‘Dutch mole’ planted Stuxnet virus in Iran nuclear site on behalf of CIA, Mossad

Attack that damaged 1,000 Iranian centrifuges, uncovered in 2010, required operative to carry sabotaging software into Natanz site and deliver it to control systems

Stuart Winer is a breaking news editor at The Times of Israel.

Iran's nuclear enrichment facility in Natanz, April, 9, 2007. (AP Photo/Hasan Sarbakhshian)
Iran's nuclear enrichment facility in Natanz, April, 9, 2007. (AP Photo/Hasan Sarbakhshian)

An Iranian engineer recruited by the Netherlands planted the Stuxnet virus at an Iranian nuclear research site in 2007, sabotaging uranium enrichment centrifuges in what is widely regarded as the first ever major use of cyber-weapons, Yahoo news reported Tuesday.

At the request of the CIA and Israel’s Mossad spy agency, the Dutch intelligence agency AIVD recruited an Iranian engineer to implant the virus program into Iran’s Natanz enrichment facility, four intelligence sources familiar with the details told the news site.

The report apparently provided the answer to one of the mysteries about the Stuxnet virus story — how the malicious program was introduced into Iranian control systems at Natanz, which was quarantined from the internet.

“The Dutch mole was the most important way of getting the virus into Natanz,” a source told Yahoo.

The Stuxnet virus was uncovered in 2010 and was widely reported to have been developed together by US and Israeli intelligence. It penetrated Iran’s rogue nuclear program, taking control and sabotaging parts of its enrichment processes by speeding up its centrifuges.

Up to 1,000 centrifuges out of 5,000 were eventually damaged by the virus, according to reports, setting back the nuclear program.

The CIA and Mossad refused to respond to inquires about the report, as did the AIVD, Yahoo said.

Iran insists its nuclear program is peaceful, a claim disputed by most Western countries.
Then-Iranian President Mahmoud Ahmadinejad visits the Natanz Uranium Enrichment Facility some 200 miles (322 kilometers) south of the capital Tehran, Iran in 2008. (AP/Iranian President’s Office)

In addition to actually delivering the virus to its target, the Iranian engineer reportedly gave intelligence agencies data about the centrifuges and their installation enabling US developers to write code targeting the Natanz systems, the sources said.

The mole gained entry to the site by posing as a technician for a front company, created by the US and Israel for the purpose of infiltrating the site. Two such companies were set up as part of the operation but only once succeed in getting approval to work at Natanz, according to the report.

The operation was dubbed “Olympic Games” in a reference to the five-ring symbol of the sporting contest because it involved the intelligence agencies of five countries, including the US, Israel, the Netherlands, Germany, and either the UK or France.

In 2004 the CIA and the Mossad had begun asking the Dutch for help in penetrating Natanz, a site the Iranians started to construct in 2000.

The centrifuges Iran used were based on a design stolen from a Dutch company by Pakistani scientist Abdul Qadeer Khan, who was considered the father of rogue programs around the world. Israeli and US experts were able to study the centrifuges and develop the virus to sabotage them when a ship carrying Libyan machines identical to ones being used by Iran was intercepted by US and British authorities in 2003.

Former US president George W. Bush personally approved the attack operation in 2006 after reviewing the results of a test which showed the virus could work, the report said.

Illustrative. International Atomic Energy Agency inspectors (2nd and 3rd left) and Iranian technicians at Natanz nuclear power plant, south of Tehran, on January 20, 2014. (Kazem Ghane/IRNA/AFP/File)

The Dutch mole gained access to Natanz some time before the summer of 2007. Although not directly involved in centrifuge installation he was able to gather information about the devices and their configuration.

He made several visits to the site, obtaining “essential information” needed to make the virus succeed, a source said. Later, he physically brought the virus into the complex and installed it into the systems.

In the following years there had been several versions of the virus developed, which varied the spin speed of the centrifuges, wearing them out. Later versions were delivered via unsuspecting workers at Natanz whose computers were infected with the virus outside the plant and then unwittingly carried it in themselves.

The virus eventually spread to other systems outside Natanz and across the world where it was eventually noticed by cyber security experts who announced its discovery in June 2010.

Iran reportedly executed several workers at Natanz after the virus was made public. Two of the intelligence sources confirmed to Yahoo that there were deaths but it is not known if that included the Dutch mole.

Iran eventually signed the Joint Comprehensive Plan of Action with world powers in 2015, agreeing to dismantle the weapons-capable aspects of its nuclear program in return for the lifting of sanctions.

US President Donald Trump pulled out of the deal last year and reapplied crippling sanctions while demanding Iran renegotiate more severe restrictions on its nuclear program and missile development.

Britain, France, Germany, China and Russia have tried to keep the pact going it has steadily unraveled with Iran decrease its own commitments to the deal, raising concerns that it was shortening the breakout time it needs to enrich uranium to weapons-grade.

Most Popular
read more: