69. Israel Attacks Iran: Mossad’s First Assault (Ep 2)

David McCloskey

For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books. Join the Declassified club@the restisclassified.com this podcast.

Carvana Ad

Is brought to you by Carvana Got a car to sell, but no time to waste? Hop onto Carvana.com to get a real offer for your car in seconds. All you have to do is enter your license plate, answer a few quick questions and if you accept the offer, Carvana will pay you as soon as you hand the keys over. They even offer same day pickup in many cities. Save your time, score some cash and sell your car the convenient way to Carvana. Pick up. Times vary. Fees may apply. This podcast is brought to you by Carvana. Buying a car shouldn't eat up your week. That's why Carvana made it convenient. Car buying that fits around your life, not the other way around. You can get pre qualified for an auto loan in just a couple of minutes and browse thousands of quality car options, all within your terms, all online, all on your schedule. Turn car buying into a few clicks and not a full week's endeavor. Finance and buy your car at your convenience on Carvana financing, subject to credit approval. Additional terms and conditions may apply. You're deep into your favorite true crime. Bench the twist, the theories and suddenly hunger hits. Grab a Paleo Valley 100% grass fed beef Stick. These aren't your average gas station snacks. They're made from real beef sourced from regenerative small American family farms. No preservatives, no gluten, no grains, soy or sugar. Just naturally fermented protein that fuels your obsession. Whether you're road tripping, hiking or pulling an all nighter with your favorite case, choose from five bold flavors. Original Jalapeno Summer sausage, Garlic Summer sausage and Teriyaki. They're keto, Paleo and carnivore friendly, made to work with your lifestyle, not against it. With over 55 million sticks sold and a 60 day money back guarantee, you've got nothing to lose. Get 15% on your first order@paleovalley.com Just use code Paleo at checkout.

David McCloskey

The code that struck Natanz was a work of engineering bravado, every inch as much as the centrifuges it was designed to destroy. The first thing the Iranian engineers heard was a screeching sound. That's the machine skidding round inside its case as it loses control. By this point, if your control panel has not warned you of a problem, it's already too late. You'll Hear one machine taking out the next and the next, like dominoes. There was no explosion, just a clatter as the delicate precious machines destroyed each other. The Iranians had already been seeing smaller problems. Machines were failing, parts breaking down. It was not always clear why. Was it poor engineering standards? Dark bad parts or designs? No sooner would one problem be fixed than more centrifuges would go awry, forcing them to be stopped and checked. What they did not know was that a hidden hand was remotely manipulating the controls to take advantage of the delicate nature of the devices. Welcome to the Rest is classified. I'm David McCloskey.

Gordon Carrera

And I'm Gordon Carrera.

David McCloskey

And that, dear listeners, you will of course recognize as Carreran Prose, that is Gordon Carrera writing in his book Intercept the Secret History of Computers and Spies about a terrible set of accidents at the Natanz enrichment facility in Iran. Gordon, you're of course going to have to set this up, but we are getting in that rich paragraph a sense of the impact of this really history altering cyber weapon that is developed as part of Operation Olympic Games.

Gordon Carrera

Last time we looked at the Iranian nuclear program, particularly the site at Natanz filling up with centrifuges to enrich uranium obtained from Pakistan's nuclear salesman AKU Khan. And this dilemma for Western governments, you know, what to do about it, whether to let Iran go nuclear or launch a military attack. President Bush wanting that third option. And that's what we're going to be looking at this time, this third option, which is going to be a cyber attack. I guess it's the origin story of what we think of as cyber warfare and cyber attacks.

David McCloskey

And as you described there, Gordon, in that prose, this is so, I guess history altering because it is a cyber attack that bleeds into the physical world. It is not merely dealing with zeros and ones on a screen. It is physically leaping and affecting machines in the real world. And that I think is why this covert action program to develop it can be compared to the Manhattan Project because it is that impactful on the world today. But of course, cyber network computers been around for a little while prior to the early 2000s. The vulnerabilities are sort of known prior to Natanz.

