71. Israel Attacks Iran: The Dawn of Cyber Warfare (Ep 4)

43m
How did the Stuxnet cyberweapon, designed to be covert, break out into the wild? What were the world-changing implications of this sophisticated attack on Iran's nuclear centrifuges, and what happened when it was exposed?

Listen as David McCloskey and Gordon Corera reach the finale of their series on the Stuxnet cyberweapon, discussing its discovery by cybersecurity researchers and the subsequent shift in tactics against Iran's nuclear ambitions.

-------------------

To sign up to The Declassified Club, go to ⁠www.therestisclassified.com⁠.

To sign up to the free newsletter, go to: ⁠https://mailchi.mp/goalhanger.com/tric-free-newsletter-sign-up⁠

-------------------

Get our exclusive NordVPN deal here ➼ nordvpn.com/restisclassified It's risk-free with Nord's 30 day money back guarantee

-------------------

Order a signed edition of Gordon's latest book, The Spy in the Archive, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠via this link.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

Order a signed edition of David's latest book, The Seventh Floor, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠via this link.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

-------------------

Email: classified@goalhanger.com

Twitter: ⁠⁠⁠⁠⁠⁠⁠@triclassified⁠⁠⁠⁠⁠⁠⁠

Assistant Producer: Becki Hills

Producer: Callum Hill

Senior Producer: Dom Johnson

Exec Producer: Tony Pastor
Learn more about your ad choices. Visit podcastchoices.com/adchoices

Listen and follow along

Transcript

For exclusive interviews, bonus episodes, ad-free listening, early access to series, first look at live show tickets, a weekly newsletter, and discounted books, join the Declassified Club at the RestisClassified.com.

You're deep into your favorite true crime binge.

The twist, the theories, and suddenly, hunger hits.

Grab a Paleo Valley 100% grass-fed beef stick.

These aren't your average gas station snacks.

They're made from real beef sourced from regenerative, small American family farms.

No preservatives, no gluten, no grains, soy, or sugar.

Just naturally fermented protein that fuels your obsession.

Whether you're road tripping, hiking, or pulling an all-nighter with your favorite case.

Choose from five bold flavors, original, jalapeno, summer sausage, garlic summer sausage, and teriyaki.

They're keto, paleo, and carnivore-friendly, made to work with your lifestyle, not against it.

With over 55 million sticks sold and a 60-day money-back guarantee, you've got nothing to lose.

Get 15% on your first order at paleovalley.com.

Just use code Paleo at checkout.

This podcast is brought to you by Carvana.

Buying a car shouldn't eat up your week.

That's why Carvana made it convenient.

Car buying that fits around your life, not the other way around.

You can get pre-qualified for an auto loan in in just a couple of minutes and browse thousands of quality car options, all within your terms, all online, all on your schedule.

Turn car buying into a few clicks and not a full week's endeavor.

Finance and buy your car at your convenience.

On Carvana.

Financing subject to credit approval.

Additional terms and conditions may apply.

This podcast is brought to you by Carvana.

Got a car to sell, but no time to waste?

Hop onto Carvana.com to get a real offer for your car in seconds.

All you have to do is enter your license plate, answer a few quick questions, and if you accept the offer, Carvana will pay you as soon as you hand the keys over.

They even offer same-day pickup in many cities.

Save your time, score some cash, and sell your car the convenient way to Carvana.

Pickup times vary.

Fees may apply.

It would be irresponsible for someone of my background to even speculate, but it's not speculation to know that someone just used a cyber weapon to affect damage, not in the cyber domain, but in the physical domain.

That's the first significant crossover that we've seen.

Now look, I tell audiences that crashing a thousand centrifuges at a time is almost an unalloyed good, but when you describe what just happened there in a slightly different way, someone just used a cyber weapon during a time of peace to effect physical destruction in what another nation would only describe as critical infrastructure, well you've got to realize that although that was a good deal, it was also a really big deal.

And it does have second and third order effects.

A new class of weapons has been used.

Go deeper into history and say somebody's crossed the Rubicon.

We've got a legion on the different side of the river now.

Well, welcome to the Rest is Classified.

I am David McCloskey.

And I'm Gordon Carrera.

And that, Gordon, is an interview that you did.

Those are not your words, but those of General Michael Hayden, former director of the NSA and the CIA, in an interview with you back in 2013,

not taking responsibility for Stuxnet, but commenting on the sort of world-changing implications of this cyber weapon.

And we are now,

dear friends, in the final episode of our series on this really first attack on Iran's nuclear program.

And the U.S.

and Israel have unleashed this code, which has come to be known as Stuxnet, which has targeted Iran's very precious centrifuges with this kind of remarkable precision and sophistication.

