The US government – under both the Bush and Obama administrations – and the Israeli government were engaged in a program for years to develop cyberweapons targeting Iran’s nuclear facilities, a program that led to the development and deployment of the Stuxtnet worm, according to a report by the New York Times.
Citing anonymous US, Israeli, and European government officials who participated in the program, the newspaper said the Obama administration accelerated the cyberattacks against the Iranian facilities after the Stuxnet worm was accidentally disclosed to the public in 2010.
The accelerated Stuxnet attacks took out nearly 1,000 of the 5,000 centrifuges Iran was using to process fuel for its nuclear reactors, according to the report. This figure corresponds to one arrived at by an independent study issued by the Institute for Science and International Security in 2010.
According to US government estimates cited in the newspaper report, the Stuxnet attacks set back the Iranian nuclear program by 18 months to two years, although outside experts are skeptical of that claim.
Commenting on the New York Times report, Mike Reagan, vice president at LogRhythm, said that the “disclosure of the US government’s and Israeli role in the Stuxnet cyber attack offers further proof that this isn’t an isolated incident, and in the weeks and months ahead it is likely we’ll learn about other nation-state attacks. This particular undertaking was being planned and developed for years, and the sophisticated nature of it provides further proof that other attacks could have been launched months or years ago. Stuxnet might still be the great unknown malware if not for human error.”
Gunter Ollmann, vice president of research at Damballa, added that “Stuxnet was very advanced and specifically targeted. However, despite the best of intentions and secure handling of the 'munition', it still escaped into the public. While it is difficult for others to re-task the core programmable logic controllers code for other attacks, we did see that the 'new' exploits that were bundled with Stuxnet were consumed by the hacker community and used in anger in other attacks within days of their disclosure."