Gordon Carrera

Yeah, I mean, people had actually been thinking about the fact that computers could be remotely accessed and that, you know, the code stolen or even altered as far back as the 60s, in the 80s, you see the first signs of what is basically cyber espionage and people stealing data. And actually it's American computers which are the first to be on the Internet. So you start to see East German, Russian hackers trying to get into those in the 80s and the 90s. And then you see American and British hackers, I'm led to believe, getting into foreign, allegedly into foreign scientific programs in the 90s when they go on online and you can kind of access them over this thing called the Internet. But all of this, you're right, is espionage.

David McCloskey

Yeah. There's information that is on these networks that previously might have been kept in safes. Right. Or somewhere physical that's now online or on these computer networks that spy agencies, criminals, whoever might want to access.

Gordon Carrera

Yeah. And that is different from, if you like in the Hollywood version, cyber war or sabotage or whatever you want to call it, which is having a physical destructive effect through online means. People start to think this might be possible around the 2000s. And one of the first events is actually in Australia in 2000, when raw sewage starts to pour out from a treatment works in Queensland and they can't work out why. And it turns out that the disgruntled worker who's just been sacked and who knew how the systems worked, was dialing in and opening the valves to let the sewage out all over this poor town in Queensland. So, you know, it's the inside a threat. He is the kind of Snowden of cyber sabotage, but just in a sewage treatment works rather than the NSA in the 2000, the insider who does damage.

David McCloskey

It's the same impulse. It's the exact same impulse.

Gordon Carrera

Yeah, let's not go back into Snowden.

David McCloskey

I would love to, Gordon, but, yeah, you're right.

Gordon Carrera

Yeah, let's move on. You get after 9 11, there's lots of kind of loose talk about, you know, is Al Qaeda, Are the terrorists going to do cyber attacks? The crucial thing I think to say is it's really hard to do. It is not like the movies, you know, the Australian engineer with those sewage treatment works was only basically able to do it because he'd worked in these sewage treatment works. He knew the systems intimately, he understood them, and then he is, I think, physically sat in a car outside, accessing it through a radio. The idea that you could use a cyber attack to take down something much more advanced, something which you haven't got direct knowledge or access to and is well protected, say like an Iranian nuclear program. Now, that seems beyond capabilities. But, you know, that is what, as we heard last time, President Bush has said he wants that third option. And this is a third option, because I guess the key thing about it is it could buy you time. It's sabotage rather than warfare.

David McCloskey

It's maybe now even hard 20 years later to understand how revolutionary this idea would have been. Or frankly just the capability. Right. We're not talking about making it harder to use the computers at Natasha.

Gordon Carrera

Yes.

David McCloskey

The equivalent in industrial terms of like taking a website down. Right. Or something like that where you're dealing with a software problem that you can then fix and is presumably cleaner to fix. Right. What we're talking about here is actually getting into the physical infrastructure of the plant. And we talked in the last episode about these centrifuges that the Iranians had acquired through bomb salesman A. Q. Khan. And I would wager, Gordon, it's sort of an expensive lot of equipment and highly technically complex. And so if Western intelligence services were able to wreck some of that machinery, you would potentially set the nuclear program back very significantly.

Gordon Carrera

And I think the interesting thing about it is they're not necessarily trying to destroy the program, they're trying to disrupt it. They're trying to do it covertly to sabotage, to undermine it, and basically to buy time. I mean, that's what I think is quite interesting about this operation, is that it's not a kind of one shot where you're suddenly going to kind of blow the whole place up. That's just not possible. But the idea is to do something more covert without anyone knowing, without even the Iranians knowing they'd been attacked, let alone by whom. So it's very different from a bomb being dropped or a kind of special forces raid into the site. The good news is there's no risk, need to risk pilots or ground troops to do something like this. And if you can do it through cyber means, there is this tantalizing possibility that you can delay and set back this program without the Iranians understanding why. And I think that also makes it a very tempting option. You can imagine if you're President Bush at this time and someone says we can buy you time and slow down this program, that is tempting. Particularly of course, when you've got the Israelis on your back who are saying, we want to bomb this, or you've got Netanyahu going, we want to attack this.

