70. Israel Attacks Iran: The Virus Spreads (Ep 3) - The Rest Is Classified

Summary5 min read

Podcast Summary: The Rest Is Classified - Episode 70. Israel Attacks Iran: The Virus Spreads (Ep 3)

Release Date: August 3, 2025
Hosts: David McCloskey & Gordon Corera
Description: This episode delves into the clandestine operations aimed at disrupting Iran's nuclear program through cyber warfare, focusing on the deployment and consequences of the Stuxnet virus.

1. Introduction to the Cyber Offensive Against Iran

The episode opens with hosts David McCloskey and Gordon Corera setting the stage for an in-depth exploration of the covert cyber operations targeting Iran's nuclear ambitions. David introduces the central theme:

David McCloskey [00:41]: "There was no consensus within the Obama administration about how these weapons should be used... President Obama had repeatedly questioned whether the United States was setting a precedent using a cyber weapon to cripple a nuclear facility that the country would one day regret."

This highlights the internal debates and ethical considerations within the U.S. administration regarding the use of cyber weapons.

2. The Genesis of Stuxnet and Operation Olympic Games

Gordon delves into the origins of the Stuxnet virus, revealing it as a product of the covert Operation Olympic Games initiated under the Bush administration:

Gordon Corera [02:39]: "The cyber weapon had first been unleashed in 2007 under the Bush administration... the virus itself will become known as Stuxnet."

David references David Sanger's The Perfect Weapon, underscoring the strategic intent behind Stuxnet:

David McCloskey [01:29]: "We look at how the Obama administration decides to accelerate the targeting of Iran's centrifuges in a way that ultimately leads it to going out of control."

3. Transition of Power and Strategic Shifts

As President Obama takes office in 2009, there's a significant handover of the cyber operation. Gordon emphasizes President Bush's recommendation to continue the successful strikes:

Gordon Corera [03:23]: "President Bush explains the program and personally recommends to President Obama that he should keep it going because these Iranian centrifuges are blowing up."

David adds context about the lack of internal consensus and the looming risks:

David McCloskey [04:30]: "He is worried... there are risks to unleashing this kind of cyber weapon."

4. Discovery of the Fordow Facility and Increased Tensions

In September 2009, the revelation of the Fordow enrichment site marks a critical escalation:

Gordon Corera [07:57]: "It was a Revolutionary Core Guards base... built another enrichment facility covertly... in a mountain."

David underscores the geopolitical implications:

David McCloskey [09:07]: "Bad look for your peaceful nuclear program."

The discovery exacerbates Israeli fears of a "zone of immunity," compelling the U.S. and Israel to intensify their efforts to delay Iran's nuclear breakthrough.

5. Technical Breakdown of Stuxnet's Evolution

Gordon provides a detailed analysis of the Stuxnet virus's sophisticated architecture, particularly its transition to self-propagating worms:

Gordon Corera [11:19]: "They record what normal operations look like and feed it back in when the attack's underway... for 13 days, there's a recon stage..."

David appreciates the strategic finesse behind the virus's design:

David McCloskey [14:04]: "Attackers were in a position where they could have broken the victim's neck, but they chose continuous periodic choking."

This section highlights the meticulous engineering intended to inflict maximum damage while minimizing detection.

6. Escalation and Unintended Consequences

By late 2009 and early 2010, as inspections by the International Atomic Energy Agency (IAEA) intensify, the U.S. and Israel decide to escalate their cyber efforts:

Gordon Corera [16:52]: "It's a very targeted... command and control server... fake football websites to mask communications."

David discusses the legal and ethical oversight surrounding the deployment:

David McCloskey [23:07]: "Covert action finding... lawyers all over it... risks acknowledged as part of this."

Despite rigorous controls, the self-propagating nature of the worm eventually leads to its unintended release into the broader internet.

