President Barack Obama ordered the Stuxnet attack on Iran as part of a wave of cyber sabotage and espionage against the would-be nuclear power, according to a new book citing senior Washington sources
The computer virus, aimed at the Natanz uranium enrichment facility, was designed to damage centrifuges by making covert adjustments to the machines controlling them.
It formed part of a “wave” of digital attacks on Iran codenamed “Olympic Games” and was created with the assistance of a secret Israeli intelligence unit, The New York Times said in a report based on a book chronicling secret wars under the Obama administration
The report confirms the suspicions of computer security experts who detected and forensically examined Stuxnet in 2010. They reasoned that the technical expertise and human intelligence sources needed to create and deliver what was described as the “world’s first cyberweapon” pointed to a joint operation by American and Israeli agencies.
Such third parties reportedly discovered Stuxnet as the result of a “programming error” that meant it spread beyond the computer network at Natanz. According to the account, President Obama asked his national security advisers whether the attack should be halted at a White House Situation Room meeting convened days after the virus “escaped”, but decided to intensify it instead.
It’s estimated that Stuxnet crippled around 1,000 of 5,000 Natanz centrifuges by spinning them at damagingly high speeds.
“This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” said Michael Hayden a former director of the CIA and NSA, who did not reveal his own knowledge of “Olympic Games”.
Commentators suggested that confirmation of American involvement in Stuxnet had been released by others to neutralise any Republican election claims that President Obama has been soft on Iran.
“Obama wanted to get credit for Stuxnet, as that makes him look tough against Iran,” said Mikko Hypponen, chief research officer at F-Secure, one of the security firms that have investigated Stuxnet.
The first stage of the attack, a “beacon” designed to report back details of systems at Natanz to the National Security Agency, America’s electronic intelligence agency, was however mounted speculatively under the Bush administration, according to unnamed officials.
Confirmation of American involvement in Stuxnet comes as computer security experts begin to unpick an even more complicated virus, Flame, which was detected last month and also appears to target Iran. It is written for espionage rather than sabotage, but like Stuxnet is passed from computer to computer by USB thumb drives, a design feature apparently meant to limit its spread and so reduce its risk of detection.
Getting Stuxnet into Natanz therefore required a worker at the plant to carry it in on a USB thumb drive.
“That was our holy grail,” one of the architects of the plan told David E Sanger, the author of the new book, Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power.
“It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”
The same officials declined to say whether the United States was involved in the Flame attack, which appears to have begun five years ago, although they did say it was not part of the “Olympic Games” programme.