‘Zero Days’ director says U.S. government secrecy trend ‘appalling’


The director of a new documentary outlining U.S. plans for an extensive cyber attack on Iran said on Wednesday he was angry and appalled by the rapidly growing trend towards secrecy in the U.S. government. 

Veteran documentary maker Alex Gibney was speaking to reporters in Berlin, where his film “Zero Days” is being shown in competition for the Berlin International Film Festival's top Golden Bear prize. 

The documentary says how the U.S.'s National Security Agency (NSA) developed a cyberwar programme dubbed “Nitro Zeus” that it hoped would bring Iran to its knees in the event of hostilities.

“I am angry about the incredible amount of secrecy in the United States and how it has become a kind of obsession that is damaging our democracy,” Gibney said at a post-screening news conference.

“I think, frankly, that the trend and the momentum towards greater and greater secrecy in the U.S. administration is appalling. 

The documentary focuses on Stuxnet, a computer worm developed by the United States and Israel – but never acknowledged by either government – in order to attack Iran's nuclear programme and sabotage centrifuges that were enriching uranium.

Through accounts of whistleblowers, analysts, journalists and secret service officials, the documentary shows how Stuxnet was the first known attack in which computer malware left the realm of cyberspace and caused physical destruction.

The film hints, based on accounts of several NSA insiders, that Stuxnet was just the tip of the iceberg.

“I mean you've been focusing on Stuxnet but that was just part of a much larger operation… Nitro Zeus, NZ,” an actress says in the film, speaking for several NSA employees who were interviewed but whose identity was kept secret for source protection.

According to these accounts, the NSA spent “hundreds of millions, maybe billions” on Nitro Zeus to be prepared for the eventuality that Israel decided to attack Iran and the United States would be drawn into the conflict.

Details of the Nitro Zeus program were revealed in the New York Times on Wednesday. 

The composite NSA source says that despite the deal agreed in July with Iran by the United States and its negotiating partners to curtail Iran's nuclear program, the Nitro Zeus capabilities remain “implanted” in Iran's servers and computers.

“We were everywhere inside Iran, still are,” the actress speaking for the NSA sources says.

“I'm not going to tell you the operational capabilities of what we can do moving forward, or where, but the science fiction cyberwar scenario is here, that's Nitro Zeus.”

The film suggests that Israel moved independently from its U.S. partners and changed the code of the initial Stuxnet virus in such a way that it spread all over the world with unforeseeable consequence, including allowing other governments to copy it.

Before its discovery in 2010, Stuxnet took advantage of previously unknown security holes in software from Microsoft Corp and Siemens AG to penetrate Iran's facilities without triggering security programs.

Gibney contends that Stuxnet opened forever the Pandora's Box of digital warfare, and that it had been used as an instrument of warfare against a country with which the United States was not at war.

He also says the United States could well be more vulnerable than other countries, taking into account that its economy and companies are the most Internet-connected in the world.

“And as we can see from this film and this subject, it's preventing a very important discussion about offensive cyber weapons which I think threaten us in a profound and existential way.” 

The film derives its title from the term used for previously unknown flaws in computer software that hackers and spy agencies can exploit to attack networks in order to damage infrastructure such as hospitals, transportation systems or power plants.

The U.S. distribution rights for “Zero Days” are owned by Magnolia Pictures which is planning to release it in the United States in late summer.

U.S. planned major cyber attack on Iran if diplomacy failed


The United States had a plan for an extensive cyber attack on Iran in case diplomatic attempts to curtail its nuclear program failed, The New York Times reported on Tuesday, citing a forthcoming documentary and military and intelligence officials.

Code-named Nitro Zeus, the plan was aimed at crippling Iran's air defenses, communications systems and key parts of its electrical power grid, but was put on hold after a nuclear deal was reached last year, the Times said.

The plan developed by the Pentagon was intended to assure President Barack Obama that he had alternatives to war if Iran moved against the United States or its regional allies, and at one point involved thousands of U.S. military and intelligence personnel, the report said. It also called for spending tens of millions of dollars and putting electronic devices in Iran's computer networks, the Times said.

U.S. intelligence agencies at the same time developed a separate plan for a covert cyberattack to disable Iran's Fordo nuclear enrichment site inside a mountain near the city of Qom, the report said.

