The Stuxnet worm that appears to have damaged Iran’s Bushehr nuclear reactor is “the first real cyberwar operation in history,” says German cyber-security expert Ralph Langner.
The Iranian regime has made a variety of claims as to how the Stuxnet worm was introduced into German-built computerized control systems at the nuclear power facility on Iran’s Persian Gulf coast.
Last week, they claimed to have arrested several technicians working for the Russian contractor Atomstroyexport on charges that they brought infected laptops to the Bushehr plant.
Over the weekend, Iranian officials cited reports by Langner that the Stuxnet worm contained digital clues as to its origin embedded in its code, much the same way that a terrorist bomb-maker might leave a twisted loop of wire in every bomb he makes as a signature.
The clues all pointed to the state of Israel, Langner said.
“Myrtus is the proper name for this operation,” Langner tells Newsmax in an e-mail, “and I bet 100 bucks that that’s the original op name used by the attackers.”
Langner and other cybersecurity wizards have found the Latin word “mytus” embedded in the Stuxnet code. It means myrtle tree.
The Hebrew word for myrtle is Hadassah, the Hebrew name of Esther, the Jewish Queen of Persia and the heroine of the Old Testament book of the same name. (Hadassah is also the name of the Women’s Zionist Organization of America).
Langner believes that Stuxnet represents a quantum leap forward in the science of computer hacking.
“Everything before was kid’s stuff; in relation to myrtus, it appears like a gang of hooligans busting a rival gang with baseball bats,” he told the German daily, Die Zeit.
“Myrtus is the first operation in history that: a. uses a cyberweapon; b. created physical destruction; c. hit a dedicated military target (it's not even critical infrastructure, as Bushehr wasn't operational yet and is not critical for the country's electricity supply); d. is lead by a coalition of nation states; and e. would have triggered a conventional military hardware attack (equals an air strike) if not successful.”
Furthermore, Langner says, “the chances for mission success were slim,” since it couldn’t be tested before it was deployed.”
Newsmax asked Langner to evaluate claims by an Iranian opposition group, Marze Por Gohar (MPG), to have hacked a variety of Iranian government websites over the past two years.
The attacks by MPG consisted mainly of taking down the government’s homepage and replacing it with the group’s logo and the phrase, “This site has been hacked by the MPG Cyber Army.”
The group has hacked sites run by the Iranian ministries of Energy, Intelligence, Islamic Enlightenment and Guidance, Research and Technology, as well as university sites and even the official website of President Ahmadinejad.
“The website defacements that you refer to (if they are authentic) indicate what we know already: Iran has no clue about cybersecurity,” Langner said.
“While defacing websites is something that every skilled hacker can do, Stuxnet is a completely different category. I deny the MPG the ability to create anything nearly sophisticated as Stuxnet. It is far beyond the capabilities of underground hacker groups. As I said in our blog, website defacements and DoS [denial of service] attacks are kid’s stuff compared to Stuxnet.”
Langner says that he was able to disassemble the Stuxnet worm to discover its flaws in just two weeks, whereas it probably took a dedicated team of hackers with a significant budget about a year to produce.
The risks of being discovered by the Iranians, or in producing a worm that wouldn’t have the desired effect, show that “Operation Myrtus was extremely high risk . . . in terms of mission success,” he argued.
“The attackers had to bet on the assumption that the victim had no clue about cybersecurity. And that no independent third party would successfully analyze the weapon and make results public early, thereby giving the victim a chance to defuse the weapon” before it did significant damage.
The Stuxnet worm has also revealed an open secret that experts who follow trade with Iran have known for years: the deep, ongoing involvement of the German industrial giant Siemens in the fabric of Iranian industry.
Siemens initially contracted to build the Bushehr nuclear power plant through its Kraftwerk Union (KWU) subsidiary, but cancelled the deal in 1992 after completing approximately 85 percent of the construction work.
In 1995 the Russian government stepped in, fitting Russian boilers inside the Siemens plant, but retaining the Siemens SCADA process control computer systems that were attacked by the Stuxnet worm.
Despite U.S. and United Nations sanctions on Iran, Germany remains one of Iran’s top Western trading partners, according to OECD trade statistics.
For the first six months of this year, German companies sold merchandise to Iran worth $2.5 billion. South Korea exported a similar amount, up significantly from previous years.
Although German Chancellor Angela Merkel has criticized German companies for continuing to do business with Iran, her government has done little to shut it down beyond saying that Germany would comply with all U.N. sanctions on Iran.
The German-Iranian Chamber of Industry and Commerce lists 200 German companies that maintain offices in Iran. German CEOs regularly travel to Iran and Dubai to participate in trade fairs.
Last year, Nokia Siemens and Rohde & Schwarz took part in the Iranian Police Trade fair. Both companies have acknowledged selling security equipment to the Tehran regime that has been used to track dissidents.
At its annual shareholders meeting last year, Siemens was forced to disclose that Iranian sales accounted for 438 million Euros in annual turnover, around $635 million at then-prevailing exchange rates.
At this year’s annual meeting, the company announced that Iran sales had risen to 500 million euros ($704.5 million), but that starting in October Siemens would not take any new orders from Iran.
Trade analyst and activist Matthias Kuntzel is skeptical, noting that as new United Nations sanctions kick in, German exporters have set up a new “Iran Working Group” to promote enhanced business ties.
According to the group’s own founding documents, which Kuntzel cited earlier this year in the European edition of The Wall Street Journal, the group was seeking new opportunities for German companies “using the United Arab Emirates as a gateway to the Iranian market.”
“Dubai is in fact already the "gateway to the Iranian market" — and not only for German companies,” Kuntzel wrote. “Virtually nothing is produced in Dubai and yet, its activities have somehow catapulted the UAE to the top of the list of countries exporting to Iran in 2009. An astounding 80 percent of all Emirati imports are re-exported, one-quarter of which goes to Iran via Dubai.”
Kuntzel argues that Chancellor Merkel’s government has a choice to make. “It can feign seriousness about sanctions in order to impress the Israelis and Americans and discourage them from taking further action, or it can put real pressure on Tehran in order to prevent the Iranian bomb. Let’s hope it’s the latter.”
© 2022 Newsmax. All rights reserved.