Stuxnet Virus Attack Details Emerge

The Stuxnet virus that decimated Iran’s nuclear program was introduced by a Dutch mole working with the CIA and Mossad, intelligence sources claimed, as Israel is shopping its cyber weapons to anyone with cash to buy. 

For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

The first-of-its-kind virus, designed to sabotage Iran’s nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

So an Iranian engineer was recruited by the Dutch intelligence agency AIVD, acting under the direction of the CIA and Mossad, to infect some 2,000 Iranian nuclear centrifuges with the catastrophic Stuxnet virus, which set that country’s nuclear program back years, according to intelligence sources who spoke to Yahoo News.

The mole, who posed as a mechanic, reportedly provided data that was critical to helping the virus’ developers shape their code to specifically target the systems at the Natanz plant where it was ultimately unleashed, then helped get the virus onto the plant computers using a flash drive. One of the sources called him “the most important way of getting the virus into Natanz.”

While the US and Israel were the primary players behind the initiative, designed to cripple but not destroy Iran’s nuclear program in order to force it to the negotiating table, the Netherlands, Germany, and one other country (believed to be France) were also allegedly involved, motivated by Israel’s insistence that Iran was developing a nuclear bomb. 

In addition to supplying the agent, the Dutch contributed information about the centrifuges, which were based on designs stolen from a Dutch company in the 1970s by a Pakistani scientist.

Stuxnet is widely considered to be the first offensive cyber-weapon, launching a “digital arms race” after a new and especially virulent version of the code, reportedly deployed by Mossad against US advice, was brought in by unsuspecting contractors who’d been infected elsewhere after the mole lost his access to the plant. 

The malicious code not only infected other companies the contractors worked with but spread to thousands of computers worldwide, bringing Stuxnet to public attention by June 2010. The exposure of the virus triggered a paradigm shift in cyber operations and set other countries, including the US’ enemies, clamoring for their own cyber-weapons.

Since then, Israel has capitalised on its reputation as one of the prime movers behind the deadly (for computers, at least) virus, selling cyber weapons to countries around the world. 

It’s about to get much less particular about whom it sells those weapons to, causing significant concern among cybersecurity and human rights groups who have already accused Tel Aviv of marketing insidious spyware like NSO Group’s Pegasus to repressive regimes who use it to spy on opposition politicians, human rights activists and even journalists.

These abuses occurred under a system that required 12 months or longer to approve cyber-weapons sales, with matters further complicated by marketing and export license requirements and sales restricted to tightly-vetted allies. 

Under the new system, purchases can be approved in as little as four months, and more companies will be eligible to obtain the licenses. More ominously, a larger pool of potential buyers will have access to the devastating cyber-weapons.

The Israeli Defense Ministry has justified loosening restrictions by insisting Israeli companies need the freedom to remain competitive in the industry, in defiance of a United Nations call for a global moratorium on cyber weapons sales.

Russia Today:         Yahoo:      deVolksrant

You Might Also Read: 

Dutch Intelligence Agency Pinpoints Cyberattacks:

 

 

 

« Attacks On Hong Kong Protesters
British Revenue & Customs Want A Head of Cyber Security Operations »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

Onspring

Onspring

Onspring is the cloud-based platform of choice for governance, risk and compliance (GRC) teams and business operations experts across multiple industries.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

ThreatQuotient

ThreatQuotient

ThreatQuotient delivers an open and extensible threat intelligence platform to provide defenders the context, customization and collaboration needed for increased security effectiveness.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

DataViper

DataViper

DataViper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Custom Computer Specialist (CCS)

Custom Computer Specialist (CCS)

CCS offers an extensive range of services including cybersecurity solutions, consulting, implementation, and support to help our clients maximize the value derived from IT investments.