The existence of Nitro Zeus was revealed during reporting on a documentary film called “Zero Days” to be shown on Wednesday at the Berlin Film Festival, the Times said. The film describes rising tensions between Iran and the West in the years before the nuclear agreement, the discovery of the Stuxnet cyberattack on the Natanz uranium enrichment plant, and debates in the Pentagon over the use of such tactics, the paper reported.

The Times said it conducted separate interviews to confirm the outlines of the program, but that the White House, the Department of Defense and the Office of the Director of National Intelligence all declined to comment, saying that they do not discuss planning for military contingencies.

There was no immediate response to a request by Reuters for comment from the Pentagon.

Snowden says U.S., Israel created Stuxnet virus


Whistleblower Edward Snowden told a German magazine that Israel and the United States created the Stuxnet computer virus that destroyed nuclear centrifuges in Iran. 

Snowden made the statement as part of an interview with the German news magazine Der Spiegel in which he answered encrypted questions sent by security software developer Jacob Appelbaum and documentary filmmaker Laura Poitras. Excerpts of the interview were published Monday on the Spiegel website.

Snowden was asked if the U.S. National Security Agency partners “with other nations, like Israel?” He responded that the NSA has a “massive body” responsible for such partnerships called the Foreign Affairs Directorate.

He also was asked,  “Did the NSA help to create Stuxnet?” Snowden responded, “NSA and Israel co-wrote it.”

Stuxnet in 2010 wrought havoc on equipment at Iran’s Natanz nuclear plant and complicated the manufacture of highly enriched uranium, which the West suspects is intended for making atomic weapons. The virus temporarily disabled 1,000 centrifuges being used by the Iranians to enrich uranium.

Snowden, a former technical contractor for the NSA and employee of the CIA, last month revealed the existence of mass surveillance programs by the United States and Britain against their own citizens and citizens of other countries.

He said Germany and most other Western nations are “in bed together” with the NSA.

Snowden said a private citizen would be targeted by the NSA based on Facebook or webmail content.

“The only one I personally know of that might get you hit untargeted are jihadi forums,” he said.

Snowden is a fugitive of the United States who is believed to be in Moscow’s Sheremetyevo Airport. Three Latin American countries — Venezuela, Nicaragua and Bolivia — have offered him asylum, NBC reported.

Researchers say Stuxnet was deployed against Iran in 2007


Researchers at Symantec Corp. have uncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear program in November 2007, two years earlier than previously thought.

Planning for the cyber weapon, the first publicly known example of a virus being used to attack industrial machinery, began at least as early as 2005, according to an 18-page report that the security software company published on Tuesday.

Stuxnet, which is widely believed to have been developed by the United States and Israel, was uncovered in 2010 after it was used to attack a uranium enrichment facility at Natanz, Iran. That facility has been the subject of intense scrutiny by the United States, Israel and allies, who charge that Iran is trying to build a nuclear bomb.

Symantec said its researchers had uncovered a piece of code, which they called “Stuxnet 0.5,” among the thousands of versions of the virus that they had recovered from infected machines.

Stuxnet 0.5 was designed to attack the Natanz facility by opening and closing valves that feed uranium hexafluoride gas into centrifuges, without the knowledge of the operators of the facility, according to Symantec.

The virus was being developed early as 2005, when Iran was still setting up its uranium enrichment facility, said Symantec researcher Liam O'Murchu. That facility went online in 2007.

“It is really mind blowing that they were thinking about creating a project like that in 2005,” O'Murchu told Reuters in ahead of the report's release at the RSA security conference, an event attended by more than 20,000 security professionals, in San Francisco on Tuesday.

Symantec had previously uncovered evidence that planning for Stuxnet began in 2007. The New York Times reported in June 2012 that the impetus for the project dated back to 2006, when U.S. President George W. Bush was looking for options to slow Iran's nuclear ambitions.

Previously discovered versions of Stuxnet are all believed to have been used to sabotage the enrichment process by changing the speeds of those gas-spinning centrifuges without the knowledge of their operators.

Since Stuxnet's discovery in 2010, security researchers have uncovered a handful of other sophisticated pieces of computer code that they believe were developed to engage in espionage and warfare. These include Flame, Duqu and Gauss.

