Security Experts:

Obama Ordered Use of Stuxnet, Acceleration of Cyber Attacks Against Iran

Author David Sanger Says President Obama Ordered Wave of Cyberattacks Against Iran

According to a soon-to-be-released book by The New York Times' chief Washington correspondent, David Sanger, President Obama secretly ordered - and decided to accelerate - cyber attacks against systems that powered Iran’s prime nuclear enrichment facility, namely its Natanz plant. The famous attack, as we all know, was Stuxnet.

And according to a New York Times article authored by Sanger and adapted from his book Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, set to be released on Tuesday, Stuxnet was born under the Bush administration in 2006, and originally code named “Olympic Games”.

“Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon,” Sanger notes. “Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.”

Confront and Conceal, David SangerSo rather than strike Iranian facilities with a missile, U.S. officials decided to take another approach: strike with a cyber weapon.

In order to successfully execute their attack, U.S. officials felt as though they couldn’t do it alone, and called on Israel to help, mainly for technical expertise from a special unit of the Israeli armed forces, Unit 8200, which according to Sanger, had extensive intelligence on operations at the Natanz plant and would play a critical role in the cyber attack’s success.

Once the powerful Stuxnet work was developed, the cyber weapon needed to be tested. Accordingly, the United States built replicas of the primary target, Iran’s P-1 centrifuges, described as “an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market.”

In July 2010, Stuxnet was discovered due of a programming error that allowed it propagate around the Internet and fall into the hands of security researchers who spent months analyzing it. It’s no surprise, as it has been wdely speculated and assumed that the powers behind Stuxnet are the United States in Israel, but nevertheless, the developers did not want news of their cyber weapon to leak.

“At a tense meeting in the White House Situation Room within days of the worm’s ‘escape,’ Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised,” Sanger explained.

President Obama reportedly questioned if the attack should be shut down, but after being told is was unclear what details the Iranians knew about the worm, it’s code, and where it could have come from, decided to continue the attack.

“The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium,” Sanger adds.

While the United States government has acknowledged that it is developing cyber weapons, it hasn’t officially admitted to putting them into action in an offensive manner.

“Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade,” Sanger concludes.

The story comes at an interesting time, as just this week news of Flame, another complex cyber weapon, emerged, again found targeting systems in Iran and the Middle East, though much wider in scope than Stuxnet and designed to steal more data than affect physical systems.

The five-page article is a fascinating read and the book is sure to be as well.

Subscribe to the SecurityWeek Email Briefing
view counter
view counter