David McCloskey

We kind of set up some of this era. When we did the episodes on Mohsen Fakriza Day, we talked about Mayor Degan, who was the head of the Mossad at this period of time. And it's probably worth situating him a little bit in this story because it does seem like the whole point from Mayor Degan's perspective was to avoid an open war with Iran. And so you want to slow the program down enough to create more options for you in the future in this period. I mean, the cyber component of Olympic Games, right, is a piece of it. But the Israelis are doing a whole bunch of other stuff, too. I mean, this is the era where they start assassinating nuclear scientists, right? And they start killing the people who are working with Mohsin Fakriz a day. And the kind of widespread nature of this shadow conflict, I think, is in part driven by the fact that the Iranians have quite ingeniously set up a target, a nuclear program that is dispersed across many different facilities, some of which are very, very hard to access physically and importantly. And this is what distinguishes it from, you know, the Syrian attempt to get the bomb or the Iraqi attempt to get the bomb is. It's kind of homegrown. They get a lot of this stuff initially from AQ Khan, but the knowledge of how to do this stuff is in the heads of Iranian scientists, right? And so the Israelis are trying to. To kill them, to slow the program down by making it harder for people to do the work.

Gordon Carrera

And I also find it interesting because even within Israel, Mayor Dagan is the head of Mossad at this time. He is actually in variance. He's not pursuing the same policy, if you like, that his prime minister wants, which is Benjamin Netanyahu wants to attack the program with a military strike, and Merde de Gan is not up for that. And he will talk about it after he's basically ejected from office later. And so he is actually trying to stop his own prime minister. It feels like doing something which he thinks is dangerous, which is launching a military strike. So he's invested in this idea, you know, at Mossad, that they could do a covert action to slow it down. So he's also a bit like the American side, trying to kind of buy time and if you, like, divert the pressure from going for a full military strike. And I find that kind of interesting as well, because you do get a sense of the tension between, and you often hear about it between Netanyahu and some of his own national security officials, because a lot of them at various times think this guy's going too far, he's too hawkish on some of these issues. And I think that was the case here. And so what Mayor Degan is doing by pursuing, you know, Olympic Games and by even the assassinations is actually trying to buy time and avoid, you know, the military option.

David McCloskey

And we should say that the US Was not involved, at least as far as I can tell us is not involved in the assassinations. There are pieces of this where Mossad and the agency, or Mossad and kind of Western intelligence are joined at the hip, and then other places where they're not right and where Mossad is pursuing its own operations, Operations, its own sense of Israeli security interests. But there's an incredible overlap, I think, of interest, obviously, in stopping an Iranian bomb, but in, frankly, what is deemed as justifiable or worthy of the risk when it comes to sabotaging the physical components of the nuclear program. Because the US at this point, Gordon, I think, has already tried to sabotage some of the program by kind of getting into the supply chain.

Gordon Carrera

Looks like they put some bad components and some kind of sabotage components into that supply chain. Including some. Yeah, allegedly including some power supplies shipped from Turkey which explode. But I think the Iranians then work out a problem. It's kind of pretty obvious when a power supply explodes and you look where it came from, and then you kind of get it from somewhere else or you find a different way of doing it. So I think they're working out that that kind of traditional covert action or sabotage has its limits when Iran is protecting and kind of trying to build its nuclear program very much under its own auspices rather than bringing in material elsewhere. And so, you know, this option of the cyber attack becomes suddenly possible and quite tempting for both the US and some of those in Israel, I think. But it is ambitious. You know, it's something that has never been done before, and you've got to work out how you're going to translate something which is on computer code, that you're developing into a physical, destructive act within this very closed and secretive nuclear program.

David McCloskey

Well, and this gets back, Gordon. I mean, in the last episode, you gave us a wonderful tutorial on centrifuges, and I guess we're back to the centrifuge. The large rows of hot water heaters that are sitting in the basement at Natanz. These are the targets, right, of the cyber weapon that is going to be developed.