7. The Viral Escape and Global Ramifications

In the summer of 2010, an unforeseen breach allows Stuxnet to spread beyond its intended target:

Gordon Corera [27:11]: "It is the most sophisticated piece of malicious software any cybersecurity researcher has ever seen... it's out there on all these machines."

David captures the gravity of the situation:

David McCloskey [30:26]: "We are really reaching the final stages now of this covert action."

The accidental dissemination of Stuxnet underscores the challenges and unpredictability inherent in cyber warfare, marking a pivotal moment in global cybersecurity dynamics.

8. Conclusion and Cliffhanger for Future Episodes

The episode concludes with the hosts foreshadowing the impending fallout from Stuxnet's escape, setting the stage for future discussions on its long-term impact and the evolving landscape of cyber espionage.

David McCloskey [30:26]: "Look toward the thrilling climax in which the US and Israel allegedly will double down yet again on the power of this cyber weapon."

Notable Quotes:

David McCloskey [00:41]: "There was no consensus within the Obama administration about how these weapons should be used..."
Gordon Corera [07:57]: "It was a Revolutionary Core Guards base... built another enrichment facility covertly..."
David McCloskey [14:04]: "Attackers were in a position where they could have broken the victim's neck, but they chose continuous periodic choking."

Key Takeaways:

Stuxnet as a Pioneering Cyber Weapon: Stuxnet represents one of the earliest and most sophisticated instances of state-sponsored cyber warfare, meticulously designed to cripple Iran's nuclear capabilities without direct military confrontation.
Strategic Ethical Dilemmas: The deployment of such cyber weapons raises significant ethical and strategic questions about the precedent it sets for international norms and future warfare.
Unintended Consequences of Cyber Operations: The accidental release of Stuxnet into the global internet highlights the inherent risks in cyber operations, where control is difficult to maintain once a weapon is unleashed.
Influence on Global Cybersecurity: Stuxnet has had profound implications for global cybersecurity, prompting nations to bolster their defenses and reconsider their approaches to cyber threats.
Clandestine Operations and Transparency: The episode underscores the complexity of covert operations, balancing strategic objectives with the need for oversight and accountability.

This episode provides a comprehensive examination of the intricate web of espionage, technological prowess, and geopolitical maneuvering that characterizes modern covert operations. Through detailed discussions and expert insights, listeners gain a nuanced understanding of the pivotal events that shaped the cyber landscape in the early 21st century.

