Snowden says U.S., Israel created Stuxnet virus


Whistleblower Edward Snowden told a German magazine that Israel and the United States created the Stuxnet computer virus that destroyed nuclear centrifuges in Iran. 

Snowden made the statement as part of an interview with the German news magazine Der Spiegel in which he answered encrypted questions sent by security software developer Jacob Appelbaum and documentary filmmaker Laura Poitras. Excerpts of the interview were published Monday on the Spiegel website.

Snowden was asked if the U.S. National Security Agency partners “with other nations, like Israel?” He responded that the NSA has a “massive body” responsible for such partnerships called the Foreign Affairs Directorate.

He also was asked,  “Did the NSA help to create Stuxnet?” Snowden responded, “NSA and Israel co-wrote it.”

Stuxnet in 2010 wrought havoc on equipment at Iran’s Natanz nuclear plant and complicated the manufacture of highly enriched uranium, which the West suspects is intended for making atomic weapons. The virus temporarily disabled 1,000 centrifuges being used by the Iranians to enrich uranium.

Snowden, a former technical contractor for the NSA and employee of the CIA, last month revealed the existence of mass surveillance programs by the United States and Britain against their own citizens and citizens of other countries.

He said Germany and most other Western nations are “in bed together” with the NSA.

Snowden said a private citizen would be targeted by the NSA based on Facebook or webmail content.

“The only one I personally know of that might get you hit untargeted are jihadi forums,” he said.

Snowden is a fugitive of the United States who is believed to be in Moscow’s Sheremetyevo Airport. Three Latin American countries — Venezuela, Nicaragua and Bolivia — have offered him asylum, NBC reported.

Researchers say Stuxnet was deployed against Iran in 2007


Researchers at Symantec Corp. have uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear program in November 2007, two years earlier than previously thought.

Planning for the cyber weapon, the first publicly known example of a virus being used to attack industrial machinery, began at least as early as 2005, according to an 18-page report that the security software company published on Tuesday.

Stuxnet, which is widely believed to have been developed by the United States and Israel, was uncovered in 2010 after it was used to attack a uranium enrichment facility at Natanz, Iran. That facility has been the subject of intense scrutiny by the United States, Israel and allies, who charge that Iran is trying to build a nuclear bomb.

Symantec said its researchers had uncovered a piece of code, which they called “Stuxnet 0.5,” among the thousands of versions of the virus that they had recovered from infected machines.

Stuxnet 0.5 was designed to attack the Natanz facility by opening and closing valves that feed uranium hexafluoride gas into centrifuges, without the knowledge of the operators of the facility, according to Symantec.

The virus was being developed early as 2005, when Iran was still setting up its uranium enrichment facility, said Symantec researcher Liam O'Murchu. That facility went online in 2007.

“It is really mind blowing that they were thinking about creating a project like that in 2005,” O'Murchu told Reuters in ahead of the report's release at the RSA security conference, an event attended by more than 20,000 security professionals, in San Francisco on Tuesday.

Symantec had previously uncovered evidence that planning for Stuxnet began in 2007. The New York Times reported in June 2012 that the impetus for the project dated back to 2006, when U.S. President George W. Bush was looking for options to slow Iran's nuclear ambitions.

Previously discovered versions of Stuxnet are all believed to have been used to sabotage the enrichment process by changing the speeds of those gas-spinning centrifuges without the knowledge of their operators.

Since Stuxnet's discovery in 2010, security researchers have uncovered a handful of other sophisticated pieces of computer code that they believe were developed to engage in espionage and warfare. These include Flame, Duqu and Gauss.

Stuxnet 0.5 was written using much of the same code as Flame, a sophisticated virus that researchers have previously said was primarily used for espionage, Symantec said.

Iran denies report of AC/DC song playing from computers at nuclear site


Iran denied a report that some computers at the country’s nuclear facilities were hit with a virus that shut them down and played the AC/DC song “Thunderstruck” at full blast.

