Questions are being raised about the involvement of U.S. government researchers in the creation of a digital weapon that experts believe may have sabotaged centrifuges at a uranium-enrichment plant in Iran.
Researchers at the Idaho National Laboratory, which is overseen by the U.S. Department of Energy, may have passed critical information to Israel about vulnerabilities in a system that controls Iran’s enrichment plant at Natanz. That information was then used to create and test the so-called Stuxnet worm that was unleashed in a joint cyberattack on Natanz, according to The New York Times.
The report, based on anonymous sources, is sparse on detail but asserts that in 2008, INL worked with the German firm Siemens to uncover vulnerabilities in its industrial-control system. Stuxnet was then created to exploit those vulnerabilities and was lab-tested at Israel’s nuclear facility in Dimona. The Dimona facility, according to the Times, has been involved in a joint U.S.-Israel operation for the last two years to thwart Iran’s production of enriched uranium and forestall its development of a nuclear weapon.
Researchers at Dimona set up a test bed composed of the Siemens system and the same IR-1 nuclear centrifuges (also known as P-1 centrifuges) used at Natanz to gauge Stuxnet’s effect on them. The malware was discovered in the wild last June infecting systems in Iran and elsewhere, and last November, Iran acknowledged that malicious software had sabotaged centrifuges at Natanz.
Threat Level has already reported extensively on how Stuxnet worked and on clues that were previously uncovered that suggested Israel was behind the attack. Although it’s long been suspected that the United States played a key role, if not the lead role, in creating the malware, there’s been no definitive evidence.
The Times story falls short of delivering that evidence, but Threat Level has been tracking the same story for months, and it’s worth fleshing out the report with additional details.