Loading summary

Transcript60 lines

[00:04]
David McCloskey
For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books. Join the Declassified club@the restisclassified.com a covert.
[00:18]
Gordon Carrera
Action has been launched against Iran's nuclear program. But this time on the Rest Is Classified. We look at how the Obama administration decides to accelerate the targeting of of Iran's centrifuges in a way that ultimately leads it to going out of control.
[00:42]
David McCloskey
There was no consensus within the Obama administration about how these weapons should be used. Even while Obama was approving new strikes on the Iranian nuclear plant, he harbored his own doubts. In meetings in the Situation Room. In the first year of his presidency, Obama had repeatedly questioned whether the United States was setting a precedent using a cyber weapon to cripple a nuclear facility that the country would one day regret. This was, he and others noted, exactly the kind of precision guided weapon that other nations would someday learn to turn on us. It was the right question, said one senior official who came into the administration after the stuxtened attacks were over. But no one understood how quickly that day would come. Well, welcome to the Rest Is Classified. I am David McCloskey.
[01:28]
Gordon Carrera
And I'm Gordon Carrera.
[01:29]
David McCloskey
And that is David Sanger writing in his book the Perfect Weapon about of course, the Stuxnet virus. This effort by the allegedly Gordon, I guess the United States, Israel to disrupt and delay Iran's nuclear program. We have been looking over the last couple episodes at the story of Iran's nuclear program and really some of the first concerted attempts to sabotage it and take it down. Not with bombs as we've seen recently, but with this cyber weapon. And last time we looked at how the virus was kind of first unleashed around 2007 caused this massive confusion inside the Iranian program as nobody could really work out what was going on. The centrifuges that you so eloquently talked about, Gordon, sort of the scientific basis of how a centrifuge works. These centrifuges had been, of course, used to enrich uranium. They'd been more or less taken offline for periods of time by this cyber attack. And this program is about to take a turn as the Iranians speed headlong toward a bomb and the United States and Israel desperately try to stop them.
[02:39]
Gordon Carrera
The cyber weapon had first been unleashed in 2007 under the Bush administration. But by the time you get to 2009, President Obama is taking office and there is a handover which I'd love to sit in on, by the way, one day of all the secret operations that are underway, the really secret stuff that only one president can brief another president about. And I think at this time, one of those secret operations that are underway is this one called Olympic Games. That's the code name for it. Although, you know, the virus itself will be become known as Stuxnet. And it's interesting because President Bush explains the program and personally recommends to President Obama that he should keep it going because it's working, because these Iranian centrifuges are blowing up.
[03:23]
David McCloskey
You bring up a good point, though, which is that the program itself, this virus, this weapon has, has come to be known as Stuxnet. But nobody inside the United States government at this time would have called it that. This would all have been done under this Olympic Games sort of code, covert action program, like literally nobody would have called it stuxnet.
[03:42]
Gordon Carrera
It's a name that will be given later by the people who research it out in the wild rather than the actual kind of teams behind it. But it's interesting because President Obama's going to be very interested in this program when he takes office in 2009 and very focused on it. The briefers bring out something called the horse blanket, which is a giant folding map of Iran's nuclear program so he could see, you know, what was being done to different centrifuge cascades and the tans and decide on next steps. And it's compared to President LBJ looking at maps of bombing targets in Vietnam. You know, then it's about, where do you Want to bomb, Mr. President? Here it's which centrifuge cascade, you know, should we go for and how should we go for it? Using a cyber weapon. But it's the same kind of thing with a briefer showing this map to the president.
[04:31]
David McCloskey
What's on the map? Is it just pictures of the facilities or like I'm imagining it?
[04:37]
Gordon Carrera
It's. You know, we talked in the very first episode of the enrichment facility beneath the ground in Natanz, the one they're building, which got room for 50,000 centrifuges. I'm guessing it's almost a map of that, maybe of other facilities as well, but saying these are where these different cascades of centrifuges are, and these are the ones we've already damaged and the Iranians are worried about, and these are the ones we think we can take out with a new update to the cyber weapon. I'm guessing that's what it is. But he's also worried. He understands, as we heard from that opening quote, that this Is, you know, it's something new, and we'll come back to how new it is. But he understands there are risks to unleashing this kind of cyber weapon. But he is going to accelerate it. I mean, one of the reasons is that he actually wants to focus on diplomacy. And so back to that idea of buying time avoiding a military strike and the Israelis pushing him into action or taking action themselves by buying time for diplomacy through the kind of COVID action side.