Gordon Carrera

And the key reason is they are obviously the thing which is enriching uranium. And crucially, they are these incredibly complex bits of engineering, the rotors inside them, you know, to separate the uranium 235 from 238. It spins so fast, it's faster than the speed of sound, supersonic, faster than the fastest fighter jet. That's the speed at which that rotor is moving. You know, it needs to be made out of a special metal to be able to withstand the kind of stress it needs to be perfectly balanced, this rotor, on a kind of ball bearing. It's incredibly delicate and fragile. The Iranians would find if you don't wear gloves when you assemble them and you get some dust on these rotors, they're spinning so fast. Just that dust will cause an imbalance on the rotors and it will spin off and then smash into the kind of casing in which it is. So you have to maintain the speed of that rotor perfectly as well. You basically can't switch them off very easily. And it mustn't vibrate, it mustn't get any kind of dirt inside it. The slightest imbalance in this system and it can spin out of control. And then what happens is it crashes into the casing. And then because they're in a cascade, all these centrifuges together, one will potentially crash into the others like dominoes. And you can take down a whole cascade of centrifuges. So they are incredibly vulnerable bits of engineering.

David McCloskey

So if you start from the idea that you want to wreak havoc on this centrifuge cascade at Natanz and you want the Iranians to be confused about what's happened, you don't want something to go boom and then they go back on the supply chain and say, oops, we're not buying from the supplier anymore. You want there to be this perpetual sort of confusion about what's happening. I mean, it seems like, first off, you need a pretty detailed understanding of the facility at Natanz and exactly how. How it's laid out and exactly what type of machinery and software it's using to run the place. Right. I mean, you need a lot of information to even get started.

Gordon Carrera

And all the signs are that pre the deployment of the code that's going to cause the damage. There are a couple of stages of more traditional espionage, and there's a couple of very advanced espionage tools called, I think, Flame and Dooku, which. Which are the kind of, you know, the hacker names for these packages which get inside the system, and they are basically there to just collect the data about what the system is and how it's working. We don't entirely know which countries were involved in that. I think US Israel looks like definitely some signs, maybe some other countries as well. One of the interesting questions about that, who knows if the Brits might have had some involvement at that stage? In some suggestions of it, of course they wouldn't confirm it. But this is still espionage, you see, and you could imagine everyone saying, well, we need to understand this espionage, but Then the next bit, which I think is really interesting. So even if you know what the centrifuges are and how the system is configured, you need to be sure how to have an effect on them. What code would allow you to have a physical impact on them. And this is where we get back to. I'm not sure he is a friend of the show because I think in terms of hero or villain, I think A Q Khan is. I don't think we can play that game with him. I think he's in the villain category. Sorry, Pakistani patriots who love him as father of their bomb.

David McCloskey

Now you raise a good point, Gordon, which I'm sure will be an ongoing conversation, which is if you are a villainous character, can you actually be a friend of the pod or is it just you've got to be a kind of a straight shooter?

Gordon Carrera

I don't know. I think we need to. We need to think about that. You have to give me an example. But I think A Q can't.

David McCloskey

I mean, I don't think. Yeah, we should, as we say it out loud, I don't think he can be a friend of the pod.

Gordon Carrera

No, no. Last time we explained how he had sold some of the equipment, some of the designs for centrifuges to the Iranians and they're going to basically copy those. They are going to use those designs. And the crucial thing is in 2003, the AQ car network gets taken down again. We'll do that another time. Amazing story involves the interception of some components which the Khan network was selling to Libya. The US Will get Pakistan to put a Yukhan under house arrest. Libya will give up its program. Now the interesting bit is that means the US will get hold of a whole load of the centrifuges. What were the P1 and P2 centrifuges, but which are identical to the IR1, Iranian 1 and 2 centrifuges that Iran is developing. And these centrifuges are going to be shipped back to the national security complex at Oak Ridge Lab in Tennessee, which is one of those US national security labs, isn't it?

David McCloskey

That's right. And it is essentially the centerpiece of the US nuclear stockpile. Right. And a tremendous amount of the research on the maintenance of that stockpile, the procurement of it. I think the kind of locus point for that is Oak Ridge, Tennessee. So it's a. Be a natural place if you were an officer of a Western intelligence service who is really interested in sabotaging the Iranian nuclear program to kind of go down there and Have a look. Have a look at these centrifuges and understand how they work and how you.

Gordon Carrera

Might be able to play with them.

David McCloskey

Right? Yeah, Just kind of play around with them for a little while. Yeah.

