top of page

The time Israel cyberattacked Iran, and the attack hit the entire world.

   18.01.2022 | Yishai Gelb
Image by Markus Spiske

In 2010, a massive Israeli-American cyber attack against Iran was dubbed Stuxnet. The attack was highly sophisticated, which harmed the Iranian nuclear program and exposed the Israeli cyber capabilities and offensive cyber capabilities.

The Iranian nuclear program is scattered throughout many atomic facilities in the country. These facilities are built-in remote mountainous areas deep in the ground to prevent any airstrike or missile attack that could destroy these facilities and stop their pursuit of nuclear weapons. The Iranians have an advanced program that includes engineers and physicists using Western technologies and vital components - centrifuges, a tool responsible for uranium enrichment, enrichment necessary for any nuclear development, whether for electricity generation or atomic weapons production.

Engineers are an essential part of Iran's nuclear program, which is why Israel tries to hurt the Iranian nuclear program by eliminating such Physicist. One such example is a hit on a physicist in Iran's capital Tehran's when a bomb placed next to his vehicle exploded as he entered the car. In July of 2010, two motorcyclists pinned explosives to a car in which two nuclear scientists were traveling. In July 2011, a nuclear scientist was shot dead at the door of his home by motorcyclists. No country has taken responsibility for these assassinations or other assassinations of scientists, engineers, and physicists who are part of this program, assassinations designed to stop or delay progress.

But the climax was instead in the intrusion into the facilities themselves to destroy the centrifuges. A malicious worm was developed for this purpose. Apparently, in 2006, the Bush administration that cooperated with Israel against Iran and wanted to halt its program without a direct military attack approved an operation called the "Olympic Games." An extensive cyber process was supposed to paralyze all Iranian systems beyond nuclear power. In cooperation with the Israeli 8200 intelligence unit, NSA developed a complex malicious worm, 15,000 lines of code long in advanced languages ​​with a digital signature and with no bugs in the code, which made it even more challenging to identify. This worm was installed into Iranian systems manually, i.e., by disk on key.."

The identical centrifuges are managed by SCADA-type control systems responsible for monitoring, controlling, and collecting the data. SCADA systems are used in energy, water supply, air conditioning systems, electricity, and more. That is, they are essential for any advanced industrial and managerial process.." The nuclear facility at Natanz was the central part of the Iranian uranium enrichment; the systems in that facility were operated by a SCADA system made by the German company Siemens. The worm itself infiltrated this system that managed the centrifuges and their activity. From the moment it entered the system, the worm stays for many months in the same system without being active while collecting information and receiving instructions remotely and eventually starting the extermination process.."

Once the cyberattacks decide to send an order to the worm to begin its attack, what would happen is that the centrifuge is ordered to increase the rotor speed to such a level that it overheats and destroys itself or change the activity so that its valves are released. Then, slowly without any human contact, the system destroys itself., all while the movement on the screens looks normal. Still, no one was aware that the rotor was rotating too fast during standard operation, but the speed seemed normal again on display.

From 2007 to 2010, a total of one-fifth of the centrifuges at the facility were destroyed and significantly impaired the ability to enrich uranium. The operation progressed successfully when the scientists themselves did not understand what was happening. Some physicists were fired on the charge of irresponsibility and professionalism without knowing that their enemy had a successful cyberattack.

But in June 2010, the attack became famous. There is an accusation that Israel wanted to increase the rate of destruction of the Iranian facilities in that year. The Israeli 8200 unit changed the code itself, making the worm more dangerous. The charge may or may not be accurate, but the worm spread quickly from that moment. From the nuclear facilities, it leaked to other facilities in Iran and facilities and systems in India, Pakistan, Australia, Germany, Poland, and even to systems within the US with the danger of global paralysis. That same month a Polish information security company spotted the worm. Attempts were made to identify its source and figure out how to stop it. During this time, the worm and the phenomenon became known as Stuxnet.

Eventually, the impact of the worm reduced when the code was discovered and entered into decryption processes. However, there is a risk that Russian and Chinese cyber services exposed to the code itself could recover it for their attacks.

Israel's inability to attack Iran militarily directly and the United States' reluctance to attack also led both countries to increase their defensive and offensive cyber capabilities. In May 2009, Obama, who took the cyber issue very seriously, presented a national cyber defense plan to protect the American network from Russian, Chinese, and Iranian attacks and, of course, against North Korea without offering a program for cyber attacks. However, Adurad Snowden, a former employee of the NSA, claimed that during Obama's first term, the United States spent $ 52.6 billion in favor of offensive cyber. In addition, the Obama administration approved cyberattacks several times in a presidential order.

Iran has increased not only its defense but also its attacks. In a short time, it attacked the computer facilities of the Saudi oil company Aramco. It erased all information it could and later attacked the American bank systems and prevented millions of Americans from accessing their bank accounts for a short time. The Iranian backlash has revealed how real and dangerous a cyberwar is as Iran expands its cyber army.

A decade after Stuxnet, Israel's cyber capabilities have improved significantly along with those of the United States. A cyberwar is a possible thing that could shock regional and global economies and could very well be the basis for any future attack on Iranian nuclear facilities.

bottom of page