The head of Iran’s Atomic Energy Organization chief, Fereidoun Abbasi, called the report “incorrect,” according to Bloomberg News, citing the Iranian Students News Agency. He did not elaborate on the issue.

Late last month, an Iranian nuclear scientist reportedly complained to a cybersecurity expert via e-mail that the song was playing from some of the computers. The e-mail claimed that the virus also shut down part of the network.

The cybersecurity expert, Mikko Hypponen, the chief research officer at the Finnish security firm F-Secure, could not provide further details on the attack. F-Secure confirmed, however, that the e-mails were from Iran’s Atomic Energy Organization.

Virus gives Iran’s nuclear facilities a blast of AC/DC


A virus reportedly caused a heavy metal song to play from computers at two of Iran’s nuclear facilities.

According to the Times of Israel, computers at the Nantaz and Fordo facilities blasted the AC/DC song “Thunderstruck” at full volume in the middle of the night last weekend. An Iranian nuclear scientist reportedly complained to a cybersecurity expert via email that the song was playing from the computers. The virus also reportedly shut down part of the network.

The cybersecurity expert, Mikko Hypponen, the chief research officer at the Finnish security firm F-Secure, could not confirm the reports.

On Wednesday, the head of Iran’s Information Technology and Communications Organization, Ali Hakim Javadi, called for international condemnation of cyberattacks, the Times of Israel reported.

U.S., Israel developed Flame computer virus, according to anonymous Western officials


The United States and Israel jointly developed the Flame computer virus that collected intelligence to help slow Iran’s nuclear program, The Washington Post reported on Tuesday, citing anonymous Western officials.

The so-called Flame malware aimed to map Iran’s computer networks and monitor computers of Iranian officials, the newspaper said. It was designed to provide intelligence to help in a cyber campaign against Iran’s nuclear program, involving the National Security Agency, the CIA and Israel’s military, the Post said.

The cyber campaign against Iran’s nuclear program has included the use of another computer virus called Stuxnet that caused malfunctions in Iran’s nuclear enrichment equipment, the newspaper said.

Current and former U.S. and Western national security officials confirmed to Reuters that the United States played a role in creating the Flame virus.

Since Flame was an intelligence “collection” virus rather than a cyberwarfare program to sabotage computer systems, it required less-stringent U.S. legal and policy review than any U.S. involvement in offensive cyberwarfare efforts, experts told Reuters.

The CIA, NSA, Pentagon, and Office of the Director of National Intelligence declined to comment.

Flame is the most complex computer spying program ever discovered.

Two leading computer security firms – Kaspersky Lab and Symantec Corp – have linked some of the software code in the Flame virus to the Stuxnet computer virus, which was widely believed to have been used by the United States and Israel to attack Iran’s nuclear program. (Reporting By Mark Hosenball; Editing by Philip Barbara)

Flame computer bug may have been released by Israel, minister says


A computer virus attacking computers in Iran and the West Bank may have been created with Israeli involvement, a government minister hinted.

Israeli vice prime minister Moshe Ya’alon said in an interview Tuesday on Israel Radio that “Anyone who sees the Iranian threat as a significant threat would be likely to take various steps, including these, to harm it.”

“Israel was blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us,” Ya’alon also said.

The discovery of the Flame virus was announced Monday by the Kaspersky Lab in Russia. It was discovered in high concentrations in Iranian computers and also in the West Bank, Syria and Sudan.

The virus was created to collect data, and may have lain dormant for several years and is controlled by a remote computer, which can turn it on and off at will. It is being called “the most sophisticated virus of all times,”

It reportedly shares some characteristics with the Stuxnet virus, which damaged Iranian nuclear centrifuges before it was discovered in 2010.

Experts believe that it took a sophisticated programming team and state resources to create the program.

Experts say Iran has ‘neutralized’ Stuxnet virus


Iranian engineers have succeeded in neutralizing and purging the computer virus known as Stuxnet from their country’s nuclear machinery, European and U.S. officials and private experts have told Reuters.