And the Iranians, now it's been three plus years at this point, of this code working its way through largely this facility, this enrichment facility at Natan's.

And things have been breaking.

Machinery has been slowing down.

And where we left last time

was that this code, this worm, has broken out into the wild.

And cybersecurity researchers in Europe and the States are starting to see, really all over the world, are starting to see this code appear on their computers.

And at the same time, the U.S.

and Israel, allegedly, are stepping up the game to try to bring even more pain.

to Iran's nuclear program.

That's right.

The secret is out by the summer of 2010.

And this code, which was designed to be be covert is now being found on machines around the world.

It's not shutting them down because it's not designed to, but it is visible and people can start to look at it.

I remember talking to an interesting chap called Eugene Kaspersky soon after.

He's the flamboyant Russian founder of the antivirus company Kaspersky.

It's named after him.

And he remembers his team coming into his office and saying, we've been waiting for something like this to happen.

Well, it's happened.

Kaspersky says he'd been worried about an attack on physical infrastructure using code since 2002.

He says he decided not to speak out in case it gave attackers the idea.

That was until he realised the cat was out of the bag when he saw the film Die Hard For, Live Free or Die Hard, in which Bruce Willis battled cyber terrorists, which I should say is one of our producer Callum's favourite films.

He was saying earlier and suggesting that we should basically have just kind of talked about that film

for the whole of this series.

Could be a bonus episode.

Could be a bonus episode.

thank you hollywood kaspersky says when that film comes out in 2007 because i you know it's not entirely realistic but it is the idea that you oh it's not

yeah i think i think

the cyber security aspects of it may not be perfect but as a concept it's a good example where hollywood does get things right because as a concept that hackers could take down physical infrastructure it is right but now it's for real you know now in 2010 it's for real because kaspersky other cyber security researchers have basically got a cyber missile in their hands and they have never seen anything so sophisticated and it's so interesting what happens in the next few months because you see this kind of hive mind of cyber security researchers go into action and i've watched it lots of times since then where It's often done on social media platforms.

It used to be mainly on Twitter and X, where people are saying, I found this, I found that.

And they're starting to publish, talk about what they're finding.

Often, you know, one person's an expert on one bit of code, one's on another, but they're starting to piece it together collectively, this group of cybersecurity researchers.

Sometimes just work for tiny companies, sometimes they work for the big, big companies.

Best book on this, I mentioned it before, Kim Zetter's Countdown to Zero Day, because that goes through the process of discovery as people are trying to look at the delivery system, the missile, as well as the payload of the the code that was in it.

And they can see that this is completely different from anything they've seen before in its sophistication.

Normally, attackers build on existing tools and code, but this is different, it's completely original.

Two particular individuals, Liam O'Murchu and Eric Chen of Sementech, see a kind of series of really unusual elements to this.

I mean, one of them is that it's going to use this attack for what are called zero days.

Bit of jargon, but a zero day gets its name because it's it's an undiscovered vulnerability in a piece of code.

So, normally you say it's four days since this has been patched.

A zero day, there's zero days since it's been patched because it's not been patched.

There's not a solution to the vulnerability, and therefore it's incredibly valuable, a zero day, because it is a way that's not yet been discovered to get into a system.

Well, and it's actually a product, right?

I mean, it's something that, if discovered, can be sold effectively.

So, yeah, a zero day is really valuable.

there's a market for zero days where people who find them who look for vulnerabilities then sell them you can sell them back to the company you know to apple or google or whoever and they'll pay for them or you could sell it on the black grey market to people who want to use the the vulnerability maliciously and the fact that they've got four zero days in this that is unprecedented because why would you need four you know in one system it's because this virus is getting into different systems and someone could have sold those for money so immediately you're like, this is not criminals.

No criminal hacker would be investing this much time and using this much code.

It's stolen legitimate digital security certificates from a company, I think, in Taiwan.

It wasn't faked.

It was real.

Again, that is high-end.

But they can also see these researchers from Symantec when they map the location of where the infections have happened.

Of the 38,000 machines they tracked, more than 22,000 were in Iran.

So you can already see, like, this is like, this is a very sophisticated KW code, and it's really interested in Iran.

Loves Iran.

It loves Iran.

And then, you know, they're not experts on industrial control systems, but you get experts like Ralph Langer, who is an expert, who suddenly goes, okay, this could be used to attack centrifuges.

Centrifuges are in Iran.

People start publishing online in research papers some of the details of this.

It takes a while because people can't quite grasp what it is.

So it's taking months, really, for people to piece it together.

And this is, by the way, where it gets the name Stuxnet.

What is that a reference to?

I think it is just a tiny reference in some of the drivers and the code to Stuxnet.