Gordon Carrera

What's amazing is that Khan has supplied the centrifuges to Iran, and then by his network being broken down, there's an opportunity because the US can build its own replica of the kind of enrichment cascades that are being used in Natanz with the same controllers, the same hardware around these centrifuges and. And work out how to sabotage them effectively. And they can work out what will lead them to crash. And supposedly they had a cage where they could watch them and toy with the controls and work out what would make them crash and break, making this awful screeching sound. And the Israelis are also doing something very similar, it seems, making a scale model of the Natanz enrichment facility set up at Dimona, which is their nuclear power facility out in the desert. And they are building their own also replica of Natanz. You've got both sides trying to understand what is going on in this kind of cavernous site at Natanz and how the centrifuges specifically work and what you could do to them.

David McCloskey

Spy agencies love a good scale model. It reminds me of the replica built of the Bin Laden compound Right. At Abbottabad that. That the seals trained on.

Gordon Carrera

Do they have, like, modelers?

David McCloskey

No. They do, yeah.

Gordon Carrera

They recruit people, like, because, you know, you get people who love. I met someone the other day who loves scale models. They were showing me pictures of a scale model village and something like that. And then do you think, you know, you get recruited and someone says you're a really good scale model village builder. Do you want to come here and build models of nuclear compounds and terrorist compounds for the CIA or Mossad? I guess they do.

David McCloskey

The ones that I met worked at the National Geospatial Intelligence Agency, nga. There'd be a natural connection between the imagery and the model and the modeling. So they had a team of modelers there who would.

Gordon Carrera

Who.

David McCloskey

That was their job.

Gordon Carrera

That's a great job.

David McCloskey

That's like the best job. Yeah, I'm not even into it, and I want that job, but I would be discovered on day one as an incompetent, competent modeler. Well, so Gordon, maybe there with scale models all over the place of Natanz and alleged Western intelligence services practicing destroying centrifuges. Let's take a break. And we come back, we will see how they code this destructive cyber attack. That's going to change the history of the Middle East.

Gordon Carrera

See you after the break. This episode is brought to you by LifeLock. Between two factor authentication, strong passwords and.

David McCloskey

A VPN, you try to be in.

Gordon Carrera

Control of how your info is protected. But many other places also have it and they might not be as careful.

David McCloskey

That's why LifeLock monitors hundreds of millions of data points a second for threats.

Gordon Carrera

If your identity is stolen, they'll fix it, guaranteed, or your money back.

David McCloskey

Save up to 40% your first year.

Gordon Carrera

Visit lifelock.com podcast for 40% off terms.

Carvana Ad

Apply what makes a great pair of glasses at Warby Parker? It's all the invisible extras without the extra cost. Their designer quality frames start at $95, including prescription lenses plus scratch resistant, smudge resistant and anti reflective coatings and UV protection and free adjustments for life. To find your next pair of glasses, sunglasses or contact lenses, or to find the Warby Parker store nearest you, head over to warbyparker.com that's warbyparker.com youm say.

Gordon Carrera

You'Ll never join the Navy, never climb.

David McCloskey

Mount Fuji on a port visit, or break the sound barrier. Joining the Navy sounds crazy. Saying never actually is.

Gordon Carrera

Learn why@navy.com America's Navy forged by the Sea.

David McCloskey

Well, welcome back, Gordon. We've talked about the centrifuges and the physical destruction, but you have to, I guess, design a code, right, that will actually have an impact on those centrifuges. And so there's a software coding component to this that is really, really critical.

Gordon Carrera

And it's thought to be done by the US And Israel primarily. Those are the allegedly. Allegedly.

David McCloskey

And we should say again, this is all in the public domain here. Right. But nobody's taking ownership of Olympic Games.

Gordon Carrera

But they're writing this code, which has got to be covert and it's got to be really precise. And it's interesting because, believe it or not, we're not going to get deep into the specific types of code that.

David McCloskey

We'Re going to use.

Gordon Carrera

I could, but I just thought, you know, too shy. Show off my knowledge of coding. Last time I coded was, I think, in the 1980s using BASIC computer language, if you remember. You're too young, David, to know what BASIC was on a Commodore VIC 20 computer. You're probably too young to know what that is.

