The Stuxnet virus that damaged Iran’s nuclear program was implanted by an Israeli proxy, an Iranian, who probably used a corrupt “memory stick.32,” former and serving U.S. intelligence officials said.
In the continuing battle to hold off the Iranian nuclear program, Iranian proxies have also been active in assassinating Iran’s nuclear scientists, these sources said.
These sources, who requested anonymity because of their close proximity to investigations, said a saboteur at Natanz, probably a member of an Iranian dissident group, used a memory stick to infect the machines there. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility. “Iranian double agents” would have helped to target the most vulnerable spots in the system,” one source said. In October 2010, Iran’s intelligence minister, Heydar Moslehi announced an unspecified number of “nuclear spies” were arrested in connection with Stuxnet.33 virus.
Former and senior U.S. officials believe nuclear spies belonged to the Mujahedeen-e-Khalq (MEK), which Israel uses to do targeted killings of Iranian nationals, they said. “The MEK is being used as the assassination arm of Israel’s Mossad intelligence service,” said Vince Cannistraro, former head of the CIA’s Counterterrorism. He said the MEK is in charge of executing “the motor attacks on Iranian targets chosen by Israel. They go to Israel for training, and Israel pays them.” Other former agency officials confirmed this.
As ISSSource reported, Stuxnet was a comprehensive U.S.-Israeli program designed to disrupt Iran’s nuclear technology. This joint program first surfaced in 2009 and worked in concert with an earlier U.S. effort that consistently sabotaged Iran’s purchasing network abroad.
But the United States never indulged in targeting killings of Iran scientists, and former senior U.S. officials said most of the U.S. public has remained unaware of a separate Israeli program, independent of the United States, that has, for ten years, has been also assassinating key Iranian nuclear scientists and sabotaging key Iranian facilities using a proxy group of Iranian dissidents. These dissidents have a functioning, effective network inside Iran and they have access to officials in the nuclear program.
The MEK has a shadowy and unsavory history. Founded in the 1970s, the group was stridently anti-shah and allied itself with the dictatorship of Iraq’s Saddam Hussein from which it received most of its supplies. Performing security for Saddam, the MEK assisted Saddam in the slaughter of his domestic opponents and the massacre of Iraqi Shias and Kurds in the 1991 uprising.
As the military wing of the National Council of Resistance of Iran (NCRI), the MEK targeted Iranian officials and government facilities in Iran and abroad. In the 1970s, the group also attacked and killed Americans. According to one former senior CIA official who spoke on background to ISSSource, the MEK is particularly violent. In France, they conducted killings in Paris, including six or seven U.S. Army sergeants.” He added the French “were terrified of them.”
In 2003, the United States listed the NCRI as a terrorist organization and closed its Washington office. U.S. forces in Iraq captured the MEK’s weapons and turned the MEK over for investigation of terrorist acts. Since then, the group has been peeling off Iranian nuclear scientists one by one.
When ISSSource asked Paul Pillar, a 28-year CIA veteran whether Israel was killing secondary or tertiary scientists instead of its major ones, he replied, “Israel kills any Iranians it can.” Since 2007, five Iranian nuclear scientists have been killed in Iranian territory, many victims dying from magnetic bombs that terrorists had attached to the exterior of their cars.
The damage caused by the MEK is not confined to killing individuals. On Oct. 12, 2011, just before Iranian President Mahmoud Ahmadinejad was to arrive in Lebanon, a huge blast destroyed an underground site near the town of Khorramabad in western Iran that housed most of Iran’s Shehab-3 medium-range missiles capable of reaching Israel and Iraq. A far right wing Israeli website, Debka, reported Iran suffered a “devastating blow” to its nuclear program. The blast killed 18 and wounded several more.
Former and serving U.S. officials both fingered the MEK as the killers. One such official said “computer manipulations,” caused the blast. They said the spies inside Iran had the access, the contacts, the positions and technical skill to do the job. “Given the seriousness of the impact on Iran’s (nuclear) program, we believe it took a human agent to spread the virus,” said one former U.S. intelligence source.
Once the memory stick was infected, Stuxnet was able to infiltrate the network and take over the system. U.S. officials said they believe the infection commenced when the user simply clicked on the associated icon in Windows. Several reports pointed out this is a direct application of one of the zero-day vulnerabilities Stuxnet leveraged.
The building and deploying Stuxnet required extremely detailed intelligence about the systems it was supposed to compromise, and has made reprogramming highly specific installations on legacy systems more complex, not less. According to public reports, the Stuxnet mystery was unveiled in June 2010, when a small company called VirusBlokAda in Minsk, the capital of Belarus was emailed by a dealer in Tehran about an irritating problem some of his clients were having with their computers.
The company analyst saw that the computers were constantly turning off and restarting. At first the analyst thought it was just a problem with the hardware. But when they said that several computers were affected, not just one, VirusBlokAda understood that it was a problem with the software the computers were running.
U.S. officials confirmed Stuxnet takes advantage of zero-day” vulnerabilities. This type of virus had been previously undetected, and remained unidentified by anti-virus software. According to public reports, early versions of Stuxnet used certificates by Realtek Semiconductor systems – later versions used certificates from JMicron Technology Corp. The use of these certificates gives the worm the appearance of legitimate software to Microsoft Windows.
In a report, Symantec said yes, Stuxnet was "splattered" far and wide, but it only executed its damaging payload where it was supposed to. The virus was so efficient that it could deliver its payload only to the designated target, and would not damage adjacent machines. Another expert, a former CIA official, likened it to a flu virus that only makes one family sick. Stuxnet was designed for sabotage, not crime.