And that often happens.

People just will pick out something and they'll just call it that because it looks like a unique name.

I always find it interesting with these cyber researchers because they are at this point exposing what they must realize is a nation-state espionage program and you know you're a private cyber security researcher and you are making public or publishing details of a covert action program and i think you can sense some of them are it's not that they're nervous about doing it because they think they they have a duty to do it because there's a risk to systems from this and from all these vulnerabilities which have been found but they're worried you know are they going to get spied on and is this going to have some implications for them?

It's kind of interesting.

And they get a bit paranoid.

You know, they're starting to check under their cars for bombs.

You know, they're worried about being tailed.

I mean, they really are.

They're hearing clicks on phones.

All that kind of stuff is happening to these cybersecurity researchers as they're publishing it.

They think the CIA are onto them.

They're in a Jason Bourne film, basically.

I understand why you would be paranoid, but I find it highly implausible that cars were beaconed or that anyone was followed or...

anything like that.

I just don't.

I don't see it.

If you were a cybersecurity researcher, you probably would get a lot of other international spy agencies hacking into your systems to see what you're discovering and what you know, though.

So I could imagine Cybrus being a...

Oh, yeah, that would be a fair game of like if you're, yeah, if you're running a cybersecurity firm in somewhere in Europe or in Russia or something.

Yeah, I mean, there could be an interest in learning what you know about it.

Although the reality is,

from an American standpoint, hypothetically, you already know what this thing is.

So you have to assume, I think, once it's out in the wild, I mean, this is why we set up that wonderful cliffhanger, Gordon, at the end of the last episode, where, I mean, once it's out, you have to assume, I think, that you're running on sort of borrowed time and that you just have to use this thing inside Iran as much as possible before it comes out.

Collecting on the cybersecurity researchers actually doesn't seem particularly valuable to me, to be honest, because you're like, well, it's out.

We know what this is.

They'll piece it together.

They'll discover eventually that the target is the Iranian nuclear program.

So we just got to work with the time we've got and do as much damage as possible before this thing comes to light.

And it's starting to become obvious, you know, who was behind it.

And there are interesting clues in the code.

One has a string of numbers that look like a date.

I think it's 19790509.

And it was the day the researchers realized that a prominent Iranian Jewish businessman was executed by firing squad in Tehran shortly after the Islamic revolution for allegedly being a spy.

Now, it's interesting, isn't it?

Because you find a date like that in the code and you you go, well, that's an interesting date.

Is it a clue that the Israelis are behind it?

Is it a false trail someone else has left?

I always find it interesting because people do leave these Easter eggs and these little clues in code.

And code writers love doing that.

I always find it interesting.

It's like a game that they're just showing off or leaving a trail for people to follow.

There's another word, Myrtis, appears in a file name, which in Hebrew was a link to the name Hadassah, which was the name of a biblical figure, Esther, who married a Persian king and saved the lives of Jews when she pleaded for their lives after learning of a plot to kill them all.

Again, you know, all of that is starting to point perhaps towards Israel as well as perhaps towards the US.

And in the US, meanwhile, there is a blame game, unsurprisingly, about the fact that it's getting exposed.

I find that maybe unsurprising in what seems unsurprising.

But yeah, the briefing afterwards will all be, it was the Israelis' fault.

It's kind of interesting.

What's the logic there that it was the Israelis' fault?

The logic is that they had rushed and that the code was somehow sloppy and that sloppy code had been put in which had allowed it to escape and therefore get discovered and that the Israelis had done some modification to the code maybe to speed up the propagation of the worm or make it more likely to spread.

And there's some questions about whether the US were part of that, were cognizant of it, whether the Israelis did it themselves.

But of course, that's the briefing from Washington.

Much easier to blame someone else.

But by the point of November 2010, it's out there.

And a few months after it's first in the wild, the finger is pointing pretty clearly because of some of the back history of some of the code and some of the things they can find in it, that it's the U.S.

and Israel.

What about the Brits, Gordon?

I feel like

most of our series, you throw the Brits in, even when...

when they're not invited to the party.

You think about

who might have been involved in pieces of this, it would seem reasonable to assume that GCHQ or SIS would have played some role somewhere, just thinking about the closeness of the relationship in particular with the Americans.

How would I put it?

I find it plausible.

I remember talking to one very senior British intelligence official at the time, and they said they were not surprised when Stuxnet happened and was revealed.

And that's a wonderfully ambiguous statement, isn't it?

Because you can be not surprised because you were part of it.

Or you could be not surprised.

You can be not surprised because this is the kind of stuff we'd expect the Americans and the Israelis to do.

I get the sense that they were at the very least aware of it.

And there are some indications from some of the early espionage code.

There was might have been some British involvement in that.

There's actually some really interesting suggestions.

from our friend Edward Snowden's documents that there been perhaps some British role in the espionage bit.

So what I, I don't know what you think, David.

My instinct is that other countries may have been involved in this, but definitely U.S.-Israel at the core.

I think the other countries may have been involved in kind of modular bits of Stuxnet.

So, we talked a bit about whether the Dutch had been involved in getting an engineer to plant one of the USBs, whether he knew what he was doing, whether the Dutch knew it was sabotage rather than espionage, question mark.

But I definitely feel like others might have been involved, but maybe not at the absolute core of this.

It also seems plausible to me.

I mean, you look at two pieces of this shadow war, right?

The assassination of scientists and then the sort of cyber program to degrade and affect Natans.

And it's very easy for me to understand why on the assassination front, the Israelis are going it alone, right?

There would be a lot of other countries that would say, nope, not going to do that, not going to have any part in killing civilian scientists.

But then on the other side, on the cyber piece, I can see why there'd be a whole host of countries with real interest in getting involved in that program, right?

Because it's not going to kill anybody.

It's going to slow Iran's progress toward a bomb.

And so I can see why, as that develops, there would be logical bits for other friendly intelligence services to sort of plug into to get access to reporting that they otherwise might not have and to take part in kind of slowing this down.

So, I think it seems likely to me that there's probably a whole bunch of countries outside of allegedly the U.S.

and Israel that are involved in different pieces of this.

I mean, I don't know how big the group was, but I think it's probably not just the CIA and NSA and Mossad.

Yeah, there might have been a few more people playing at the Olympic Games.

But by the time you get to November 2010, cybersecurity searches have published material.

And at that point, November 2010, technicians at Natance bring the spinning centrifuges basically to a halt because they're aware of something's going on.

And it does look like, though, and we'll come back to the kind of overall damage, but it does look at that point the kind of swing for the fences has hit and maybe taken down about a thousand of those centrifuges.

But fascinatingly, you know, you mentioned assassinations there.

So November 2010, Stuxnet now exposed.

So it looks like that covert action is over.

That same month, Israel assassinates a nuclear scientist in tehran using a bomb planted by a motorcyclist to me that that confluence of timing is fascinating isn't it because it does suggest that israel perhaps assuming it's israel we all think it is mossad doing doing the assassinations has basically gone okay that covert action is done we may now need to up our game with with going back to the assassinations and push that to kind of degrade the nuclear program because there had been a bit of a pause hadn't there in the assassinations And that pause kind of tracks when Stuxnet is doing the most damage.

To me, that feels a plausible argument.

It's hard to know for sure.

I think that would be just more evidence for the kind of hypothesis I laid out where

the Israelis are doing the assassination stuff alone.

There's a broader group that's doing Stuxnet.

If Stuxnet is basically rolled up, the Israelis figure, well, okay.

back to this blunter instrument, right, of trying to degrade the program.

And it's really interesting because some of those cybersecurity researchers, you know, out in the private sector who'd been exposing Stuxnet actually say they feel physically sick when they hear about the assassination because they are wondering, did their exposure of the computer code lead Israel to switch from using code to killing people?

And I guess they, for them, suddenly realize, you know,

they're computer researchers, cyber researchers, and they're dealing in matters of life and death, effectively.

Sure.

I mean, they can't possibly be held responsible for that.

No,

I think it is true, true, right?

That, I mean, there's pretty solid argument to be made based on the timing that the Israelis, precisely because the code got out, decided to go back to killing.

And I guess maybe there, Gordon, let's take a break.

And when we come back, we'll look at all of this and what it means for the Iranian nuclear program, what it means for cyber war.

and I think what it tells us about the most recent batch of strikes.

See you after the break.

Charlie Sheen is an icon of decadence.

I lit the fuse and my life turns into everything it wasn't supposed to be.

He's going the distance.

He was the highest paid TV star of all time.

When it started to change, it was quick.

He kept saying, no, no, no, I'm in the hospital now, but next week I'll be ready for the show.

No.

Charlie's sober.

He's going to tell you the truth.

How do I present this with any class?

I think we're past that, Charlie.

We're past that, yeah.

Somebody call action.

AKA Charlie Sheen, only on Netflix, September 10th.

Tires matter.

They're the only part of your vehicle that touches the road.

Tread confidently with new tires from Tire Rack.

Whether you're looking for expert recommendations or know exactly what you want, Tire Rack makes it easy.

Fast, free shipping, free road hazard protection, convenient installation options, and the best selection of Firestone tires.

Go to tire rack.com to see their Firestone test results, tire ratings, and reviews.