Stuxnet 0.5 was written using much of the same code as Flame, a sophisticated virus that researchers have previously said was primarily used for espionage, Symantec said.

U.S. report: Iran spying on Israel via stations in Syria, Golan


Iran is spying on Israel via signals intelligence stations in northern Syria and the Golan Heights in cooperation with Hezbollah, according to a new report.

“Iran's Ministry of Intelligence and Security: A Profile,” a joint report by the U.S. Department of Defense and Congress, says the two stations have been in operation since 2006.

“The technology at the two established SIGNIT stations indicates that Iran’s capabilities are still limited, with little scope for high-level strategic intelligence gathering,” according to the report, which adds that the intelligence stations appear to concentrate on supplying information to Hezbollah in Lebanon.

Two additional SIGNIT stations were expected to be in operation in northern Syria in January 2007, according to the report, but there is no information leading experts to believe they are actually operating.

Iran's Ministry of Intelligence and Security provides Hezbollah in Lebanon with logistical and material support, and Hezbollah assists in its intelligence operations, according to the report.

The report also said that Iran has the capacity to collect intelligence through reconnaissance aircraft, but that the capability is limited to small military operations that use only a few reconnaissance planes.

The success of the Stuxnet virus, discovered in June 2010 when it affected the operation of computers in Iran's nuclear enrichment facilities and reportedly set back Iran's nuclear program by several months, “is an indication of the weakness of Iran’s cyber development,” according to the report.

The report was issued last month by the Federal Research Division of the Library of Congress under an agreement with the U.S. Combating Terrorism Technical Support Office.

Americans, Israelis jointly developed computer virus


The National Security Agency and a secret Israeli military unit jointly developed a complex computer worm that attacked equipment in Iranian nuclear installations.

The cooperation—which began in the Bush administration and was accelerated by the Obama White House—may have been part of an American effort to dissuade Israel from launching a preemptive military strike on Iranian nuclear installations, The New York Times reported.

Israel’s Unit 8200 worked with the NSA to develop what Americans called “the bug,” according to the Times report. To do so, the teams built replicas of Iranian centrifuges using equipment that had been provided by Libya’s Gadhafi regime when it revealed its nuclear program to international inspectors in 2003.

After successful tests, “spies and unwitting accomplices” with access to the Iranian plant at Natanz infected computers there with thumb drives, the newspaper reported.

Many western countries believe the Iranians are using what they say is a civilian nuclear energy program to mask an effort to make their own nuclear weapons.

Iranian President Mahmoud Ahmadinejad has said that Israel should be “wiped off the map.”

His country has dragged out negotiations with the International Atomic Energy Agency for inspections of its sites.

Israeli officials repeatedly have pressed the United States and other western countries to halt the Iranian program and are widely believed to have prepared military strike plans against Iranian nuclear sites.

President Obama has said that he has not ruled out any options when it comes to halting the suspected Iranian weapons program.

Flame computer bug may have been released by Israel, minister says


A computer virus attacking computers in Iran and the West Bank may have been created with Israeli involvement, a government minister hinted.

Israeli vice prime minister Moshe Ya’alon said in an interview Tuesday on Israel Radio that “Anyone who sees the Iranian threat as a significant threat would be likely to take various steps, including these, to harm it.”

“Israel was blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us,” Ya’alon also said.

The discovery of the Flame virus was announced Monday by the Kaspersky Lab in Russia. It was discovered in high concentrations in Iranian computers and also in the West Bank, Syria and Sudan.

The virus was created to collect data, and may have lain dormant for several years and is controlled by a remote computer, which can turn it on and off at will. It is being called “the most sophisticated virus of all times,”

It reportedly shares some characteristics with the Stuxnet virus, which damaged Iranian nuclear centrifuges before it was discovered in 2010.

Experts believe that it took a sophisticated programming team and state resources to create the program.

Experts say Iran has ‘neutralized’ Stuxnet virus


Iranian engineers have succeeded in neutralizing and purging the computer virus known as Stuxnet from their country’s nuclear machinery, European and U.S. officials and private experts have told Reuters.

The malicious code, whose precise origin and authorship remain unconfirmed, made its way as early as 2009 into equipment controlling centrifuges Iran is using to enrich uranium, dealing a significant but perhaps temporary setback to Iran’s suspected nuclear weapons work.