[05:36]
David McCloskey
Well, it's interesting, right? I mean, you look at the sort of campaign Obama and then compare that to what he did. There obviously was a sort of faith that developed in the administration about COVID action. Right. And. And honestly, I guess that is some of the allure of it, is. Well, it's pretty hard to conduct diplomacy if you're openly bombing a country, but if you're clandestinely, covertly sabotaging its nuclear program and they don't even quite know what's going on, that doesn't exactly rule out diplomacy. You can sort of walk and chew gum at the same time. So I can. I can see why it would be alluring. Although 2009, of course, it's a pretty big year inside Iran.
[06:19]
Gordon Carrera
Yeah, it is. I mean, President Obama's tried to, you know, send a message. I think in March 2009, there's a really unusual message to the Iranian people. Kind of holding out the hand of friendship and sends private letters, and he kind of. They get rejected. Nothing happens. But I think he knows that. But he feels he's got to try and open this diplomatic front. But you're right, you know, 2009, big year inside Iran, because you have the protests against an election which Iranian people believe is rigged. And, you know, they come out on the streets, famously, in this big movement, the Green movement. Yeah. Which is, you know, it's a big moment for Iran when people thought, could this topple a regime? And it's interesting because President Obama doesn't support them. He doesn't come out and give a statement of support. He doesn't say the elections are rigged. And I think some of the people around him will later say this is a regret for them that they didn't, you know, side with the protesters a bit more. But I guess it's always that problem that if you side with them, then it allows the regime to say, well, you're all just. All the protesters are basically CIA puppets and being manipulated. So, yeah, it's a difficult balancing act. But, yeah, there's a lot of change going on, I think, within Iran at.
[07:27]
David McCloskey
That moment and challenge and I guess also an acceleration of the nuclear program at the same time. Right. Because there's more and more centrifuge installation, which you need to get to the quantities of enriched uranium for a bomb. And then also, and I remember I didn't. Wasn't covering Iran at the agency at this time, but I remember In September of 2009, Fordow, a site that has just been bombed, was found and I think publicly revealed for the first time.
[07:58]
Gordon Carrera
Yeah. And that was a really big deal. I remember it as well because you had a lot of Western leaders stand up together and say, we are going to reveal to the world that Iran has a. Another secret site at Fordow. It's really interesting, the backstory to this, because I think they'd known about it for some time. This had been a Revolutionary Core Guards kind of base. And Fordow, we should say people might know about it because they've seen it in the news recently. It's a mountain, you know, it's a mountain which has been tunneled into. And I'm pretty sure that it was a walk in. And maybe even on the British as well as American side, it's all very secretive, but at first kind of tipped them off about Iran building another secret nuclear facility. And this is absolutely crucial to the story and obviously to what's happened recently because we've been talking about Natanz, this place that the inspectors had first visited in 2003, where they're building the centrifuges. But now suddenly it's being revealed that Iran had secretly also been building another enrichment facility covertly, without telling anybody again, and doing it in a mountain. You know, the point is, it's a.
[09:07]
David McCloskey
Bad look for your peaceful nuclear program. Yeah.
[09:09]
Gordon Carrera
Because Natanz is like 30ft below ground or something like that. This is hundreds of feet below, kind of rock and concrete. So it's a completely different target. It's interesting, there was in some of the books about this, there's references that the end of the Bush presidency, where they'd first learned of it, there'd been some discussion about whether they could actually send a special forces team onto Iranian territory to try and sabotage it before it developed too much. But they obviously decide against that, a hugely risky operation to try and do. So instead they reveal it to the world in September 2009 that this new enrichment facility is being built. And that then creates another big debate about the nuclear program. Because the Israelis fear that Fordow gives them a kind of zone of immunity where free from inspections, deep underground Iran can quickly move towards a bomb, and they won't have the intelligence or advance warning that they're doing this breakout that we talked about and making that final push towards a bomb. So as you get to 2009, there's lots going on. And Israel is also upping the pressure on the US As a result. And it looks like they're kind of thinking, what else can we do to delay the Iranian program? Assassinations will come back onto the agenda. So 2009, 2010 is a big period of pressure, and that's why it looks like there is this decision to accelerate Olympic Games, to push it, you know, to take it up a level even from what it's been doing before.