And be sure to check out all the special offers.

TireRack.com, the way tire buying should be.

Running a business comes with a lot of what-ifs.

That's why you need Shopify.

They'll help you create a convenient, unified command center for whatever your business throws at you, whether you sell online, in store, or both.

You can sell the way you want, attract the customers you need, and keep them coming back.

Turn those what-ifs into why-nots with Shopify.

Sign up for your $1 per month trial at shopify.com/slash special offer.

That's shopify.com/slash special offer.

Well, welcome back.

The Stuxnet worm is out in the wild.

The Iranians know about it.

And I guess the question now, Gordon, is what in the world are the Iranians going to do about all this?

Yeah.

So part of it is they start to clean their centrifuge program.

of the virus and

wipe it down, get out the wipes, and protect it even more, which is going to make it harder.

But it's also Iran's going to hit back in cyberspace.

They'd already built some cyber capacity, particularly actually to target that green movement, the protest movement, around 2009, 2010.

They built up cyber militias to do surveillance on their own population because they were worried that social media was being used to organize them.

But now they start to use some of their cyber capacity to go on the attack.

Very interesting, 2012, so still a couple of years later, that summer, there's an attack attack on the Saudi oil giant Aramco,

and 30,000 computers belonging to Aramco are...

crippled.

They're wiped by something called a wiper.

The code hadn't been executed quite properly, but a burning American flag appears as an image on some of those machines.

Hmm.

Bit of a message.

It didn't actually stop oil and gas production, though.

I think that's one of the interesting things about it.

It damages the corporate network, but it doesn't get to the controllers.

It doesn't move into

the physical world.

Exactly, which is the key to Stuxnet's success and what makes Stuxnet so unique is it moves from the corporate network or from a regular network onto the controllers.

So it's a show of force, but it doesn't have the impact that Stuxnet is going to have.

Although it does freak out, I think, a lot of companies.

And I remember that at the time, because they're all suddenly realizing Iran is retaliating against companies rather than against Western states.

And they then attack a whole load of banks and American banking websites.

But again, it's not super sophisticated.

They just take their websites offline for a couple of days by flooding them with traffic.

So it's Iran hitting back.

Everyone assumes it's Iran.

They're not going to hit back by launching missiles.

They're not going to block the Straits of Hormuz at this point.

But they're going to fire a warning shot against companies, probably oil companies and financial companies, because they're imposing sanctions on Iran's financial and oil industry.

So it makes sense.

And it is a bit of a surprise, I think, in the West because it shows Iran is capable of hitting back.

There's going to be more of these back and forth between Israel and Iran.

There's one attack on the Iranian oil and gas ministry computers in which the song Thunderstruck by ACDC, which is a particular favorite of mine, is blared out at full volume on computers in the middle of the night.

That's a cyber attack I like.

I've got sympathy with that.

Bit of ACDC.

Fantastic

theme song, Gordon.

That could be one of our.

One of our.

Exactly.

Love to see.

I don't think Callum and Becky, our producers, are going to are going to like judging their music

too late.

Yeah, exactly.

Get into all kinds of copyright issues.

But I guess the point is that we're now moving into this era in which cyber attacks are picking up.

Things are going to escalate in cyberspace.

End of 2015.

Russia turns off a Ukrainian power grid.

So again, it's the using a cyber attack, but to turn off a power grid.

only for a few hours, but you're getting this movement of cyber into the real world in a limited way.

And it's interesting, China, when it's accused of spying in cyberspace, they go, yeah, but you, the US, are the ones who militarized.

cyberspace first and introduced destructive cyber attacks.

In one sense, they're right.

You know, this idea of cyber sabotage below the threshold of war, grey zone attacks, makes cyber tempting.

States start to move into it.

And so there is this, who crossed the Rubicon, who put the troops on the other side of the river first.

It is the United States.

Allegedly.

Now, I think you could also say it would have happened anyway.

Absolutely.

You could see the vulnerability of these systems.

And I find it hard to believe that the Russians would have gone, oh, we're not going to attack Ukraine.

Exactly.

We found a way.

We just won't, we won't be the first to do it.

Yeah.

Right.

I think the conversation around

the should here, to me,

I I don't know, isn't particularly interesting because it just seems inevitable that it would have happened at some point.

But it is fascinating that when you think about what is the kind of modern day analog to the Manhattan Project, right, or to the atomic bomb, I think there is a great argument to be made that it is Stuxnet.

It is the first connection point between cyber conflict and the physical world.

It's not just the Iranians taking down a Saudi computer network and putting up pictures of a burning American flag on the monitors, right?

It's affecting outcomes in a world of atoms through, you know, bytes and zeros and ones, which is incredible.