The malicious code, whose precise origin and authorship remain unconfirmed, made its way as early as 2009 into equipment controlling centrifuges Iran is using to enrich uranium, dealing a significant but perhaps temporary setback to Iran’s suspected nuclear weapons work.

Many experts believe that Israel, possibly with assistance from the United States, was responsible for creating and deploying Stuxnet. But no authoritative account of who invented Stuxnet or how it got into Iran’s centrifuge control equipment has surfaced.

U.S. and European officials, who insisted on anonymity when discussing a highly sensitive subject, said their governments’ experts agreed that the Iranians had succeeded in disabling Stuxnet and getting it out of their machinery.

The officials declined to provide any details on how their governments verified that the Iranians had ultimately defeated the virus. It was not clear when it occurred but secrecy on the subject has been so tight that news is only now emerging.

Some officials said they believe that the Iranians were helped in their efforts by Western cybersecurity experts, whose detailed technical analyses of Stuxnet’s computer code have circulated widely on the Internet.

Once the Iranians became aware that their equipment had been infected by the virus, experts said it would only have been a matter of time before they would have been able to figure out a way of shutting down the malicious code and getting it out of their systems.

“If Iran would not have gotten rid of Stuxnet by now (or even months ago), that would indicate that they were complete idiots,” said German computer security consultant Ralph Langner. Langner is regarded as the first Western expert to identify the ultra-complex worm and conclude that it was specifically targeted toward equipment controlling Iranian nuclear centrifuges.

Peter Sommer, a computer security expert based in Britain, said that once Iran had detected the presence of the worm and figured out how it worked, it shouldn’t have been too hard for them to disable it.

“Once you know that it’s there it’s not that difficult to reverse engineer… Neutralization of Stuxnet, once its operation is understood, would not be that difficult as it was precisely engineered to disrupt a specific item of machinery.

“Once Stuxnet’s signature is identified it can be eliminated from a system,” Sommer added.

Private experts say that however well-crafted the original Stuxnet was, whoever created it probably would have to be even more clever if they want to try to supplant it with new cyber-weapons directed at Iran’s nuclear program.

“Aspects of Stuxnet could be re-used, but it is important to understand that its success depended not only on ‘clever coding’ but also required a great deal of specific intelligence and testing. It was the first known highly-targeted cyber-weapon, as opposed to more usual cyber weapons which are more diffuse in their targeting,” Sommer said.

‘CAT AND MOUSE GAME’

David Albright, a former United Nations weapons inspector who has extensively investigated Iran’s nuclear program for the private Institute for Science and International Security, which he leads, said that spy agencies would have to go back to the drawing board if they’re intent on continuing to try to hobble Iran’s nuclear program via cyber-warfare.

Iran says that its nuclear program is for peaceful purposes but many Western officials believe it is seeking to build nuclear weapons.

“I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game.”

But Albright added that “intelligence agencies have likely been looking at more advanced forms of attack for a couple of years that they hope will catch the Iranians unprepared.”

Reports first surfaced in 2010 that Iran’s main nuclear enrichment facility at Natanz was hit by Stuxnet, though some experts later said it likely first was deployed a year earlier. Experts who later analyzed the Stuxnet code said it was engineered specifically to attack machines made by the German company Siemens that control high-speed centrifuges, used to purify uranium which can fuel a nuclear weapon.

Tehran accused the United States and Israel of planting the virus. In November 2010, Iranian President Mahmoud Ahmadinejad said that malicious software had created problems in some of Iran’s uranium enrichment centrifuges, although he said the problems had been solved.

Several experts said, however, that while they believed the virus’ potency waned over time, they had not heard confirmation that the Iranians had defeated and purged it.

Experts say the inventors of Stuxnet had to be unusually clever because the centrifuge control equipment at which it was targeted – and which it apparently succeeded in hobbling – was entirely cut-off from the Internet. So not only did the worm’s creators have to write a code that would cause targeted equipment to malfunction but they had to figure out a way to physically introduce the code into a “closed system.”