David McCloskey

I am too young to know what that is.

Gordon Carrera

That's my coding knowledge. I do understand a little bit, but not.

David McCloskey

You were not recruited to help Western intelligence in its efforts to sabotage the Iranian nuclear program.

Gordon Carrera

No. Me playing Jetpack on my computer did not qualify me to be a top cyber hacker. But by 2007, they've got some code rules ready. And it's worth saying there's actually not going to be just one cyber attack, and that's actually going to be important for our story. There's going to be multiple and they're going to be varied and covert to sow confusion. And the code is kind of stealthy, designed to work over an extended period without being spotted, rather than being a single strike, which takes it down. And the way to think of it is as two things. A delivery system, which is, if you like, the missile, which is going to get you into the target and then the payload, the warhead, which is actually going to do the damage. And the aim of the, you know, the Olympic Games code is to be very, very targeted in its delivery system because they create code which is looking for something called a programmable logic controller, a plc. And the PLC is used to control industrial facilities. So it's a small computer which you have at things like sewage plants, gas pipelines, train signalling. Anything industrial in a factory, you know, air conditioning, even in a building, they're not built with huge amounts of security in mind. They just control a physical process. So they're the controlling system. And the coders are going to design something which is looking for a very specific one of these PLCs built by the German company Siemens, a specific PLC and one that's operating in a very specific setup. So you're not just after a specific plc, but in a particular configuration, which is effectively unique, because going back to the espionage bit, they've already done, they've worked out the exact controllers, the exact configurations, what everything's connected to at Natanz, and they are targeting it for that.

David McCloskey

None of this, the COVID nature of it, the precision would have been possible without what was probably an extended phase of reconnaissance, right? Digital reconnaissance, to map out exactly the structure, the architecture of all of the systems running at Natanz. Right. I mean, you couldn't develop either the, you know, to use the weapon terminology, the missile or the payload without the really detailed map of the facility.

Gordon Carrera

But you've got a problem when it comes to the delivery, because these industrial control systems are not connected to the regular Internet. You know, companies have corporate networks which are connected to the Internet and can be accessed from anywhere and then hacked, but these industrial systems are not. And then Iran has also taken extra steps, unsurprisingly given it's a nuclear program, to air gap them, so that there are no direct connection points to the regular Internet. So the question is, how do you get the code in there?

David McCloskey

How do you get that code in there? Right. Sounds like you need a human to me.

Gordon Carrera

It sounds like you might need a human. You hear a lot of people saying, oh, you know, don't need those human spies anymore. You know, don't need humans. In the world of cyber espionage, you can steal all the secrets online. And I do remember, you know, in the early 2000s, I think a lot of the kind of human, human guys, you know, the CIA and MI6 people, were a little bit insecure I think, you know, as the arrival of cyber espionage came, because it's like you want to get secrets from that safe or that computer. You don't need to bribe the person running the office anymore or, you know, recruit an agent stealing it. You just go online.

David McCloskey

You just need a sun deprived guy eating pop tarts sitting behind a computer screen. Right.

Gordon Carrera

You just need Neddy Snowden, you know, to go and steal this, to steal the stuff.

David McCloskey

Right.

Gordon Carrera

And I think there was a bit of insecurity. I mean, I think there was in the early 2000s that the cyber guys were going to take over and there was no need for these, these human operators. How wrong they were.

David McCloskey

You still need a meat sack, right, Gordon?

Gordon Carrera

I've never heard that phrase. Really? No meat space. I know meat space, cyberspace and meat space.

David McCloskey

Well, who sits in the meat space? It's the meat sacks.

Gordon Carrera

It's the humans meat sacks. So you're going to need a meat sack because you've got to get that coded over what's called an air gap, which means it's not connected to the systems. So, yeah, you need a person. So it's thought that what they do is draw up lists of companies and engineers who might have some kind of access to Natanz and to the Iranian nuclear system. Then the idea is you're going to be able to perhaps feed them a USB stick which they are going to connect onto their laptop and then into an Iranian air gap system and plug it in. Because there are a lot of systems there which require updating. It's a fascinating part, I think, of espionage these days. And it's something which I think people don't realize Is that melding of kind of cyber and human espionage? Yeah, and this is a good example of that. It looks like.