Yeah, I agree.

I mean, it is that when Michael Hayden talks about having the whiff of August 1945, you know, in Hiroshima as being a good example, I think

it is an interesting analogy.

It's not quite the same.

As he says, it's got a whiff of it.

It's not a direct analogy.

But it is interesting, isn't it?

Because it is a bit like Hiroshima.

The US is the first to use the atomic bomb.

It's the first to develop it.

It is different, I guess, because it's stealthier.

It's more deniable than an overt use of military force.

So in that sense, it isn't quite the same.

And I always think cyber-nuclear analogies are a bit of a mistake.

But it is a big moment.

I think it is a kind of crossing of a threshold, which is to say you can take down a piece of critical infrastructure outside of war with a cyber attack.

I guess the only thing that I think is that it's really hard to do.

You know, I think that is the key thing about Stuxnet, which I think is often misunderstood, is that this is not easy.

And I think if this one message from is that this took years, and a bit like the Manhattan Project, it takes millions of dollars, years of effort, and the best offensive hackers that the US and Israeli government and perhaps other governments have at their disposal in order to be able to do this one covert act and one act of sabotage.

I find that fascinating.

Yeah, it's not a bunch of people in a suburban basement eating Pop-Tarts, right?

And figuring this out.

This is a state-level effort that's got a whole bunch of infrastructure and funding behind it.

Although you have to figure...

The comparison to the Manhattan Project breaks down a little bit here because I would figure that even though there are real barriers to entry, it's not as high as developing a nuclear weapon.

It is more dangerous in that way because the marginal cost of chaos in this world is lower than in nuclear, I would think.

No, that's true.

And actually, one of the problems is some of that code can get out into the wild and then people can repurpose it and use it.

And that's one of the worries about Stuxnet is people are going to do that.

Luckily, that hasn't happened, though, right, Gordon?

No, no.

But if, well, there is another moment where listeners might be interested in that 2017, the UK NHS gets taken down by something called WannaCry, which is a really interesting story, and we should definitely do it at some point.

Yeah, it's a good point.

Because it's a North Korean hack, which gets out of control.

But here's the interesting bit.

The North Koreans are using cyber weapons stolen from the NSA.

They end up in the wild and then they get repurposed by the North Koreans and take down Britain's NHS.

I mean, you know, that is a wild story, which shows that there is something about cyber which is

it can be repurposed and get out into the wild.

But I think there's a there's a good quote from um Kieran Martin, who's the former head of the UK National Cyber Security Center.

His analogy is: Stuxnet is like the moon landing, you know.

So it's fake.

Is it?

Is it

you know what you mean?

The wind blowing.

This is, we're back to tinfoil hats, David.

I should say, if you're watching,

I'm not wearing the tinfoil hat today.

You're in your astronaut suit.

Yeah, Exactly.

With the wind blowing on the moon.

I think Kieran's point, and Kieran, I'll talk to you about this separately, but I think his point is not that Stuxnet was faked, but that it was really hard to do.

And it takes a superpower like the US to be able to do it.

And that you can't just repeat it whenever you want.

And other countries can't kind of quickly do it.

Because I think it goes back to all that research you had to do.

You had to have the centrifuges.

You had to build a copy of Natanz.

You had to kind of work out what programmable logic controller would do it.

You had to, you know, the amount of- Have a horse blanket.

You had to have a horse blanket.

The amount of recon and intelligence work which went into Stuxnet, I think, is enormous.

And maybe it overinflates what cyber weapons can do.

Because,

again, another story.

When Russia invades Ukraine in 2022, everyone is expecting massive cyber attacks as part of it.

And there are.

but they don't really have as much impact as people had expected.

And again, it just suggests doing the kind of targeted physical attack of a stuck snare is really, really, really, really, really hard.

It's just not straightforward.

I mean, I think the perception to go back to the die-hard,

for your die-hard comparison, I think the perception is that the way that these attacks happen is that somebody has like a gonkulator that basically...

What is a gonkulator?

Exactly.

It's a very powerful term.

It's a technical term.

It's a technical term.

You've got like, there's, you know, the bad guy or whoever, right?

The spy service has like a gonculator that turns off things.

We can just turn off the electricity.

We can just turn off all the water treatment plants.

Like, I think there's a sense that it's a little bit more blunt than that.

And I think what hopefully we've shown over these four episodes on Stuxnet is that it's, it's actually a really tailored kind of operation.

And so it takes a lot of time and it takes a lot of effort and all of that, right?

The problem is, of course, now 2010, it's over.

And in the meantime, the Iranian program is still...

They still have a nuclear program.

They still got a nuclear program.

Natanz is still there.

