Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

Iran’s Nantaz nuclear centrifuge facility went dark yesterday. I can’t stand it—I know you planned it.

Sources say it was an Israeli cyberattack—another one. I’m gonna set it straight, this Watergate.

But something doesn’t add up. In today’s SB Blogwatch, we can’t stand rocking when I’m in here.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: FuSta.

Crystal Ball ain’t so Crystal Clear

What’s the craic? Aunty Beeb’s anonymous scribblers sit back and wonder why—“Iran says key Natanz nuclear facility hit by sabotage”:

 The country’s top nuclear official … Ali Akbar Salehi, did not say who was to blame for the “terrorist act”, which caused a power failure … a day after it unveiled new uranium enrichment equipment. … Israeli public media, however, cited intelligence sources who said it was the result of an Israeli cyber-attack.

On Saturday, Iran’s President Hassan Rouhani inaugurated new centrifuges at the Natanz site in a ceremony that was broadcast live. … It represented another breach of the country’s undertakings in the 2015 deal, which only permits Iran to produce and store limited quantities of enriched uranium. [The] deal, known as the Joint Comprehensive Plan of Action (JCPOA), has been in intensive care since Donald Trump pulled the US out of it.

Later state TV read out a statement by … Atomic Energy Organisation of Iran (AEOI) … head Ali Akbar Salehi, in which he described the incident as “sabotage” and “nuclear terrorism.” … Last July, sabotage was blamed for a fire at the Natanz site which hit a central centrifuge assembly workshop.

Thorn in my side? Ronen Bergman, Rick Gladstone, Farnaz Fassihi, David E. Sanger, Eric Schmitt, Lara Jakes, Gerry Mullany and Patrick Kingsley tag-team thuswise—“Blackout Hits Iran Nuclear Site in What Appears to Be Israeli Sabotage”:

 [The] power failure … appeared to have been caused by a deliberately planned explosion. … American and Israeli intelligence officials said there had been an Israeli role. Two intelligence officials briefed on the damage said it had been caused by a large explosion that completely destroyed the … power system that supplies the underground centrifuges.

The officials, who spoke on the condition of anonymity to describe a classified Israeli operation, said that the explosion had dealt a severe blow to Iran’s ability to enrich uranium and that it could take at least nine months to [recover]. Some Iranian experts dismissed initial speculation that a cyberattack could have caused the power loss.

The United States and Israel have a history of covert collaboration, dating to the administration of President George W. Bush, to disrupt Iran’s nuclear program. The best-known operation under this collaboration … was a cyberattack disclosed during the Obama administration that disabled nearly 1,000 centrifuges at Natanz.

But isn’t this a mirage? Simon Sharwood says—“Stuxnet sibling theory surges”:

 A single report claiming Israeli cyber-weapons were the cause has been widely accepted as a credible explanation for the incident. … Few nations like the idea of Iran enhancing its nuclear capabilities, but Israel is implacably opposed to the idea.

In 1981 Israel bombed a nuclear plant in the early stages of construction and in the early 2000s is thought to have collaborated on the Stuxnet worm that eventually damaged centrifuges used to refine nuclear materials at Natanz. … While Israel does not comment on such matters officially, Israeli politicians have claimed that Natanz was more badly damaged than Iran is letting on.

I’m tellin’ y’all, it’s a sabotage. LatteLazy compares and contrasts:

 This is interesting because it is much less subtle. … One of the core features of Stuxnet was that it broke centrifuges in a way that looked like (I think) manufacturing faults. That’s why it went on so long and did so much damage: no one thought to look for it. It even faked logs I believe.

This incident seems to be the opposite: a big one day event timed to make a splash and be quite obvious.

So listen up coz you can’t say nothin’. backslashdot shut me down with a push of their button:

 How smart of a move was this? I don’t know if it’s Israel but it sure seems some organization(s) have very deep penetration into their nuclear program. I mean it’s clear like a Robert Hanssen / Aldrich Ames level compromise.

But by doing **** like this, it seems they are overplaying their hand in paranoia or desperation. It doesn’t seem strategic. They seem to want to create paranoia and peer suspicion within the regime of Iran.

It could easily get their guys compromised. It looks to me like the organization or government driving things has succumbed to impatience and human nature.

But “never attribute to malice that which is adequately explained by stupidity.” lamontcg shaves with Hanlon’s razor: [You’re fired—Ed.]

 Alternatively, now literally any normal **** up at Natanz can be played off as a cyber hack for political points, and everyone unquestionably assumes that is plausible.

Surely such an attack would be destabilizing? Anubis IV is out and gone:

 Existing and seeking to defend one’s own existence is no more destabilizing to a region than a “punchable face” is an incitement to engage in violence. When a bully is not being shy about the fact that they’re working on building a bigger stick with which to bludgeon you, breaking his stick before he can use it is a reasonable response that improves stability.

Tell me now? ajcp keeps it on and on:

 Compared to 90% of the other nation-states out there Iran is a very competent cyber-actor. [But it’s] getting pancaked at will by an extremely competent cyber-actor (Israel) in what one would presume to be one of it’s most … cybersecure locations.

Nation-states using cyber capabilities in this way, and the non-response it evokes, is reminiscent of how pre-WWI nation-states would conduct policy and international affairs with their armies. It’s something I wish the general public were more cognizant of. We need to openly talk about this type of power and conflict. Otherwise we’re going to have another WWI-type moment, where it takes millions of people dying before we realize that the state of the game has changed because of new technologies.

I think the approach to cybersecurity thus far has been to try and protect against the projectile, instead of the instrument from which it’s deployed. Buckle up.

Meanwhile, what LifesABeach sees, they might not get:

 Iran has the money and resources to work on branching into:
theoretical physics,
fusion research,
gravity research,
battery research.
They could lead, if they were smart enough.

And Finally:

Liu et al, scheming on a thing that’s a mirage

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Maddy Julien (cc:by-sa)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 318 posts and counting.See all posts by richi