David McCloskey

Well, there were even reports that the Dutch were involved in this part of it. Right. There was a Dutch engineer, I think, who went in and out of Natanz and Who may have been involved.

Gordon Carrera

Yeah, initially, after all of this became public, people were wondering, you know, was it a witting or unwitting engineer? How did it get in? What was the method? Then quite recently, there was this report which came out of Dutch media that there was an individual who worked on the water pumps at Natanz who was a Dutch engineer, he had an Iranian wife, and that he had somehow been recruited by Dutch intelligence, the AIBD, back in 2005. And that he might have been the one to introduce the virus and the code into the system on one of these visits. Although I think the suggestion is he, and maybe even the Dutch, may have not known what the actual purpose was. You could imagine the Americans or the Israelis or someone telling the Dutch, we just need to get this coded to the system to do some espionage. And you can imagine this engineer going, could you put this in? You know, help us out?

David McCloskey

You don't want to be the meat sack who gets sent into Natanz to like, stick a USB drive into a computer. Right. That doesn't seem like a great job to have in this whole game.

Gordon Carrera

Yeah. All we'll say about this engineer is he then dies in a motorbike crash two years later near his home in Dubai. Now, I mean, look, that could be entirely innocent. I'm not suggesting it's anything worse, but the guy who is involved is not around anymore to explain what happened. It's worse.

David McCloskey

Is this the first appearance of the Dutch AIVD on the podcast? This is another, like, semi obscure intelligence agency that's. That's appeared. For those keeping track, welcome to the program to the aivd, the Dutch external service.

Gordon Carrera

Because we've got the bingo cards, haven't we? Of intel services.

David McCloskey

Exactly. If you put the Dutch AI VD in the middle of that bingo card, you are. Now you're rolling.

Gordon Carrera

I'm just imagine someone sitting on a train and going, bingo is there. You know, they're listening to this podcast where they finally realize they filled in there, filled in their card, and everyone go, why are you shining bingo anyway? Well done if that's you.

David McCloskey

It's 2007 though, right, Gordon? And the very first variant of this virus is ready to be unleashed on the tons.

Gordon Carrera

And the first attack, at least the first one we know about, looks like it targets the valves that transfer the uranium gas from one machine to the next, including the isolation valves that protect the centrifuges from faults. And the code which has been introduced into the system understands and finds its target. And it's really interesting because it closes one set of valves, so the pressure in the machine grows as the gas builds up. Then it opens another set of valves, which dumps the gas out of the tank to waste it. Now, it's really kind of interesting because it would do this for a couple of hours and then reset itself.

David McCloskey

That sounds confusing if you're the Iranians watching this, right?

Gordon Carrera

Because again, it's not like you've bricked the computers and just turned them off. It's not like you've blown up the valves. It's not like you've done something really obvious to them. You've just changed the flow of gas for a while, causing some of it to be wasted. And you just do this at periodic points. And I just think it's clever, isn't it? Because it is. It is not obvious that something is going wrong.

David McCloskey

And we should say that the flow here was that, let's say, a meat sack put a USB drive into a computer on that closed network, right? The virus, unbeknownst to anyone on the Iranian side watching this, escapes, but it's not on, presumably anything close at that point to the PLCs that run the centrifuge cascade. So that that virus has found a way.

Gordon Carrera

It's looking for its target.

David McCloskey

It's looking for its target. It then finds its way to the PLCs that control these cascades, and it is then manipulating the plc, which is kind of the interface between the digital world and the. And the physical reality of the. The centrifuges. Right? So it's remarkably complex. I think it's just worth restating that, because it's not like all of a sudden someone in Tel Aviv opened up a screen and they're just running those PLC is, right? I mean, it's gone through this long process to get to its target.

