This episode is brought to you by Dashlane;
never forget another password and keep all
your credentials secure by signing up for
a free account today!
One day early in 2007, an Iranian nuclear
engineer plugged his laptop into a secure
computer network at the infamous Natanz Enrichment
Complex.
Weeks later, and without a single alarm or
warning from the computers that oversaw their
operation, hundreds of uranium enrichment
centrifuges began to spin wildly out of control,
causing massive destruction as they tore themselves
to pieces while leaving Iran's best engineering
and scientific minds completely mystified
as to the cause.
Today, we’ll find out how and why, in this
episode of The Infographics Show: Stuxnet,
the virus that crippled the Iranian nuclear
program.
To understand Stuxnet, first we have to understand
the background of the Iranian nuclear program
and its regional implications.
In the 1950s, under the Atoms For Peace program,
the US provided Iran- who was at the time
a regional ally- technical training and a
small experimental nuclear reactor with the
aim of establishing a civilian nuclear energy
program.
This assistance continued until the Iranian
Revolution in 1979, when, faced with an end
of American aid and a mass exodus of Iran's
top scientific and engineering minds, combined
with Ayatollah Khameini's opposition to nuclear
power, Iran shuttered its nuclear power program.
Just five years later though, in 1984, Ayatollah
Khameini would rethink his stance on nuclear
power, and decided that in the face of a hostile
Iraq and a State of Israel well-supplied with
nuclear weapons, Iran's security rested on
the development of its own weapons.
Under the guise of resurrecting its civilian
energy program, Iran began to seek technical
training and materials from Russia, China
and Pakistan.
This would lead to an escalating cycle of
sanctions and defiance between Iran and the
UN over the course of the next few decades,
culminating with the discovery of secret uranium
enrichment facilities at Natanz and other
sites, and plans to outfit ballistic missiles
with nuclear warheads.
With Israel pushing for armed intervention
and the US growing in favor of a military
solution, Iran was pressured to adopt the
Joint Comprehensive Plan of Action in July
of 2015, outlying a path to de-escalation
of sanctions in exchange for complete transparency
and dismantling of its nuclear program.
From the start of Iran's nuclear ambitions
in the 1980s, Israel expressed immediate concern
about a nuclear-capable Iran.
The US shared these concerns, but saw any
direct military intervention as potentially
destabilizing and feared a regional war.
Facing a hostile and nuclear-armed neighbor
just hundreds of miles from its borders though,
a frustrated Israel took matters into its
own hands and began an extensive clandestine
campaign against Iran's nuclear program.
Iranian nuclear materials were sabotaged or
destroyed, and its scientists and engineers
bribed to defect, or, failing that, were targeted
for assassination.
Though still pushing for a diplomatic solution,
the US saw the need to delay Iran's nuclear
program and joined in Israel's campaign of
sabotage, intercepting and rerouting shipments
of power supplies and vacuum pumps to US facilities
where they were retooled with small but fatal
flaws.
With Iran catching on to the CIA's industrial
sabotage and doubling down on its nuclear
ambitions, in 2006 a frustrated President
George W. Bush told senior staff that his
options on Iran were binary: go to war to
stop its nuclear program, or allow it to complete
it.
He then tasked national security advisor Stephen
Hadley and Secretary of State Condoleezza
Rice with finding a third option.
The solution came from US Strategic Command,
who oversees the nation's nuclear arsenal.
In cooperation with the NSA, they proposed
a delaying tactic that could slow Iran's nuclear
program and buy time for diplomacy and sanctions
to work, hopefully averting all-out war.
To achieve this delay, US StratCom and the
NSA proposed a brand new type of weapon never
before used by the United States or any other
nation: a cyber weapon that would not just
infect Iranian computer networks, but actually
create physical destruction by completely
hijacking those same networks.
Thus, under the codename of Olympic Games,
Stuxnet was born.
Spearheaded by the NSA, the goal of Olympic
Games was ambitious: penetrate the computer
networks of Iran's most heavily guarded nuclear
facilities and deliberately destroy the enrichment
centrifuges via electronic sabotage.
The centrifuges were specifically targeted
because of their delicate nature; raw Uranium
contains two isotopes, U-235 and U-238.
In order to create a bomb, you need 90% pure
U-235, but unrefined uranium only contains
about .7% U-235.
To create weapons-grade uranium, the raw ore
is mixed with hydroflouric acid to create
a gas which is then inserted into a centrifuge
which spins at over 100,000 RPM- or faster
than the speed of sound.
Because U-238 is about 1% heavier than U-235,
the U-238 atoms are pushed to the walls of
the centrifuge, and the gas in the center
containing concentrated U-235 atoms is siphoned
out and fed into another centrifuge.