Most experts think the virus was somehow introduced into Iran’s control systems via some kind of computer thumb drive.

European and U.S. experts have said that they believe that Stuxnet, at least for a time, caused serious malfunctions in the operations of Iranian nuclear centrifuges.

Iran and its antagonists today appear to be engaged in multiple levels of clandestine warfare, with unknown assailants killing Iranian nuclear scientists and, in the last few days, bomb attacks on Israeli embassy personnel in India and Georgia. Israel has blamed Iran.

New computer virus detected in Iran


A computer virus similar to the Stuxnet virus that attacked Iran’s nuclear program last year has been detected in Iran.

Iran said Sunday that it had found the Duqu computer virus in some Islamic Republic computer systems, but that it has been contained and neutralized, the head of Iran’s civil defense branch, Brig.-Gen. Gholamreza Jalali, told the Tehran Times.

Duqu is designed to gather data such as keystrokes from computer systems that will help it to launch future attacks on the systems, the Symantec company said in a report after the virus was discovered last month.

Stuxnet, the computer worm that some say set back Iran’s nuclear program by several months or years, affected some of Iran’s computer systems and centrifuges used to enrich uranium after it was released last year. The New York Times reported that it was a joint project of Israel and the United States. Iran had to replace 1,000 Stuxnet-damaged centrifuges at its main uranium enrichment plant at Natanz last year.

The report added that the creators of the Duqu program had access to the Stuxnet source code.

“Duqu is essentially the precursor to a future Stuxnet-like attack,” according to Symantec.

With Stuxnet delaying Iran’s bomb, is the urgency gone?


In the wake of revelations that a computer virus may have set back Iran’s nuclear weapons program, the Western groups and analysts that track the Islamic Republic are saying “More of the same, please.”

The benefits of a nonviolent program that inhibits Iranian hegemony by keeping the country’s nuclear weapons program at bay are obvious: Better to stop Iran with cyber warfare—in this case, the Stuxnet computer virus, which reportedly caused Iran’s nuclear centrifuges to spin out of control—than actual warfare.

For those who favor engagement, the cyber attack buys more time to coax the regime in Tehran into compliance. For those who favor the stick, it allows more time to exert pressure on Iran through sanctions and diplomatic isolation.

Almost coincident with last weekend’s revelations—published in Sunday’s New York Times in a piece that detailed the extent of the damage caused by the virus—Meir Dagan, the outgoing head of Israel’s Mossad intelligence agency, said that Iran likely would not have a bomb before 2015. Prior to that, Israeli assessments had predicted a weapon as early as this year.

The Stuxnet revelations, if anything, reinforce the need for a tough stance, said Rep. Howard Berman (D-Calif.), the ranking member of the U.S. House of Representatives Foreign Affairs Committee. They underscore how committed Iran is to producing a bomb, he told JTA.

“It’s a reason to push down on the pedal,” said Berman, who crafted the most recent Iran sanctions law in the Congress. “Iran is still enriching uranium. It is absolutely critical we bear down with a comprehensive strategy of which sanctions is a critical part.”

Mark Dubowitz, the executive director of the Foundation for the Defense of Democracies, said the delay was welcome but that the prospect of new complacency in the wake of its announcement makes it more urgent than ever to maintain a posture that includes the threat of a military strike on Iran.

“No individual measure is a silver bullet,” he said. Stuxnet “set back the program but hasn’t stopped it. If you’re going to target a hard-line regime, you’ve got to have a military option on the table.”

Such a concern was behind Prime Minister Benjamin Netanyahu’s furious backpedaling in the wake of Dagan’s pronouncement about 2015. The Israeli leader dismissed the prediction as one of several “intelligence estimates.” Dagan, reportedly under pressure from the Prime Minister’s Office, recast the deadline this week as 2014 and noted carefully that Iran is capable of surprises.