Gordon Carrera

The COVID bit of it is what I find fascinating because there's one really kind of clever bit of the operation, which is the code also records what the normal operation of the centrifuges looks like for two weeks. And then when it starts playing with the centrifuges and those valves, it plays back to the operators, the normal flow of data, as if they're operating normally. So we talked about the valves changing, so the pressure is building up, but if you're an operator, you don't see that it looks totally normal because you're being replayed. Old data of when it was running normally before the code switched it on. The parallel is in. I think it's Ocean's eleven, isn't it? Where there's a bank of CCTV cameras. You must have seen Ocean's Eleven.

David McCloskey

Yeah, yeah, I have seen it.

Gordon Carrera

Just checking.

David McCloskey

Not like I was too young, Gordon. I was too young.

Gordon Carrera

Where they're going to do the heist of this vault beneath the casino. And what they've done is they've recorded the normal operation of the CCTV cameras where nothing's happening, right? And then when they're in doing the heist, they play back normal. And so the CCTV operators think, you know, everything looks fine, until suddenly the picture shows your kind of vault empty of all the money. I mean, it's, you know, it's that bit of it, I think, which is just frankly brilliant.

David McCloskey

It's brilliant, yeah. I mean, again, it ladders up to, like, what's the goal here, right? The goal is time and confusion. Or just not even being aware that your program is being sabotaged while it's being sabotaged is ideal, right? That is exactly what Western intel wants out of this. It does make me think, Gordon, have you seen the movie the Sting?

Gordon Carrera

Yeah.

David McCloskey

Classic, classic. It's Robert Redford and Paul Newman.

Gordon Carrera

Paul Newman.

David McCloskey

And the premise of this whole wonderful film is how do you con somebody and then at the end, they don't even know they've been conned, Right? That's the most effective con. And it makes me think of this, which is, how do you sabotage a program? And the Iranians don't even know that anyone has sabotaged the program, right? It's. It's an absolutely brilliant piece of tradecraft here.

Gordon Carrera

And you can imagine, you know, what it must be like for those Iranian engineers, because suddenly not enough uranium is coming out their centrifuges, gas is getting dumped out, but all their controls are telling them they're operating normally. You're going to start pulling the stuff apart. You're going to kind of start wondering, is it a problem with our controls is, you know, our sensors mistaken? Is one of our colleagues, you know, mucking around with this? There's no obvious reason why it's not working as it should do. And you could just imagine this is just going to kind of sow confusion, doubt, chaos. You've got to pull everything apart, probably have to pull apart every bit of sensor as well as the centrifuges to try and understand, you know, why they're not working. I mean, that is going to slow a program and you're not going to find anything because, you know, you don't realize that you could be doing this remotely through code. It is amazing. So they're constantly taking these centrifuges out of action. And of course, they've had problems before. The P1 centrifuges were a bit dodgy. So it's plausible they're just badly engineered. You know, they actually learn not to trust the instruments, the control panels, and they ask people to go and watch the centrifuges.

David McCloskey

It's not how you want to run an industrial facility. We don't look at the controls because they don't tell us what's going on. We need.

Gordon Carrera

We need someone with eyes on, you know, go and radio back and tell us what's going on. So in that sense, Olympic Games, it looks like it's working well.

David McCloskey

And maybe there. Gordon, with the. The virus unleashed on Natanz, we should stop. And next time we will look at how really the stakes get raised in this entire program as the Iranian nuclear program becomes more ambitious, as does this covert effort to bring it down and stop it. We should also note, though, Gordon Wright, that you don't have to wait for that episode.

Gordon Carrera

You don't have to be delayed like the Iranian nuclear program.

David McCloskey

That's right. Don't be the Iranian nuclear program.

Gordon Carrera

Don't be an engineer wondering what's going on, what's going to happen next. Be ahead of the curve and join the declassified club@therealdisclassified.com, where you get early access to all the episodes in this series and future series and crucially, also bonus episodes. And we've got a cracker coming up, haven't we? On Friday, we got an interview we've done with none less than David Petraeus.

David McCloskey

That's right. Wonderful conversation with Director Petraeus, who is the CIA director, actually, when I was there and talked with him about that, Talked with him about what's going on in the world. Talked with him about the agency. Really brilliant stuff. Great interview. And we'll be dropping that on Friday.

Gordon Carrera

So sign up at the restis classified.com and we'll see you next time.

David McCloskey

See you next time.