Soon after he entered office in 2009, US President Barack Obama secretly began
ordering sophisticated cyber-attacks on computer systems that run Iran’s main
nuclear enrichment facilities, The New York Times reported on Friday.
The
Times report was based on interviews with former American, European and Israeli
officials involved in the program and other experts.
The US and Israel
developed the Stuxnet worm that attacked Iran’s nuclear program in 2010,
according to the sources.
Experts have in the past estimated that the
virus set back the Islamic Republic’s nuclear program by 18 months to two years.
However, according to the Times, some experts are skeptical; they say that
Iran’s uranium enrichment program has recovered and the country now has enough
fuel for five or more weapons.
On Monday, security experts discovered a
new data-stealing virus dubbed Flame, and found that the largest number of
infected machines are in Iran, followed by Israel and the Palestinian
territories, then Sudan and Syria.
Experts say the virus has lurked
inside thousands of computers across the Middle East for as long as five years
as part of a sophisticated cyberwarfare campaign.
It is the most complex
piece of malicious software discovered to date, said Kaspersky Lab security
senior researcher Roel Schouwenberg, whose company discovered the virus. The
results of the Lab’s work were made available on Monday.
If the Lab’s
analysis is correct, Flame could be the third major cyber-weapon uncovered after
the Stuxnet virus, and its data-stealing cousin Duqu, named after the Star Wars
villain.
A day after reports of Flame emerged, Strategic Affairs Minister
Moshe Ya’alon fueled speculation of Israeli involvement in the cyber-attack when
he told Army Radio that “whoever sees the Iranian threat as a serious threat
would be likely to take different steps, including these, in order to hurt
them.”
Senior defense officials expressed confidence that Israel’s
military networks were secure and protected from cyber-attacks.
“Israel
is blessed to be a nation possessing superior technology. These achievements of
ours open up all kinds of possibilities for us,” Ya’alon said.
Under
president George W. Bush, the US began building a complex cyber-weapon to
try to prevent Tehran from completing nuclear weapons work without resorting to
risky military strikes against Iranian facilities, current and former US
officials familiar with the program said.
Obama accelerated the efforts
after succeeding Bush in 2009, according to the sources, who spoke on condition
of anonymity because of the classified nature of the effort. The weapon, called
Stuxnet, was eventually used against Iran’s main uranium enrichment
facilities.
The effort was intended to bridge the time of uncertainty
between US administrations after the 2008 presidential vote in which Obama was
elected, and to allow more time for sanctions and diplomacy to prevent Iranian
nuclear weapon development, according to the current and former
officials.
The sources provided rare insight into the US development of
its cyber-warfare capabilities and the intent behind it.
One source
familiar with the Bush administration’s initial work on Stuxnet said it had
delayed Tehran’s nuclear program by about five years.
“It bought us time.
First, it was to get across from one administration to the next without having
the issue blow up. And then it was to give Obama a little more time to come up
with alternatives, through the sanctions, et cetera,” the source
said.
Only in recent months have US officials become more open about the
work of the United States and Israel on Stuxnet, the sophisticated cyberweapon
directed against Iran’s Natanz nuclear enrichment facility that was first
detected in 2010.
The cyber-attacks provided the United States with an
avenue to try to stop the Islamic Republic from producing a weapon without turning to military strikes against Iranian facilities – all at a
time when US forces were fighting wars in Iraq and Afghanistan, the sources
said.
In the end, senior US officials agreed that the benefit of stalling
Iran’s nuclear program was greater than the risks of the virus being harnessed
by other countries or terrorist groups to attack American facilities, one source
said.
Two sources with direct knowledge of the US program said it cost
hundreds of millions of dollars to carry out.
The United States for years
has been developing – and using – offensive cyber-capabilities to interfere with
the computers of adversaries, including during the Battle of Falluja in Iraq in
2004 and in finding Osama bin Laden and other al-Qaida figures, the sources
said.
Last year, the United States also explicitly stated for the first
time that it reserved the right to retaliate with military force against a
cyberattack.
The Times reported on Friday that from his first months in
office, Obama secretly ordered attacks of growing sophistication on the computer
systems running the main Iranian nuclear enrichment facilities, greatly widening
the first sustained US use of cyber-weapons. The Times said the attacks were
codenamed Olympic Games.
White House spokesman Josh Earnest declined
comment on the substance of the Times article, but denied “in the strongest
possible terms” that it was an authorized leak of classified information. Obama
is seeking reelection on November 6 in part on the strength of his foreign
policy achievements.
Reuters reported last Tuesday that the United
Nations agency charged with helping member states secure their national
infrastructures plans to issue a sharp warning about the risk of the Flame
computer virus.
Iranian officials have described the cyber-attacks as
part of a “terrorist” campaign backed by Israel and the United
States.
Some current and former US officials, who asked not to be named,
criticized the Obama administration for talking too freely to the media about
classified operations.
Rep. Peter King (R-New York), the chairman of the
House of Representatives Committee on Homeland Security, said, “I believe that
no one, including the White House, should be discussing
cyber-attacks.”
“The US will now be blamed for any sophisticated,
malicious software, even if it was the Chinese or just criminals,” said Jason
Healey, who has worked on cyber-security for the US Air Force, White House and
Goldman Sachs, and is now with the Atlantic Council research
group.
Reuters and Yaakov Katz contributed to this report.