclear Delay [NYT]
Related: Coded [Tablet Magazine]
Modern Warfare, Too [Tablet Magazine]
Uncloaked [Tablet Magazine]
Earlier: Iranian Nukes: Probably Slowed
Iran: Stuxnet Isn’t Harming Nuclear Program

Marc Tracy is a staff writer at The New Republic, and was previously a staff writer at Tablet. He tweets @marcatracy.