Report: Stuxnet planted by Iranian double agent for Israel

An Iranian double agent working for Israel used a memory stick to plant the Stuxnet virus that disrupted Iran’s nuclear program, according to a published report quoting current and former U.S. intelligence officials.

Richard Sale, writing for ISSSource, said the agent, probably a member of an Iranian dissident group, used a corrupt memory stick.32 to implant the virus at the Natanz nuclear facility, according to the sources.

Iranian proxies, dissidents acting as double agents, also have been involved in assassinating Iran’s nuclear scientists, the sources reportedly told Sale.


Related stories:

Stuxnet, Duqu tip of the iceberg; more attacks on tap, researchers say

Feds confirm prisons vulnerable to Stuxnet-like attack


Stuxnet, likely the first example of weaponized malware, was already known to have spread via memory sticks, or key drives. Introduced in late 2009, it spread quickly to systems around the world, although it was designed for only one purpose: to attack a specific version of a Siemens programmable logic controller (PLC) that was used in centrifuges for uranium enrichment at Iran’s nuclear facilities.

The worm, which used four zero-day exploits in its attacks, disrupted the rotational frequency of the centrifuges, and ultimately damaged Iran’s nuclear program, according to an International Atomic Energy Agency report.

Uranium enrichment at the Natanz plant was shut down for seven days in November 2010. Reuters reported in February that engineers had finally succeeded in scrubbing Stuxnet from their systems.

Because of its complexity and its specific target, Stuxnet has been thought to be the work of a nation-state, and the United States and Israel have often been mentioned as possibly being behind it. ISSSource — or Industrial Safety and Security Source, a site that reports on manufacturing security and safety issues — has reported that Stuxnet was part of a joint U.S.-Israeli effort aimed at Iran. (The sources who told Sale about the assassination of Iranian scientists said, however, that the United States was unaware of those operations.)

Stuxnet’s success in disrupting nuclear processing in Iran has raised fears about what similarly designed malware could do if it attacked facilities in the United States and elsewhere.

In January, Kaspersky Labs said its researchers determined that Stuxnet and Duqu, a close variant that has been found gathering information on industrial systems in Europe, are likely part of a much larger family of malware, and that future Stuxnet-style attacks are likely.

That type of malware could be used to attack power grids, water processing plants and other critical infrastructure facilities. The Homeland Security Department in November confirmed earlier research showing that prisons, which use PLCs to control doors, video systems, alarms and intercoms, are vulnerable to a Stuxnet-like worm. 

The fact that much of the infrastructure in the United States in privately owned, rather than government-owned as in Iran, also could complicate the response to such attacks.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Tue, Apr 17, 2012

The only thing enlightening in this article is the fact we used it on Iran. This type of virus has been known and talked about in the engineering world ever since the Russian incident...so it does not constitute 'leaking' in any sense of the word except for the covert operation.

Mon, Apr 16, 2012 Bob Pace DC

Whoever leaked this should be prosecuted. I have no idea why these things get put out in the public. It is counterproductive, and why should we confirm their suspicions.

Mon, Apr 16, 2012 s collin

I'm concerned that this article was printed. A disgruntled Federal employee now appreciates just how easy it is to cause damage and havoc...

Mon, Apr 16, 2012

What is the point of making reports like this public. I'd feel a lot more safe and secure if reports like these were kept confidential. Covert operations should not be publicized in my opinion...

Mon, Apr 16, 2012 Steve

"The Secretary will disavow any knowledge of your actions". Really sounds like a Mission Impossible mission.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above