[10:38]
David McCloskey
And so taking it up a level in this context looks like targeting more of the Cascades more frequently. Yeah, I mean, there's this balance right of now that you've got this, I mean, access. Right. You don't want to lose it. And so you have to be, I guess you have to be careful how frequently you mess with them, because if you just are constantly doing it, eventually they might find the code, they might discover that, you know, this is actually foreign actors doing this. So you run a great risk, I guess, if you up the frequency or you start to target other pieces of these sites.
[11:13]
Gordon Carrera
And I guess that's the decision making and the debate which must be going on at the heart.
[11:17]
David McCloskey
The horse blanket. While you're pouring on the horse blanket.
[11:19]
Gordon Carrera
I guess that is the point of the horse blanket, isn't it? It's going okay, if we could take down these centrifuges by upping our game, but there is a risk that it will get discovered or that something will happen which will blow the program. But they're going to up the game. So the early attacks that we Talked about from 2007, it's thought they target the valves which let the uranium gas in and out of the machine. So this new set of attacks from around 2009 is instead going to target the frequency converters which supply power to the centrifuges. Back to our centrifuge lesson, very delicate. Have to spin at the right speed. The power has to be maintained precisely to get them to spin at this supersonic speed. So if you mess with that power supply and with the power being delivered into the centrifuges, you can slow them down, you can speed them up, you can mess with them, and you can put kind of strains and stresses on the systems by making them spin faster and slower. So that's what the new code Looks like the best account, by the way, of all. The detail of how the code worked is in Kim Zeta's book, Countdown to Zero Day on Stuxnet, which is brilliant book, which really gets deep into this, and I'd really recommend that. But again, what they do with this new set of code is they record what normal operations look like and feed it back in when the attack's underway, so no one would spot anything. So for 13 days, there's a recon stage where the code sits on the programmable logic controller, the thing that controls the power supply, recording the normal operations. When it's got enough data, it moves to an attack phase, two hour countdown. Then it targets the frequency converters, which deliver the power for 15 minutes, slows down, speeds up the centrifuges, does it for just 15 minutes, and then goes back to normal. I mean, it's wild this. And then it waits for 26 days while recording normal processes again, and then goes back into another attack cycle, this time for 50 minutes rather than 15, and then alternates this 15, 50 minute attack cycle over 26 days. So it's really interesting because, again, it's so precise, because what they're trying to do is introduce stresses on the materials inside the centrifuges. So they're not just like switching off the power or speeding it up to the point where the centrifuges crash. They're stressing the centrifuges so that they break. I mean, again, it is just amazing the amount of research and understanding of how these centrifuges work and what you can do with them in. In order to develop code, to do it that precisely and to know you'll have an impact. I just think it's amazing when you think about it.
[14:05]
David McCloskey
I love this quote that you put in here, Gordon, which I think really captures it well. It says the attackers were in a position where they could have broken the victim's neck, but they chose continuous periodic choking instead. And I guess at this point they've been in Natanz for a few years messing with it. Right? I mean, which is also incredible is that they've just sort of been slowly sapping this facility is productive productivity, right? For. For years at this point. And I guess maybe there's a good chance to take a break. When we come back, we'll see how this choking starts to get even tighter.
[14:41]
Gordon Carrera
See you after the break. This episode is brought to you by Lifelock.
[14:46]
David McCloskey
When you visit the doctor, you probably.
[14:48]
Gordon Carrera
Hand over your insurance, your ID and contact details. It's just one of the many places that has your personal info, and if any of them accidentally expose it, you could be at risk for identity theft. LifeLock monitors millions of data points a second. If you become a victim, they'll fix it, guaranteed, or your money back. Save up to 40% your first year@lifelock.com podcast terms apply.
[15:17]
David McCloskey