Many experts believe that Israel, possibly with assistance from the United States, was responsible for creating and deploying Stuxnet. But no authoritative account of who invented Stuxnet or how it got into Iran’s centrifuge control equipment has surfaced.

U.S. and European officials, who insisted on anonymity when discussing a highly sensitive subject, said their governments’ experts agreed that the Iranians had succeeded in disabling Stuxnet and getting it out of their machinery.

The officials declined to provide any details on how their governments verified that the Iranians had ultimately defeated the virus. It was not clear when it occurred but secrecy on the subject has been so tight that news is only now emerging.

Some officials said they believe that the Iranians were helped in their efforts by Western cybersecurity experts, whose detailed technical analyses of Stuxnet’s computer code have circulated widely on the Internet.

Once the Iranians became aware that their equipment had been infected by the virus, experts said it would only have been a matter of time before they would have been able to figure out a way of shutting down the malicious code and getting it out of their systems.

“If Iran would not have gotten rid of Stuxnet by now (or even months ago), that would indicate that they were complete idiots,” said German computer security consultant Ralph Langner. Langner is regarded as the first Western expert to identify the ultra-complex worm and conclude that it was specifically targeted toward equipment controlling Iranian nuclear centrifuges.

Peter Sommer, a computer security expert based in Britain, said that once Iran had detected the presence of the worm and figured out how it worked, it shouldn’t have been too hard for them to disable it.

“Once you know that it’s there it’s not that difficult to reverse engineer… Neutralization of Stuxnet, once its operation is understood, would not be that difficult as it was precisely engineered to disrupt a specific item of machinery.

“Once Stuxnet’s signature is identified it can be eliminated from a system,” Sommer added.

Private experts say that however well-crafted the original Stuxnet was, whoever created it probably would have to be even more clever if they want to try to supplant it with new cyber-weapons directed at Iran’s nuclear program.

“Aspects of Stuxnet could be re-used, but it is important to understand that its success depended not only on ‘clever coding’ but also required a great deal of specific intelligence and testing. It was the first known highly-targeted cyber-weapon, as opposed to more usual cyber weapons which are more diffuse in their targeting,” Sommer said.

‘CAT AND MOUSE GAME’

David Albright, a former United Nations weapons inspector who has extensively investigated Iran’s nuclear program for the private Institute for Science and International Security, which he leads, said that spy agencies would have to go back to the drawing board if they’re intent on continuing to try to hobble Iran’s nuclear program via cyber-warfare.

Iran says that its nuclear program is for peaceful purposes but many Western officials believe it is seeking to build nuclear weapons.

“I would assume that once Iran learned of Stuxnet, then intelligence agencies looked at this method of cyber attack as compromised regardless of how long it has taken Iran to neutralize it. It is a cat and mouse game.”

But Albright added that “intelligence agencies have likely been looking at more advanced forms of attack for a couple of years that they hope will catch the Iranians unprepared.”

Reports first surfaced in 2010 that Iran’s main nuclear enrichment facility at Natanz was hit by Stuxnet, though some experts later said it likely first was deployed a year earlier. Experts who later analyzed the Stuxnet code said it was engineered specifically to attack machines made by the German company Siemens that control high-speed centrifuges, used to purify uranium which can fuel a nuclear weapon.

Tehran accused the United States and Israel of planting the virus. In November 2010, Iranian President Mahmoud Ahmadinejad said that malicious software had created problems in some of Iran’s uranium enrichment centrifuges, although he said the problems had been solved.

Several experts said, however, that while they believed the virus’ potency waned over time, they had not heard confirmation that the Iranians had defeated and purged it.

Experts say the inventors of Stuxnet had to be unusually clever because the centrifuge control equipment at which it was targeted – and which it apparently succeeded in hobbling – was entirely cut-off from the Internet. So not only did the worm’s creators have to write a code that would cause targeted equipment to malfunction but they had to figure out a way to physically introduce the code into a “closed system.”

Most experts think the virus was somehow introduced into Iran’s control systems via some kind of computer thumb drive.

European and U.S. experts have said that they believe that Stuxnet, at least for a time, caused serious malfunctions in the operations of Iranian nuclear centrifuges.

