Report: Dutch agency recruited Iranian mole to help U.S. and Israel plant Stuxnet virus

September 4, 2019

The 2007 Stuxnet virus attack perpetrated against Iran's then-budding nuclear program was made possible after U.S. and Israeli intelligence coordinated with Dutch intelligence agency AIVD to recruit an Iranian engineer as a mole who could infect Iran's enrichment plant near Natanz, Yahoo News reported this week.

The engineer initially provided data that helped Stuxnet's authors develop code that specifically targeted the plant's systems. Later, that same insider entered the facility by posing as a mechanic, and either directly downloaded the virus into its systems via a USB flash drive, or infected the system of a facility engineer, who would later unknowingly spread the virus, the report continues, citing multiple intelligence sources.

The Stuxnet campaign, which was nicknamed Operation Olympic Games, was designed to sabotage and stall Iran’s nuclear ambitions while nations sought a means to end the program through sanctions and diplomacy. The virus infected programmable logic controllers (PLCs) from Siemens, causing destruction when the exit valves on certain centrifuges would close, trapping gas and raising internal pressure, or when the Iranian nuclear centrifuges operating via these PLCs would secretly spin out of control and break.

The plan worked until Stuxnet was discovered and exposed in 2010. Iran would ultimately resume its operations, but in 2015 agreed to a Joint Comprehensive Plan of Action that was negotiated with the P5+1 nations and the European Union. In May 2018, the U.S. withdrew from the agreement under the orders of President Donald Trump.

Olympic Games was primarily led by the NSA, CIA, Israel's Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit. But Yahoo News reports that the two nations also received strategic assistance from the Netherlands, Germany, the U.K., and one other nation that is believed to be France.

The Netherlands not only recruited the Iranian mole, but reportedly also provided intel on Iran's efforts to procure nuclear equipment, using information gleaned by hacking and infiltrating a network of actors who helped develop nuclear programs in Iran and Libya. Germany, meanwhile, provided technical specifications on the Siemens industrial control systems. (France may have offered similar intel, the report adds.)

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.