Stuxnet Called an Israeli-US Joint Project

A report in the New York Times gives evidence that Stuxnet, the computer worm which appears to have done material damage to Iranian nuclear weapons development, was developed by an Israeli-US team at an Israeli facility.

The Dimona complex in the Negev desert has long been the reputed, but unacknowledged center for Israeli nuclear development. The Times cites "intelligence and military experts familiar with [Dimona's] operations" as saying that over the past 2 years Dimona has served as a testing facility for efforts to undermine Iranian nuclear weapons development.

Israel has acquired and tested, at Dimona, using centrifuges "virtually identical" to those used by Iran. This scenario is reasonable in that it explains how such sophisticated attack software worked when it finally reached its intended targets in Iran. Whoever wrote it had to test it, and they needed access to Siemens SCADA systems and centrifuges identical, or nearly so, to those used by Iran.

The Times also says that the vulnerabilities in the Siemens industrial control systems which operate the centrifuges were identified at the Idaho National Laboratory, one of the US Department of Energy's national laboratories. Siemens had provided equipment to the Idaho lab and cooperated with the research which was, says Siemens, intended to help Siemens defend against attacks.

No indications were given in the article about the origins of the 4 zero-day Windows vulnerabilities that helped to get Stuxnet on machines which could be used to attack the Siemens controllers.

The operation was originally authorized by President Bush at the end of his term and speeded up by President Obama.

About Our Expert

Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—much to his own amazement—he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

He is co-author of Linksys Networks: The Official Guide, author of ADMIN911: Windows 2000 Terminal Services and Webmaster of ADMIN911 and CPA911.

Larry can be reached at larryseltzer@ziffdavis.com.

Check out Larry Seltzer's introductory column: Ziff Davis' Security Supersite: Blocking the Bad Guys