Iran’s nuclear programme is back in the spotlight as US President Donald Trump has made it clear that he wants Tehran to stop enriching its uranium stockpile to weapons-grade. Trump has put Iran’s nuclear programme as the biggest bargaining chip for Iran to avoid a US military strike there.
Iran, so far, has refused to end its nuclear programme, which Tehran insists is for peaceful purposes, but has expressed openness to some concessions to address the US concerns.
The threat of a military strike is the latest US attempt to prevent Iran from acquiring nuclear weapons. In the past, the US has tried to derail Iran’s nuclear programme using sanctions and various covert operations.
Operation Olympic Games
The most notable such operation was Operation Olympic Games, which is believed to have started in 2006. Though it has never been officially acknowledged, a New York Times report said, Operation Olympic Games was started under the George W. Bush administration and continued under President Obama.
Stuxnet
Operation Olympic Games was carried out jointly by the US and Israel and involved the use of Stuxnet, a malware that infiltrated the Natanz uranium enrichment facility in Iran.
Stuxnet was a uniquely complex malware that is said to have been developed over three years and was capable of attacking multiple layers of Natanz’s infrastructure. Stuxnet is also considered the world's first digital weapon.
Due to its strategic nature, the Natanz uranium enrichment facility was not connected to the internet, and access was highly restricted, which meant that Stuxnet could not infect the systems there through conventional means.
How Stuxnet got inside Natanz
The US and Israel, working together with the Dutch spy agency AIVD, managed to smuggle Stuxnet on a USB drive inside Natanz. It was done by a Dutch engineer, who set up a shell company and gained access to Natanz, while posing as a technician.
It is unclear how exactly Stuxnet was transferred to a computer inside Natanz. It is believed that the Dutch spy either directly installed the code himself by inserting a USB into the control systems, or he infected the system of an engineer.
What Stuxnet did
Either way, Stuxnet lay low and only became active in 2008, and utilized an unprecedented four previously unknown zero-day vulnerabilities in Microsoft Windows to spread across networks and gain administrative control.
Once Stuxnet became active, it began disrupting the enrichment process by abruptly changing the speed at which the centrifuges were being spun, by speeding them up beyond what they were designed to spin and then slowing them down. The aim was to both damage the centrifuges and undermine the efficiency of the enrichment process.
And it worked as Stuxnet destroyed approximately 1,000 centrifuges, which was about one-fifth of the facility's total, and reduced enrichment efficiency by roughly 30 per cent.
While this was happening, Stuxnet was also programmed to hide its results from the Iranian authorities by sending fake, normal-looking sensor data to the control room monitors, to make everything look normal.
Stuxnet was exposed in 2010 when it was discovered by Sergey Ulasen, a security researcher then working for the Belarusian antivirus company VirusBlokAda. But by then, Stuxnet had done exactly what it was intended to do - derail and delay Iran’s nuclear enrichment.
Key Takeaways
- Stuxnet demonstrated the potential of cyber warfare as a strategic military tool.
- The operation highlighted the collaboration between the US, Israel, and intelligence agencies.
- The impact of cyber attacks on national security can have long-lasting effects, as seen in Iran's ongoing nuclear program.
