Israel tested Stuxnet worm, says report

New York Times cites strongest clues yet of Israel-U.S. involvement

The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was jointly created by Israel and the U.S., the New York Times said Saturday.

Citing confidential sources, the U.S. newspaper claimed that Israel's covert nuclear facility at Dimona was used to test the worm's effectiveness on centrifuges like the ones Iran employs at its Natanz complex, which has been plagued by technical problems.

The Times also spelled out other clues it said "suggest[ed] that the virus was designed as an American-Israeli project to sabotage the Iranian program."

Stuxnet, which first came to light in June 2010 but may have been aimed at Iran as early as mid-2009, has been extensively analyzed by security researchers, most notably a three-man team at Symantec, and by Ralph Langner of the German firm Langner Communications GmbH.

According to both Symantec and Langner, Stuxnet was most likely designed to infiltrate Iran's nuclear enrichment program, hide in the Iranian SCADA (supervisory control and data acquisition) control systems that operate its facilities, then force gas centrifuge motors to spin at unsafe speeds. Gas centrifuges, which are used to enrich uranium, can fly apart if spun too fast.

Symantec's analysis gained credence last November after the International Atomic Energy Agency (IAEA), the United Nations' nuclear watchdog, reported that Iran had stopped feeding uranium hexafluoride gas to its centrifuges at Natanz for about a week. Speculation quickly focused on Stuxnet as the reason for the shutdown.

On Nov. 29, Iran President Mahmoud Ahmadinejad admitted that a "limited" number of centrifuges had been affected by software he claimed had been installed by the country's enemies. It was the first time that an Iranian official had acknowledged the worm had struck its enrichment machinery.

Ahmadinejad has frequently blamed Israel and the U.S. for trying to destabilize his regime.

The New York Times' story amassed other circumstantial evidence that Stuxnet was a joint Israeli-U.S. creation.

According to the newspaper, Siemens -- the German maker of the SCADA systems purportedly used by Iran -- cooperated in 2008 with the Idaho National Laboratory (INL) to help experts there identify vulnerabilities in the control systems. The lab -- located about 30 miles east of Idaho Falls, Idaho -- is the U.S. Department of Energy's lead nuclear research facility.

Also in 2008, Siemens asked the Department of Homeland Security to conduct a security assessment on its popular PCS 7 control systems, a fact highlighted in a conference hosted by the IHL and Siemens that year in Chicago.

Stuxnet targeted Siemens' PCS 7 control systems and its Step 7 software.

Israel, meanwhile, set up an unknown number of gas centrifuges at its top-secret Dimona complex, then tested Stuxnet on the machines and their control systems, according to the New York Times. The centrifuges were virtually identical to the ones used by Iran.

Dubbed "P-1" centrifuges because they were Pakistan's first-generation design, the machines are notoriously unpredictable, and often fail at rates much higher than more sophisticated designs. Iran's centrifuges are knock-offs of the P-1, and are usually identified as "IR-1" models.

But the Israelis, and perhaps the Americans at their own Oak Ridge National Laboratory in Tennessee, succeeded in getting several P-1 centrifuges up and running, the New York Times said. The publication cited an anonymous American expert in nuclear intelligence, who told the paper that the Israelis had used the P-1 centrifuges at Dimona to test Stuxnet's effectiveness.

An Israeli link to Stuxnet has been long suspected, both because Israel has been vocal about the danger posed by a nuclear-armed Iran and because of several obscure clues buried in the worm's code. Rather than launch a military strike, as it did against an unfinished Iraqi nuclear reactor in 1981, the scenario goes, the country decided to wage cyber warfare.

Other hints came from security researchers, who unanimously agreed that Stuxnet's complexity pointed to a state-sponsored project, probably one that involved a large team of programmers, SCADA experts and intelligence analysts.

Langner, who has spent months pulling the worm apart, said earlier this week that Stuxnet was a natural weapon for opponents of Iran's nuclear program to unsheathe.

"If any target would justify a full-blown cyberwar strike for the first time in history, those centrifuges certainly would," Langner said Jan. 10 on his blog, where he has spelled out his findings and speculations. Langner believes that Stuxnet's creators had access to what he called a "mockup test system" to try out their worm on actual centrifuges.

Although Stuxnet has apparently not crippled Iran's nuclear program, it seems to have seriously hindered it, perhaps more than some have thought. Just last week, for example, the outgoing head of Israel's Mossad intelligence service said setbacks meant Iran wouldn't be able to create a bomb before 2015.

Langner was more skeptical about Iran's chances of solving the problems created by Stuxnet.

"In the moment when they will have cleaned up all systems, a new dropper exploiting new Windows zero-day vulnerabilities will likely be underway already," Langner asserted last week, echoing research last September that said systems scrubbed of Stuxnet could be easily re-infected.

"The cyberwar nightmare for Tehran may have only just begun," said Langner.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags managementNetworkingsymantecMalware and VulnerabilitiesGovernment/IndustriesCybercrime and Hacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?