Stuxnet, the worm that targeted Iran's nuclear facilities, was created by US and Israel


Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.

Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.

“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.

Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

Read the full story here. Don't miss the related infographic that explains, in simple steps, how the secret cyberwar process operated.

Related reading: Why did antivirus firms fail to detect phenomena like Stuxnet, and the more recent Duqu and Flame, for so long? Writing for Wired's Threat Level blog, Mikko Hypponen explains. "The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets."

The Washington Post reports on plans to further expand US cyberwarfare. And a response in Time: on this matter, the American public is being played by the Pentagon.