Details that cyber attacks on Iran's nuclear fuel facility were carried out by infiltrating `` Dutch spies ''



In 2010, it became clear that the nuclear fuel facility in Iran-Nathanz was subjected to a cyber attack, after which it was also found that US and Israeli intelligence agencies led the cyber attack. However, how the centrifuge actually used for uranium enrichment has been infected with malware has been a mystery so far, details from the information source that `` Dutch spy '' infiltrated the facility is clear it was done.

Revealed: How a secret Dutch mole aided the US-Israeli Stuxnet cyberattack on Iran

The computer worm `` Staxnet '' discovered in June 2010 can infect industrial control systems, and it is clear that the United States and Israel cooperated and used in attacks targeting Iran's nuclear facilities It has become.

The existence of an electronic war plan `` Nitro Zeus (NITRO ZEUS) '' for Iran by the United States is revealed-gigazine

The existence of Staxnet was discovered by VirusBlokAda, a Belarusian anti-virus software maker, as the infection range has expanded beyond Iran. The details of this cyber attack were reported by the New York Times in 2012, and in 2013 the former NSA employee Edward Snowden, who was interviewed by the German news weekly magazine Spiegel, acknowledged the fact . On the other hand, it remains a mystery how the US and Israel infected highly protected Iranian computer systems with malware.

According to sources at Yahoo News, this operation involved a spy hired by the Dutch intelligence agency AIVD . AIVD, commissioned by the United States and Israel, hired Iranian engineers to provide important data such as code to target a nuclear facility in Natanz, Israel. The spy engineer also provided internal access information to use a USB drive to infect Staxnet with the system.


Jefferson Santos

AVID was requested by the CIA and the Israeli Intelligence Agency (Mossad) in 2004, but it took three years for the spy to infect Staxnet with the target. Until then, Spy worked as a worker at a dummy company.

The large-scale cyber attack plan `` Nitro Zeus '' to disrupt Iran's important infrastructure activities such as government, power plants, power grids, etc. was called `` Olympic Games '' at the time of operation . According to sources, the NSA, CIA, Mossad, Israeli Ministry of Defense, and 8200 units were the center of the plan, but the code name was `` Olympic Games '' because it was also supported by information agencies in the Netherlands, Germany, France, and England It seems that it became. Germany provides the specifications and knowledge of the industrial control system for centrifuges made by the German company Siemens , and France is said to have provided information in the same way.

The Netherlands, on the other hand, has a different approach to planning. This is because the centrifuge design in Natants was stolen from the Netherlands in the 1970s by Abdul Kadir Khan , a Pakistani scientist. Khan created a Pakistan nuclear program based on the stolen design, and then sold the program to countries such as Iran and Libya. AIVD and CIA infiltrated Khan's supply chain network and performed classic espionage and hacking.

It was in 2004 that AVID was planning to block the centrifuge from the United States and Israel, but it took time to establish a dummy company with employees, customers, and activity history. For this reason, Iran stopped implementing the agreement to report the use of uranium to the International Atomic Energy Agency in 2005 without disturbing the nuclear program, and in 2006 deployed a large amount of uranium fluoride gas to a pilot plant in Natanz. In February 2007, the first centrifuge was installed at the Nattanz facility and the program started.

At the same time, the planning for the Olympic Games proceeded. An attack code was developed, and in 2006, a centrifuge was tested for disturbance and presented to President George Bush. President Bush is said to have confirmed the success of the test and approved the operation.

By May 2007, Iran had 1,700 centrifuges installed in Natanz, with the number expected to double by the summer of that year. However, before the summer of 2007, an AVID spy had already entered the Natanz facility.


Arman Taherian

The company that AVID spies first established had a problem with the way they were established, and the plan was unsuccessful because it seemed suspicious. However, in the second company, the spies succeeded in infiltrating the facility as workers. Although managing the centrifuge was out of scope, it was possible to gather the centrifuge information needed to attack the system. The source did not reveal what the details of the information gathered at that time were, but it seems that the information has been used to update the Staxnet code and improve the accuracy of the attack.

According to Symantec, a security company that conducted reverse engineering after Staxnet was discovered, there was actually evidence of code modifications during this period. On September 24, 2007, the final corrections necessary for the attack were made, and the final code compilation was performed. The purpose of this code was to increase the pressure in the centrifuge, cause damage over time and dispose of the gas.

Since the Siemens control system in Nattanz was not connected to the Internet, Staxnet had to use a USB drive. The spy appears to have inserted the code directly into the control system using a USB drive or handed the USB drive to an engineer who manages the system.

A spy who succeeded in infecting Staxnet never returned to Nattanz. Staxnet has been sabotaging since 2008, but the Olympic Games will decide to update the code in 2010. However, since the spy hired by AVID had already been lifted from Nattanz, the Olympic Games devised a strategy to infect the external target with Staxnet and bring it into the facility. The target was an Iranian contractor responsible for installing industrial control systems.

Symantec's Liam O'Murchu said that the change in the first and second operations was “interesting” and said the idea that “the skill of the Olympic Games has improved so that it is no longer necessary to endanger the infiltrating spies” is showing.

In the second operation, multiple diffusion mechanisms were set up to infect the target with malware, but the spread spread to other contractors' customers and people outside the country, and the existence of Stax Net It seems that it has become clear.


A few months after Staxnet was discovered, the Iranian government announced that it had arrested multiple workers in Natanz. Arrested workers are believed to have been executed, but sources did not reveal whether there were Dutch spies in them.

Staxnet did not significantly reduce Iran's nuclear program, but succeeded in bringing Iran to a negotiating position, eventually reaching the Iranian nuclear agreement in 2015. The CIA and the Israeli Intelligence Agency have not responded to requests for comments from Yahoo News, and AVID has declined to comment.

in Security, Posted by darkhorse_log