Powered by WebAds

Tuesday, April 17, 2012

Report: Israel used MEK agent to load Stuxnet directly into Natanz

Citing US intelligence sources, an online industrial security publication is reporting that Stuxnet was placed directly into Iran's Natanz nuclear power plant by a member of the MEK, acting on behalf of Israel, using a corrupted memory stick.
These sources, who requested anonymity because of their close proximity to investigations, said a saboteur at the Natanz nuclear facility, probably a member of an Iranian dissident group, used a memory stick to infect the machines there. They said using a person on the ground would greatly increase the probability of computer infection, as opposed to passively waiting for the software to spread through the computer facility. “Iranian double agents” would have helped to target the most vulnerable spots in the system,” one source said. In October 2010, Iran’s intelligence minister, Heydar Moslehi said an unspecified number of “nuclear spies” were arrested in connection with Stuxnet.33 virus.

Former and senior U.S. officials believe nuclear spies belonged to the Mujahedeen-e-Khalq (MEK), which Israel uses to do targeted killings of Iranian nationals, they said. “The MEK is being used as the assassination arm of Israel’s Mossad intelligence service,” said Vince Cannistraro, former head of the CIA’s Counterterrorism. He said the MEK is in charge of executing “the motor attacks on Iranian targets chosen by Israel. They go to Israel for training, and Israel pays them.” Other former agency officials confirmed this.

As ISSSource reported, Stuxnet was a comprehensive U.S.-Israeli program designed to disrupt Iran’s nuclear technology. This joint program first surfaced in 2009 and worked in concert with an earlier U.S. effort that consistently sabotaged Iran’s purchasing network abroad.

But the United States never indulged in targeting killings of Iran scientists, and former senior U.S. officials said the U.S. public remained unaware of a separate Israeli program, independent of the United States, that has for ten years been assassinating key Iranian nuclear scientists and sabotaging key Iranian facilities using a proxy group of Iranian dissidents. These dissidents have a functioning, effective network inside Iran and they have access to officials in the nuclear program.


Meanwhile, going back to Stuxnet, once the memory stick was infected, the virus was able to infiltrate the network and take over the system. U.S. officials said they believe the infection commenced when the user simply clicked on the associated icon in Windows. Several reports pointed out this was a direct application of one of the zero-day vulnerabilities Stuxnet leveraged.

Building and deploying Stuxnet required extremely detailed intelligence about the systems it was supposed to compromise, and has made reprogramming highly specific installations on legacy systems more complex, not less. According to reports, the Stuxnet mystery was unveiled in June 2010, when a small company called VirusBlokAda in Minsk, the capital of Belarus was emailed by a dealer in Tehran about an irritating problem some of his clients were having with their computers.

The company analyst saw the computers were constantly turning off and restarting. At first the analyst thought it was just a problem with the hardware. But when they said several computers were affected, not just one, VirusBlokAda understood it was a problem with the software the computers were running.

Read the whole thing.

Labels: , ,


Post a Comment

<< Home