Champions of engagement also welcomed the revelations of the damage Stuxnet apparently caused to Iran’s nuclear program, seeing it as an opportunity.

“The cyber worm may have set back Iran’s nuclear program, but it is unlikely to alter its nuclear ambitions,” said Ori Nir, the spokesman for Americans for Peace Now. “In order to introduce real change, the U.S. and its international allies must change the manner in which they deal with Iran and start to comprehensively engage with Tehran.”

Hadar Susskind, the vice president for policy at J Street, the liberal pro-Israel lobby that advocates for U.S. pressure on Israel in talks with the Palestinians, said the news of the virus demonstrated that there are creative ways of working around military brinksmanship when it comes to Iran.

“Any nonviolent method is good,” Susskind said. “It shows we can create more time using a range of tools.”

No nation or entity has acknowledged being behind the virus, which seemed to be designed to assume control of the nervous system at Iran’s nuclear facilities and to spin the centrifuges out of control, damaging about a fifth of them. The Times, citing anonymous sources, suggested that it was a U.S.-led venture with Israel’s cooperation. Germany and Britain also may have been involved, though perhaps unwittingly.

Mark Fitzpatrick, the director of the nonproliferation and disarmament program at the London-based International Institute of International Studies, said it was critical not to regard the virus as a “deus ex machina” that would allow the world to shunt aside considerations of Iran’s ambitions.

“Any solution to the Iranian crisis will require the use of a range of tools, including tougher sanctions, tighter export controls, a containment and deterrence posture, and a readiness to talk,” he said. “Stuxnet obviously provides some breathing space by extending the timeline for Iran to get a bomb. It would be nice if it also gave Iranians a sense of futility that their enrichment efforts are not going to give them a bomb anytime soon.”

That’s not likely to happen, according to Geneive Abdo, the director of the Washington-based National Security Network’s Inside Iran project. Iran’s leadership is susceptible to popular Iranian support for its nuclear program.

Because of public opinion, she said, “They’re very careful that they’re not compromising on this issue.”

If anything, Abdo said, the revelations will prod the regime to become more recalcitrant when it comes to major compromises, like shutting down enrichment entirely. Iran has tended to harden its line when it is weak.

Instead, she said, Western powers might press for compromise on smaller issues like a broader regime of U.N. inspections. Western powers are scheduled to meet this weekend in Istanbul with Iran to discuss its nuclear program.

“The West should use this breathing space to try and convince Iran to agree to more verification,” Abdo said. Citing her sources inside Iran, she said that “The Iranians are more fearful that more damage is on the way, so that’s an incentive to compromise to some degree.”

Indeed, Iran last week invited representatives of major powers to tour its enrichment plant in Natanz to see that Iran is limiting itself to civilian-level nuclear power. The major powers—including the United States, Russia, the European Union and China—declined, saying that the only inspections they would sanction would be by qualified inspectors from the International Atomic Energy Agency, the U.N.’s nuclear watchdog.

Dagan’s prediction and the Stuxnet leaks may have been timed precisely to pressure Iran to expand such inspections ahead of this weekend’s talks, said Trita Parsi, the director of the National Iranian American Council and the author of a number of books on Iran-Israel relations.

“The Obama administration has changed the metrics,” Parsi said.

“We’re not talking about the LEU count,” he said, referring to Iran’s burgeoning supply of low-enriched uranium, which had worried the West. “We’re talking about the centrifuges that have been destroyed. Shifting the conversation to Stuxnet puts you in a stronger position.”

Domestically, Parsi said, the revelations also may pay off as the White House fends off demands from Congress that it ratchet up pressure on Iran, including through the military option.

Berman’s outlook suggested that was not likely.

“Let me know when Iran certifiably suspends enrichment and allows inspections, throughout all its territory, and then we can have a conversation about sanctions,” he said. “Having that military option on the table is an important part of achieving that goal and affecting their calculations.”