What happened to that nuclear program, Gordon?

What happened in the intervening years?

And it is interesting because when you look at the damage inflicted by the virus, you can't really measure it.

It's quite hard to measure.

But the general view would be that it set it back definitely months, maybe years at a stretch.

Some people say three years, but some people say three months.

It's a wide range.

It's a pretty wide range.

It wouldn't seem worth it if it was actually three months.

I agree.

I mean, but the Iranians say, and they would say this, we've incurred some slight damages here and there, but we've been able to manage pretty well.

That's what I would say if I were an Iranian.

That's what you would say.

We've managed through this terrible crisis and there's been no impact.

That's what I would say if I were the Iranians.

So it clearly had an impact.

It took out at least a thousand centrifuges, it looks like.

No one is, of course, sure.

The IAEA inspectors, our friends with the magnifying glasses, they can see that it slowed them down.

They can see with their magnifying glasses broken centrifuges.

So it's definitely had an impact.

It has bought time, but not stopped it.

It has not stopped it completely.

And that was, I guess, always the point was buying time.

And

when you look at the decision-making at the start, it was not this is going to destroy the Iranian nuclear program.

It was, we're going to buy time and we're going to do this unprecedented thing.

We're going to do something which, you know, is potentially risky and which could have blowback, but we're going to do it to buy some time.

And in a sense, it does buy time.

And you can argue crossing the Rubicon is a big deal, but it's less of a big deal at that point than starting a war in the Middle East.

You know, it's back to Bush.

I want the third option.

He doesn't want either an Iranian bomb or

a war.

This was his third option.

And for a while, at least, it buys them that time.

First off, I have to say that if Stuckstadt is running in some capacity from 27 to 2010, I find it hard to believe that the delay was only a couple months.

I agree.

That seems implausible.

I think we're probably talking about years, but you're right, that nobody, nobody could know.

So that's one point.

I think the second point is it does seem like, and I guess draws it into the world we're in today where the U.S.

and Israel have just overtly hit Iran's nuclear program, is that it's not actually plausible to think that any of these sort of sabotage operations would eventually convince the Iranians to just sort of pack it up.

Yeah.

Right.

Like that, that seems like a bit of an out there idea.

So you're always dealing with the reality that at some point, either you're going to have to let the Iranians get to a point where they've got a breakout capability

or you've got to hit the program militarily, right?

Because you can't fully degrade the program

with covert means.

Or you have to hope that there's some kind of political change in Iran where,

the regime decides to stop the program like Gaddafi did.

You're right.

And Obama, we went back to where we were talking about previously about him wanting to use diplomacy.

And to some extent, he gets that because they get what's called the JCPOA, the agreement in 2015, in which Iran agrees to restrict.

its enrichment.

So to kind of constrain the enrichment that's taking place.

But then President Trump leaves the deal, says it's a bad deal unilaterally.

So Iran then is back in business and starts to push forward again.

And now it's harder to do another Stuxnet.

You could maybe only do it once.

And then it's interesting, isn't it?

Because you do get some more covert action.

You do get more attempts to do it.

I mean, there's a,

I remember getting an email on

July 1st, 2020, just before midnight.

I got an email in my inbox from a group calling itself the Homeland Tigers.

This came to my work email.

It's a good name.

They claim to be Iranians.

Hmm.

And they said they'd started a fire at Natance.

Now, I always assume, I think this was an Israeli thing.

And they were basically emailing journalists like me to try and claim responsibility and to try and suggest that it was an Iranian domestic group.

I slightly find that implausible, but they sent me details of this and it wasn't yet public.

And then the next day it emerges there has been a fire at Natans.

The Homeland Tigers were onto something, Gordon.

The Homeland Tigers.

But there's going to be more of these little explosions.

And of course, November 2020, picking up to our previous episode, you get the assassination campaign claims arguably its biggest target, Mohsen Fakhrizadeh or Fakhrizadeh, the man who's been driving a lot of the military side.

And he's taken out in 2020.

Well, and even a couple years before that was when the Israelis, it was 2018, when the Israelis conducted that wild operation to basically go into warehouses, I think a big warehousing facility in Tehran and basically steal all of the hard copy documents about the nuclear program, the themes from the kind of Stuxnet era, I guess you could say.

Cyber attacks, physical sabotage, an assassination campaign, and then this kind of almost like a public relations

trying to shed as much light as possible on the Iranian program.

Those, I guess, pillars of the Israeli campaign against Iran's nuclear program are very much alive and well a decade after Stuxnet, right?

And up to the point of these most recent strikes.

Yeah, because what you then see is that shadow war and some of it public continuing, and you have the Iranians continuing to enrich, continuing to increase the amount of material, shorten that breakout time through which they can, you know, get to the bomb.