Well, welcome back. It is December of 2009, early 2010, and Gordon, now we've got the return of our good friends at the iaea, the International Atomic Energy Agency, who are going to be this. This dance of inspectors coming into Iran and trying to get access to facilities. We're back to this. We're going to have inspectors crawling around, looking at Natanz, looking at, for now, all up in the Iranians business while Stuxnet is going on in the background.
[15:48]
Gordon Carrera
I love the idea of inspectors. It makes it sound like, I imagine like kind of Inspector Cluso with like a, you know, a magnifying glass.
[15:54]
David McCloskey
They definitely have clipboards, a lot of clipboards and magnifying glasses.
[15:57]
Gordon Carrera
I think that's what they really like. I think they have like, kind of high tech samplers. But I just think this idea of international inspectors. But yeah, they're visiting the site late 2009, 2010, they can see the Iranians are replacing centrifuges at a faster rate than normal, that some of them are getting damaged, that they don't know what's going on. It looks like the Iranians are firing some of their engineers and they're running tests on the motors to find out why the speed's changing. It's this whole confusion they've got, but they're still pressing forward. So in early 2010, it looks like US and Israel, who we assume are behind this, decide, as people say, to swing for the fences, which I guess is a baseball thing.
[16:39]
David McCloskey
That is a baseball thing.
[16:40]
Gordon Carrera
It's a baseball thing. I was trying to look at that because I read that in Kim's book. I was thinking swing for the fences, you know, just take a big shot to. To get the home run. Am I getting the language right? You're going for the home run, trying to clear your base. I don't know. Anyway, I never understand baseball.
[16:53]
David McCloskey
What you said there isn't technically wrong, but it doesn't sound right. Like you would not go for the home run. As an example.
[17:00]
Gordon Carrera
Okay, but the other analogy I like is that they supersize the virus, which, which is like, go, you go. You go into your McDonald's and you say, I want the Big Mac meal. I supersize it so it's like supers supersize the virus to go after, they're going to supersize it to go after a specific array of a thousand centrifuges. Now here is the thing, they're going to be more aggressive, they want to move fast. So they're upping their game and they still have this problem which is getting over the air gap to get into the systems. So you want to get your new virus into the systems to do the damage. And of course as we said before, these systems are not connected to the regular Internet. And previously they'd use flash drives giving them to lots of people, hoping they get in and then they spread. Now they're going to slightly change, it looks like the delivery mechanism for the virus and they're going to use what's called a worm. And the point about computer worms is they self propagate, they spread by themselves. And this has been something that's known about for years that you can do this with computer worms. And some of the earliest computer worms are fascinating. There is a great story about. I won't do the whole story about the Morris worm, which is the first computer worm, November 1988, where this student wants to test how far he can spread a worm. So he launches it. I think he launched, he goes to MIT to launch it to try and hide his tracks even though he's not an MIT student. And it spreads and it basically takes down the entire Internet because he's made some of his worms, basically what are called immortal worms which won't die and they spread. And immortal worms are bad and they spread anywhere anyway. And so it takes down the Internet. But here is the bit I love about the Morris worm story is one of the people who gets a phone call to say it's a problem is the chief computer scientist at part of the nsa, America's Signals Intelligence Agency, who works for the National Computer Security Centre. And his name is Robert Morris. And it turns out it's his son who's unleashed, unleashed the worm. And you always think that's a bad day in the office when your son, when you work at the NSA and your son has taken down the Internet.
[19:09]
David McCloskey
Father like son though, Gordon, come on.
[19:11]
Gordon Carrera
Yeah, exactly. He's an expert. But that is the point about worms.
[19:14]
David McCloskey
Why are they self propagating though like that? That's an inherent feature of the code that makes it a worm. Is that it just.
[19:22]
Gordon Carrera
That is why it's a worm rather than a virus because it spreads by itself. You don't need to just infect a host like a virus. But the worm, this is the idea of it in computer speak, cyberspeak, is that it will move from machine to machine by itself. So it's got a life of its own, effectively. That's the idea that you get it onto the network somehow, and then it can spread around the Iranian network, machine to machine, even in their local network, until it finds a way in to the centrifuges you want to hit. But, you know, the crucial thing is it's still very targeted in terms of what it's trying to actually do and who it actually unleashes its payload on.
[20:06]
David McCloskey