This process is repeated over and over again,
linking long chains of centrifuges together
in banks until finally extracting a purified
gas mixture with a heavy concentration of
U-235.
Because of the incredible speeds of an enrichment
centrifuge, they are very delicate; the tiniest
engineering flaw or fluctuation in power can
cause one to spin out of control and tear
itself, and anything in its vicinity, apart.
It's this vulnerability that Olympic Games
would target.
In order to achieve its objective, Olympic
Games would act in stages- first a 'beacon'
would be inserted into the computer networks
at Natanz and other enrichment facilities.
This beacon would completely map the network
and then 'phone home' back to the NSA with
security details and how the centrifuges were
connected to their controlling computers.
Then a new, active version of the malware
would be developed and reinserted into Iranian
networks where it would lie dormant for weeks,
monitoring the day-to-day activities of a
plant before finally going active.
Upon being activated, the malware would ingeniously
playback signs of normal operations to the
humans monitoring the computer systems while
it was in fact beginning its attack.
Deep in their control center, Iranian engineers
would have no idea that miles away, centrifuges
spinning at the speed of sound were tearing
themselves, and anything caught in their path,
to shreds.
Because the goal of Olympic Games was to delay
Iran's nuclear program, Stuxnet had to be
completely undetectable and untraceable- to
that end it was designed to never attack in
the same fashion twice, leaving Iranian scientists
and engineers frustrated and pointing fingers,
blaming each other for faulty engineering
or just plain bad luck.
At first, President Bush expressed doubts
over the capabilities of a simple computer
bug- that is, until a senior national security
advisor dumped wreckage from a centrifuge
destroyed in a secret test directly onto his
desk.
Olympic Games was immediately approved.
However, like most military and government
networks at the time, the Iranian computer
networks were secured by being completely
disconnected from any internet connection
in a method known as 'air gapping'.
To help Olympic Games bridge that physical
gap, the NSA began cooperation with their
Israeli counterparts, who had amassed a great
amount of intelligence on Iranian personnel
and facilities.
Together the US and Israel created a list
of Iranian scientists and engineers with two
critical qualities: they had physical access
to enrichment facilities and displayed poor
electronic security habits.
These individuals were then targeted with
malware and had their laptops and flash drives
infected over the internet.
When they plugged in to the secure networks
at Natanz and other facilities to do their
work, Stuxnet would then jump back and forth
freely- effectively giving the US and Israel
complete two-way access.
Olympic Games began operation in 2006 and
lasted until 2010 when a new version of the
Stuxnet malware began to unexpectedly replicate
across the entire internet, infection millions
of computers globally.
Though relatively harmless, as it was designed
to specifically operate only in the environment
of an Iranian nuclear facilities network,
the source code for the malware was now publicly
available and knowledge of its origin in the
US and Israel became a matter of time.
Both nations shifted blame back and forth
for its unexpected release, but continued
cooperation, and despite Stuxnet being pulled
apart by computer engineers around the world,
waged their campaign of sabotage successfully
for another year.
Ultimately, the efficacy of Stuxnet is still
debated to this day, but most agree that the
virus added years of delay to Iran's nuclear
program and prevented Iran's development of
a nuclear weapon long enough to bring them
to the negotiating table, possibly averting
all-out war in the world's most volatile region.
And while you at home are not operating any
nuclear enrichment machines, there are viruses
out there that will try and steal your password
if you don’t know how to keep yourself secure.
Dashlane is a password manager that makes
it easy for you to control your digital identity.
Whether you’re great with computers or not,
Dashlane is extremely easy to use!
To make the lives of the staff at The Infographics
show easier, we’ve all started using Dashlane.
Try Dashlane completely free for 30 days,
and discover how much easier your password
life can be!
Anytime you have to come up with a new password,
you can use Dashlane to generate a super secure
one.
The security of Dashlane is awesome, but the
autofill is what makes it so much fun to use:
you’ll never have to login to another website
again, Dashlane does it automatically for
you!
Dashlane is available for PC’s, Mac’s,
iOS and Android devices, and if you use Dashlane
Premium, you can sync your passwords and secure
login details across all your devices.
Become more secure and support The Infographics
Show at the same time by using the code ‘infographics’,
and get 10% off Dashlane Premium from the
get-go, by going to dashlane.com/infographicsshow
or clicking the link in the description.
So, what do you think about the US and Israel's
use of Stuxnet?
Is sabotage and diplomacy enough to deter
rogue states from developing nuclear weapons,
or is the risk of nuclear proliferation too
great for anything less than military force?
Let us know your thoughts in the comments!
Also, be sure to check out our other video
called Iran vs the United States!
Thanks for watching, and, as always, don’t
forget to like, share, and subscribe.
See you next time!