Iran and its antagonists today appear to be engaged in multiple levels of clandestine warfare, with unknown assailants killing Iranian nuclear scientists and, in the last few days, bomb attacks on Israeli embassy personnel in India and Georgia. Israel has blamed Iran.

New Stuxnet-like computer virus discovered


A computer virus similar to the Stuxnet virus that attacked Iran’s nuclear program has been identified.

Duqu, with a malicious code similar to Stuxnet, was discovered on computer systems in Europe, the computer security firm Symantec said in a report issued Tuesday.

“Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose,” Symantec said in its report. “Duqu is essentially the precursor to a future Stuxnet-like attack.”

The report added that the creators of the Duqu program had access to the Stuxnet source code.

Stuxnet, the computer worm that some say has set back Iran’s nuclear program by several months or years, affected some of Iran’s computer systems and centrifuges used to enrich uranium after it was released last year. The New York Times reported that it was a joint project of Israel and the United States.

Iran had to replace 1,000 Stuxnet-damaged centrifuges at its main uranium enrichment plant at Natanz last year.

Duqu is designed to gather data such as keystrokes from computer systems that will help it to launch future attacks on the systems.

WikiLeaks: U.S. advised to fight Iranian nukes with ‘covert sabotage’


The United States was advised by a German think tank to use “covert sabotage” to disrupt Iran’s march toward nuclear weapons, a leaked U.S. diplomatic cable reveals.

The cable from the U.S. ambassador to Germany, Philip Murphy, sent in January 2010, said that Volker Perthes, director of Germany’s government-funded Institute for Security and International Affairs, advised U.S. officials to use methods such as computer hacking and unexplained accidents. Such actions, the cable said, “would be more effective than a military strike, whose effects in the region could be devastating.”

Leaked by WikiLeaks, the cable was published Tuesday in the British newspaper The Guardian. The name of the institute was blacked out in the cable.

The release of the cable comes just days after a New York Times expose said that the United States and Israel were responsible for the Stuxnet computer worm that reportedly set back Iran’s nuclear program by several months to several years. The virus, which was designed to destroy nuclear centrifuges at the Natanz nuclear reactor in Iran, reportedly was tested at Israel’s Dimona nuclear complex.

Perthes also advocated for a ban on conventional weapons sales to Iran, the cable said.

With Stuxnet delaying Iran’s bomb, is the urgency gone?


In the wake of revelations that a computer virus may have set back Iran’s nuclear weapons program, the Western groups and analysts that track the Islamic Republic are saying “More of the same, please.”

The benefits of a nonviolent program that inhibits Iranian hegemony by keeping the country’s nuclear weapons program at bay are obvious: Better to stop Iran with cyber warfare—in this case, the Stuxnet computer virus, which reportedly caused Iran’s nuclear centrifuges to spin out of control—than actual warfare.

For those who favor engagement, the cyber attack buys more time to coax the regime in Tehran into compliance. For those who favor the stick, it allows more time to exert pressure on Iran through sanctions and diplomatic isolation.

Almost coincident with last weekend’s revelations—published in Sunday’s New York Times in a piece that detailed the extent of the damage caused by the virus—Meir Dagan, the outgoing head of Israel’s Mossad intelligence agency, said that Iran likely would not have a bomb before 2015. Prior to that, Israeli assessments had predicted a weapon as early as this year.

The Stuxnet revelations, if anything, reinforce the need for a tough stance, said Rep. Howard Berman (D-Calif.), the ranking member of the U.S. House of Representatives Foreign Affairs Committee. They underscore how committed Iran is to producing a bomb, he told JTA.

“It’s a reason to push down on the pedal,” said Berman, who crafted the most recent Iran sanctions law in the Congress. “Iran is still enriching uranium. It is absolutely critical we bear down with a comprehensive strategy of which sanctions is a critical part.”

Mark Dubowitz, the executive director of the Foundation for the Defense of Democracies, said the delay was welcome but that the prospect of new complacency in the wake of its announcement makes it more urgent than ever to maintain a posture that includes the threat of a military strike on Iran.

“No individual measure is a silver bullet,” he said. Stuxnet “set back the program but hasn’t stopped it. If you’re going to target a hard-line regime, you’ve got to have a military option on the table.”