And then, of course, you know, just this year, something changes, you know, which changes the dynamics around this program.

You know, it is interesting to look at it with this long view that we've had, because Israel's argument is that they get new intelligence, which suggests Iran is pressing forward on aspects of weaponization, which you'll remember if you go back to the early episode, 2003, the US believes the Iranians stopped at that point, the final stage, the weaponizations.

Now, the Israelis suggest they have something new on that.

Others I've spoken to are more skeptical about that, and they think it's more that Israel's risk calculus has changed, that Israel's risk calculus about tolerating an Iranian bomb after October the 7th changes, and of course, all its proxies.

You know, we talked about this on one of our bonus episodes, really interesting interview, where all the proxies that Iran has are taken off the board, off the chessboard.

So Iran has less ability to respond if Israel wants to strike.

And so I think Israel just sees that opportunity of a weakened Iran and of a Trump administration, which they are hoping might come in behind them, which of course it does, and then go for it.

Now, I'm not saying there wasn't any new intelligence, but I think that calculus is more of what's going on in my head.

Oh, it's really important.

It's got to be.

Yeah, because you think about the sort of Mer de Gan calculation on

wanting to delay Iran's going to push toward a bomb because he's trying to avoid a conflict.

And

on the conflict side of that, has got to be the sense that if we actually militarily strike the Iranians, there's going to be a protracted regional war that's going to lead to thousands of people getting killed, right?

And all of a sudden, I think now in the summer of 2025, with

Hezbollah

basically defanged

and with the Israelis having already taken a big bite out of Iran's air defenses and with Iran really reeling, All of a sudden,

that calculation shifts and you think, well, the whole point of of all of this, the shadow war stuff, is to degrade Iran's nuclear program as much as possible.

Well, all of a sudden, if the cost of the overt military strikes goes way down, it starts to look like a much better option for the Israelis, right?

And even if there's not really new intelligence on that front, all of a sudden it makes a lot more sense to overtly strike.

And when you figure that if you're Netanyahu, you might be able to do this and then convince the Americans to join and use those big B-2s with the bunker buster bombs that maybe can get you deep enough to create some real damage at Fordow.

It starts to seem like a pretty attractive idea,

even if you're only setting the program back a year or two.

You figure, why not if you're Netanyahu, right?

Yeah, totally.

So

that really does take us to where we are now with those attacks, you know, Natanz, which is where we started, getting bombed multiple times, you know, Fordo getting hit by these massive ordnance penetrators, damage, setback.

Again, you know, hard to know what's happened underground, but also does Iran have more secret sites?

Has it got another, you know, secret mountain site?

What's happened to the 400 kilograms of highly enriched uranium, which they, you know, stockpiled already?

Will Iran now race for a bomb at a secret site?

Or will on the back foot will it go for a deal?

I don't think we can know where it goes next, but hopefully, I think by telling this story we've helped explain how we got here and how to understand the events as they've been unfolding because i think that context is really important even if we can't really predict where this goes next and the big loser in this entire series natans yeah the poor site at natans

is

horse blanketed, bombed, centrifuges ripped, ripped apart.

I mean, I know we're covering almost 20 years of history here, but it seems like if you're an Iranian nuclear scientist or physicist or engineer, maybe you want to work elsewhere, right?

Which I guess is

part of the whole point.

Part of the point, yeah.

Right?

Is let's go work on, you know, designing the next generation of Tupperware

instead of nuclear bombs.

So it has been...

quite the journey, Gordon.

And I have to commend you once again for your explanations of nuclear physics.

Listeners to the podcast will, of course, understand that I don't enjoy giving you compliments, but I think you navigated science very well.

I'll take it.

That's right.

I'll take it.

That's right.

We should note that although this series is ending, it's still a wonderful time to sign up for the Declassified Club, Gordon.

We've got a great interview, haven't we, with Jim Lawler about Iran, which is talking about specifically

the targeting and the sabotage of Iran's nuclear program.

So he ran one of the CIA teams, which was dealing with Iran's nuclear program and with the AQ Khan network, which we talked about.

We've heard from him a bit already about other aspects of his career, but it is an absolutely fascinating interview.

If you want to understand

what sabotage really looks like, how it is done, it is amazing how you run front companies and all that stuff.

And that is going to be the bonus episode for our club members, which is coming out on Friday.

So do join at therestispassify.com.

But otherwise, see you next time.

See you next time.

Bundle and save with Expedia.

You were made to follow your favorite band, and

from the front row, we were made to quietly save you more.

Expedia, made to travel.

Savings vary, and subject to availability, flight-inclusive packages are adult protected.