Stuxnet Virus Attack Details Emerge

The Stuxnet virus that decimated Iran’s nuclear program was introduced by a Dutch mole working with the CIA and Mossad, intelligence sources claimed, as Israel is shopping its cyber weapons to anyone with cash to buy. 

For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

The first-of-its-kind virus, designed to sabotage Iran’s nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

So an Iranian engineer was recruited by the Dutch intelligence agency AIVD, acting under the direction of the CIA and Mossad, to infect some 2,000 Iranian nuclear centrifuges with the catastrophic Stuxnet virus, which set that country’s nuclear program back years, according to intelligence sources who spoke to Yahoo News.

The mole, who posed as a mechanic, reportedly provided data that was critical to helping the virus’ developers shape their code to specifically target the systems at the Natanz plant where it was ultimately unleashed, then helped get the virus onto the plant computers using a flash drive. One of the sources called him “the most important way of getting the virus into Natanz.”

While the US and Israel were the primary players behind the initiative, designed to cripple but not destroy Iran’s nuclear program in order to force it to the negotiating table, the Netherlands, Germany, and one other country (believed to be France) were also allegedly involved, motivated by Israel’s insistence that Iran was developing a nuclear bomb. 

In addition to supplying the agent, the Dutch contributed information about the centrifuges, which were based on designs stolen from a Dutch company in the 1970s by a Pakistani scientist.

Stuxnet is widely considered to be the first offensive cyber-weapon, launching a “digital arms race” after a new and especially virulent version of the code, reportedly deployed by Mossad against US advice, was brought in by unsuspecting contractors who’d been infected elsewhere after the mole lost his access to the plant. 

The malicious code not only infected other companies the contractors worked with but spread to thousands of computers worldwide, bringing Stuxnet to public attention by June 2010. The exposure of the virus triggered a paradigm shift in cyber operations and set other countries, including the US’ enemies, clamoring for their own cyber-weapons.

Since then, Israel has capitalised on its reputation as one of the prime movers behind the deadly (for computers, at least) virus, selling cyber weapons to countries around the world. 

It’s about to get much less particular about whom it sells those weapons to, causing significant concern among cybersecurity and human rights groups who have already accused Tel Aviv of marketing insidious spyware like NSO Group’s Pegasus to repressive regimes who use it to spy on opposition politicians, human rights activists and even journalists.

These abuses occurred under a system that required 12 months or longer to approve cyber-weapons sales, with matters further complicated by marketing and export license requirements and sales restricted to tightly-vetted allies. 

Under the new system, purchases can be approved in as little as four months, and more companies will be eligible to obtain the licenses. More ominously, a larger pool of potential buyers will have access to the devastating cyber-weapons.

The Israeli Defense Ministry has justified loosening restrictions by insisting Israeli companies need the freedom to remain competitive in the industry, in defiance of a United Nations call for a global moratorium on cyber weapons sales.

Russia Today:         Yahoo:      deVolksrant

You Might Also Read: 

Dutch Intelligence Agency Pinpoints Cyberattacks:

 

 

 

« Attacks On Hong Kong Protesters
British Revenue & Customs Want A Head of Cyber Security Operations »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Vigilant Software

Vigilant Software

Vigilant Software develops industry-leading tools for intelligent, simplified compliance, including ISO27001-risk management and EU GDPR.

Cobalt Iron

Cobalt Iron

Cobalt Iron is a global leader in SaaS-based enterprise backup and data protection technology.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Softwerx

Softwerx

Softwerx is the UK’s leading Microsoft cloud security practice. We’ve been helping forward-thinking companies better secure their businesses for nearly twenty years.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Cisco Systems

Cisco Systems

Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.

Pellera Technologies

Pellera Technologies

Pellera Technologies is by a singular purpose: to empower organizations with innovative IT solutions that unlock potential, drive progress, and fuel transformation.