It is very interesting to note that Stuxnet was not the first virus used by the U.S. military intelligence to try and disable opponents. In the 1980s, the United States had considerable success at planting viruses inside Soviet military-industrial structure that could be activated in time of war, a process still continuing with China. “We put in bugs inside the Soviet computers to feed back satellite information that had been ‘leeched’ off hard drives, “in the Soviet Defense Ministry and others,” said a former U.S. intelligence official.
In December 1991, just before Desert Storm, the CIA and the British Government Communication Headquarters (GCHQ) had experimented with all sorts of viruses to inject into Iraq’s computers. In December, CIA operatives, working in Jordan, infiltrated bugs into hardware smuggled across the border and into Baghdad. Once in place, NSA and GCHQ believed the virus would spread like a virulent cancer through the Iraqi Command and Control system, infecting every computer system it came across. But before the virus had reached its target, the air war began. U.S. planes destroyed Saddam’s command and control network, including the buildings where the infected computer hardware had been so successfully inserted. As a result, one of the most successful intelligence operations of the war was buried beneath the rubble. “The intelligence people were very pissed -- all that work for nothing,” said a former senior official.
Richard Sale was United Press International’s Intelligence Correspondent for 10 years and more recently has been intelligence correspondent for the Middle East Times, a publication of UPI.
These are all one-shot affairs.
As Dr. Abassi, head of Iran Atomic Energy Organization and a Vice President, who survived an assasination attempt earlier, observed a few weeks ago: "We are fortunate that we have Americans as our teachers."
Posted by: Babak Makkinejad | 19 April 2012 at 05:03 PM
To all,
The way Mr. Salle summarizes the MEK's "accomplishments", they seem to be a pretty professional & impressive force.
But I'm not clear on what they are tapping into...to get Iranians themselves to participate in such complex infiltrations & operations.
Many have said that Iranians across the spectrum support the idea of the nation acquiring nuclear weapons. Here in Canada, we had the popular dissident Hossein Derakshan (now imprisoned by Iran) proudly welcoming the prospect of a nuclear-armed Iran.
Yet the MEK is going out of its way to undermine the long-term security of a state they wish to rule some day. And they are clearly working for the benefit of foreign governments who would find them unacceptable in any other circumstances.
Perhaps they are recruiting from disgruntled ethnic groups? Perhaps the lure of foreign currency is enough? Neither seem like convincing explanations for the breadth of what they seem to have accomplished.
Posted by: Paul Escobar | 20 April 2012 at 05:13 AM
If this is such a threat to Iran's grid then why are we making a concerted push for open-source applications on the grid in the US?
http://www.pjm.com/about-pjm/exploring-tomorrows-grid/smart-grid.aspx
Posted by: Fred | 20 April 2012 at 09:58 AM
From my own direct conversations with people deep in the US and Israeli national security establishments, I can say that there is nothing in Richard Sale's excellent report that in any way contradicts what I've been told. Collaboration between the US and Israel on cyberwarfare is going on at an unprecedented level, with a number of joint facilities operating in both the US and Israel. But the US is definitely NOT currently involved in any of the Israeli/MEK assassination programs. Indeed, if you follow the several excellent stories by Mark Perry in Foreign Policy magazine online, Israel is really pissing off US counterparts by running false flag recruitment of anti-Iranian Sunni terrorists, including Jundallah in the Baluchistan border region of Pakistan-Iran, and Azeri networks as well. Israel has a deal with Azerbaijan allowing them to stage operations there for assassinations and other activites targeting Iran. Some top Pentagon sources say that the deal involves Israel having access to air bases for refueling and staging of SAR teams in the event of an Israeli preventive military strike on Iran. Between Iran and Israel, the real issue is not the nuclear bomb question, because Iran is years away under the best case from having a bomb. The latest NIE from 2010, updating and extending the 2007 NIE that Iran halted work on weaponization in 2003 and has not resumed it, is widely accepted by Mossad and IDF intelligence. The real issue is Iran's advances in longer-range missile technology, with new liquid fuel and improved guidance systems. Iran will soon have an arsenal of missiles that can hit Israel in retaliation for Israeli attacks on Iran, using high-explosive conventional warheads that will, nevertheless, do devastating damage if they hit Israel's few population centers. Thanks to Pat and to Richard for this informative posting.
Posted by: Harper | 20 April 2012 at 10:23 AM
Well, that's the problem with assassination programs. Actually, it's the same problem with torture programs. Once you inculcate them and give them momentum, it's very difficult to not only thwart them, but to end them. Once their initial goal has been accomplished, they don't just fade into the abyss, rather, in order to maintain and/or build...in order to survive, a new goal for the program must be fomented. With the Israeli assassination squads, it started with the ex-nazis, but now that most of them are dead, other targets must be created and/or found. And now we have a lethal tool running amuck.
Posted by: Morocco Bama | 20 April 2012 at 02:25 PM
Interesting point. I've never thought about the Israeli assassination program in continuum with their early efforts.
I've long been arguing about the formidable bureaucratic inertia of torture programs and I'm regarded as alarmist in my own social circle for it. Always gratifying to see I'm not the only one who perceives the danger.
Posted by: Medicine Man | 20 April 2012 at 08:20 PM
Babak Makkinejad,
To buttress your point, it appears that the Iranians making headway hacking their way into the control systems software of the drone that crashed last year. The gift that keeps giving....
Posted by: tunde | 23 April 2012 at 12:04 AM