Such a concern was behind Prime Minister Benjamin Netanyahu’s furious backpedaling in the wake of Dagan’s pronouncement about 2015. The Israeli leader dismissed the prediction as one of several “intelligence estimates.” Dagan, reportedly under pressure from the Prime Minister’s Office, recast the deadline this week as 2014 and noted carefully that Iran is capable of surprises.

Champions of engagement also welcomed the revelations of the damage Stuxnet apparently caused to Iran’s nuclear program, seeing it as an opportunity.

“The cyber worm may have set back Iran’s nuclear program, but it is unlikely to alter its nuclear ambitions,” said Ori Nir, the spokesman for Americans for Peace Now. “In order to introduce real change, the U.S. and its international allies must change the manner in which they deal with Iran and start to comprehensively engage with Tehran.”

Hadar Susskind, the vice president for policy at J Street, the liberal pro-Israel lobby that advocates for U.S. pressure on Israel in talks with the Palestinians, said the news of the virus demonstrated that there are creative ways of working around military brinksmanship when it comes to Iran.

“Any nonviolent method is good,” Susskind said. “It shows we can create more time using a range of tools.”

No nation or entity has acknowledged being behind the virus, which seemed to be designed to assume control of the nervous system at Iran’s nuclear facilities and to spin the centrifuges out of control, damaging about a fifth of them. The Times, citing anonymous sources, suggested that it was a U.S.-led venture with Israel’s cooperation. Germany and Britain also may have been involved, though perhaps unwittingly.

Mark Fitzpatrick, the director of the nonproliferation and disarmament program at the London-based International Institute of International Studies, said it was critical not to regard the virus as a “deus ex machina” that would allow the world to shunt aside considerations of Iran’s ambitions.

“Any solution to the Iranian crisis will require the use of a range of tools, including tougher sanctions, tighter export controls, a containment and deterrence posture, and a readiness to talk,” he said. “Stuxnet obviously provides some breathing space by extending the timeline for Iran to get a bomb. It would be nice if it also gave Iranians a sense of futility that their enrichment efforts are not going to give them a bomb anytime soon.”

That’s not likely to happen, according to Geneive Abdo, the director of the Washington-based National Security Network’s Inside Iran project. Iran’s leadership is susceptible to popular Iranian support for its nuclear program.

Because of public opinion, she said, “They’re very careful that they’re not compromising on this issue.”

If anything, Abdo said, the revelations will prod the regime to become more recalcitrant when it comes to major compromises, like shutting down enrichment entirely. Iran has tended to harden its line when it is weak.

Instead, she said, Western powers might press for compromise on smaller issues like a broader regime of U.N. inspections. Western powers are scheduled to meet this weekend in Istanbul with Iran to discuss its nuclear program.

“The West should use this breathing space to try and convince Iran to agree to more verification,” Abdo said. Citing her sources inside Iran, she said that “The Iranians are more fearful that more damage is on the way, so that’s an incentive to compromise to some degree.”

Indeed, Iran last week invited representatives of major powers to tour its enrichment plant in Natanz to see that Iran is limiting itself to civilian-level nuclear power. The major powers—including the United States, Russia, the European Union and China—declined, saying that the only inspections they would sanction would be by qualified inspectors from the International Atomic Energy Agency, the U.N.’s nuclear watchdog.

Dagan’s prediction and the Stuxnet leaks may have been timed precisely to pressure Iran to expand such inspections ahead of this weekend’s talks, said Trita Parsi, the director of the National Iranian American Council and the author of a number of books on Iran-Israel relations.

“The Obama administration has changed the metrics,” Parsi said.

“We’re not talking about the LEU count,” he said, referring to Iran’s burgeoning supply of low-enriched uranium, which had worried the West. “We’re talking about the centrifuges that have been destroyed. Shifting the conversation to Stuxnet puts you in a stronger position.”

Domestically, Parsi said, the revelations also may pay off as the White House fends off demands from Congress that it ratchet up pressure on Iran, including through the military option.

Berman’s outlook suggested that was not likely.

“Let me know when Iran certifiably suspends enrichment and allows inspections, throughout all its territory, and then we can have a conversation about sanctions,” he said. “Having that military option on the table is an important part of achieving that goal and affecting their calculations.”

+