Stuxnet was work of U.S. and Israeli experts, officials say

By Ellen Nakashima and Joby Warrick, Friday, June 1, 9:03 AM


A damaging cyberattack against Iran’s nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama, who was eager to slow Iran’s apparent progress toward building an atomic bomb without launching a traditional military attack, say current and former U.S. officials.


The origins of the cyberweapon, which outside analysts dubbed Stuxnet after it was discovered in 2010, have long been debated, with most experts concluding that the United States and Israel likely collaborated on the effort. The current and former U.S. officials confirmed that long-standing suspicion Friday, after a New York Times report on the program.



The officials, speaking on the condition of anonymity to describe the classified effort code-named Olympic Games, said that it was first developed during the administration of George W. Bush and was geared toward damaging Iran’s nuclear capability gradually while sowing confusion among Iranian scientists about the cause of mishaps.


The use of the cyberweapon — code designed to infiltrate and damage systems run by computers — was supposed to make the Iranians think their engineers were incapable of running a uranium enrichment facility, said one participant in the cyberattack. “If you had wholesale destruction right away, then they generally can figure out what happened, and it doesn’t look like incompetence.”


Even after software security companies discovered Stuxnet loose on the Internet in 2010, causing concern among U.S. officials, Obama secretly ordered the operation continued. Overall, the attack destroyed nearly 1,000 of Iran’s 6,000 centrifuges — fast-spinning machines that enrich uranium, an essential step toward building an atomic bomb. The National Security Agency developed the cyberweapon with help of Israeli experts.


Iranian officials had no immediate comment on the news reports on Stuxnet Friday. In the past, they have blamed U.S. and Israeli officials and said that their nuclear program is for peaceful purposes such as generating electricity, not making bombs.


White House spokeswoman Caitlin Hayden declined to comment on Friday’s reports.


The revelations come at a particularly sensitive time, as the United States and five other world powers are engaged in talks with Iran on proposed cuts to its nuclear program. Iran has refused to agree to any concessions on what it says is its rightful pursuit of peaceful nuclear energy. The next round of negotiations are scheduled for later this month in Moscow.


Iranian officials have denounced the cyberattacks — as well as the slayings of four Iranian scientists in recent years — as part of a “terrorist” campaign backed by Israel and the United States. U.S. intelligence officials attribute recently foiled assassination plots against Israeli, U.S. and Saudi diplomats to an Iranian effort to retaliate against such covert actions.


In a statement released this week by Iran’s U.N. mission, a spokesman complained that Iran has been a “victim of vicious acts of terrorism” and accused the West of being hypocritical in its complains about alleged Iranian-sponsored attacks.


“This raises the question of who really supports terrorism,” the statement said.


Senior Bush administration officials developed the idea of using a computer worm, with Israeli assistance, to damage Iranian centrifuges at its uranium enrichment plant in Natanz.


“Effectively the United States has gone to war with Iran and has chosen to do so in this manner because the effects can justify this means,” said Rafal Rohozinski, a cybersecurity expert and principal of the SecDev Group, referring to the slowing of Iran’s nuclear program.


“This officially signals the beginning of the cyber arms race in practice, and not in theory,” he said.


With more countries in the race to develop cyberweapons, Stuxnet has set a precedent for their use that may embolden others to use them, some experts say.


U.S. officials have long had concerns about backlash, which is one reason why ambiguity about who was behind the worm was useful.
“I think it is very dangerous for the United States to do this stuff because the U.S. is the most vulnerable country in the world to e-attacks,” said one security official with knowledge of the program, referring to the country’s reliance on computers for everything from banking and commerce to running power systems and sending e-mail.