Was double agent responsible for Stuxnet attack on Iran?

An Iranian double agent working for Israel used a memory stick to plant the Stuxnet virus that disrupted Iran’s nuclear program, according to a published report quoting current and former U.S. intelligence officials.

Richard Sale, writing for ISSSource, said the agent, probably a member of an Iranian dissident group, used a corrupt memory stick.32 to implant the virus at the Natanz nuclear facility, according to the sources.

Iranian proxies, dissidents acting as double agents, also have been involved in assassinating Iran’s nuclear scientists, the sources reportedly told Sale.

Related coverage:

Stuxnet cyberattack called responsible

Stuxnet, likely the first example of weaponized malware, was already known to have spread via memory sticks, or key drives. Introduced in late 2009, it spread quickly to systems around the world, although it was designed for only one purpose: to attack a specific version of a Siemens programmable logic controller (PLC) that was used in centrifuges for uranium enrichment at Iran’s nuclear facilities.

The worm, which used four zero-day exploits in its attacks, disrupted the rotational frequency of the centrifuges, and ultimately damaged Iran’s nuclear program, according to an International Atomic Energy Agency report.

Uranium enrichment at the Natanz plant was shut down for seven days in November 2010. Reuters reported in February that engineers had finally succeeded in scrubbing Stuxnet from their systems.

Because of its complexity and its specific target, Stuxnet has been thought to be the work of a nation-state, and the United States and Israel have often been mentioned as possibly being behind it. ISSSource — or Industrial Safety and Security Source, a site that reports on manufacturing security and safety issues — has reported that Stuxnet was part of a joint U.S.-Israeli effort aimed at Iran. (The sources who told Sale about the assassination of Iranian scientists said, however, that the United States was unaware of those operations.)

Stuxnet’s success in disrupting nuclear processing in Iran has raised fears about what similarly designed malware could do if it attacked facilities in the United States and elsewhere.

In January, Kaspersky Labs said its researchers determined that Stuxnet and Duqu, a close variant that has been found gathering information on industrial systems in Europe, are likely part of a much larger family of malware, and that future Stuxnet-style attacks are likely.

That type of malware could be used to attack power grids, water processing plants and other critical infrastructure facilities. The Homeland Security Department in November confirmed earlier research showing that prisons, which use PLCs to control doors, video systems, alarms and intercoms, are vulnerable to a Stuxnet-like worm. 

The fact that much of the infrastructure in the United States in privately owned, rather than government-owned as in Iran, also could complicate the response to such attacks.