Is the hope in this kind of new phase that they will reach other facilities. Is it we're trying to get beyond Natanz to get into Fordow or just different pieces of the cascade at Natanz?
[20:21]
Gordon Carrera
I think it's more that pressure to up the game to get to the centrifuges you want. And knowing that this could take quite a long time to get to them, and it could take quite a long time through the previous methods before the right USB hits the right computer, which is connected to the right computer. So instead you inject it into the system somehow through one person, and then you just let it spread until. And this is the crucial bit, until it finds the exact system that it's looking for. And it's really interesting because it's really precisely engineered. We talked before, you know, these are programmed to look for Siemens logic controllers, but in this case, it is looking for a logic controller connected to a specific array of systems running Iranian centrifuges. And if that very specific combination of different software and hardware packages is not in existence, then the code just sits there and does nothing. It's quite interesting. It's really, again, the complexity of it. It's amazing because it's got to contact its kind of controller when it infects a new system. And whoever's designed this has set up fake football websites to act as the command and control server. So when it reports back American football. No, I think it's. I think it's proper football, David.
[21:37]
David McCloskey
Okay.
[21:38]
Gordon Carrera
Because the theory is that that will mask if someone is seen checking football results websites. If that's spotted, it will just look like an engineer who's maybe checking how real Madrid or someone are doing.
[21:49]
David McCloskey
Yeah, that would be bad if it was American football, because I can't imagine there's too many Iranian nuclear engineers who are like, oh, let's go and let's check in on the Cleveland Brown scores today.
[22:00]
Gordon Carrera
So it's really precisely engineered and if the exact conditions aren't met, it does nothing. It just, it doesn't release its payload. So it's so interesting because the whole aim of this is to avoid collateral damage to other systems. So to avoid it hitting a different logic controller, a different industrial facility and activating. There's even, I mean this is the next bit that's fascinating about it, an expiration date for it. So every time it infects a new machine, it checks whether it's after June 24, 2012 and if it is after that date, then it stops, doesn't do anything. So the whole thing is timed to self destruct as well as only actually affect one single target machine. So you've got something which is going to spread across the uranium network, but look for only one machine to be able to hit its target and even then only last for a couple of years.
[22:56]
David McCloskey
Which I guess does market as kind of a government program. Right? Because you'd figure if this is actually a group of packers or something like that, that you wouldn't figure an expiration date being built in.
[23:07]
Gordon Carrera
I think that again is one of the, the clues that will come out of the discovery of this virus. Because everything about the way this is engineered is to be precisely targeted. And people I spoke to said, I remember I spoke to us cyber czar, guy called Richard Clark who dug it and he said it just says lawyers all over it.
[23:30]
David McCloskey
Oh, I can't even imagine how many lawyers must have been all over this thing. I mean every covert action program is just covered in lawyers anyway, right. And this seems right with all of the potential risk that the, that this weapon might get out. Because when you put together a covert action finding, it's not a particularly complicated document to draw up. But you're of course one of the sections you're going to list is like, what are the risks associated with this? Right. And I would think here you not only have the risk that this thing gets out, right. But you also have a risk when you're, if you're messing with an industrial facility, I guess you're taking a risk along the way that there'd be people who get killed in these accidents. Right. And so you're having to get a more elevated sort of authority to conduct attacks like this. Even, even if the risk isn't particularly high, it still would have to be acknowledged as part of this. So you have lawyers all over this thing for sure.
[24:28]
Gordon Carrera
Yeah. And I think everything that you see about the code and the way it's designed Suggest a real rigor and deep kind of oversight, accountability, lawyered process to put together that code. You can see someone going, if you're releasing something which can take down industrial facilities, then it absolutely has to be totally targeted so that it will definitely only affect one place and affect one type of system. And we want an expiration date so this doesn't last forever. You know, it doesn't kind of take down the whole world and you know, kind of self propagate in that way. So you can see, actually I think it's really interesting with the precision of the delivery system and of the kind of restraints and constraints which are put around it, that this is the result probably of quite a lot of arguing and interagency meetings. And you can imagine, and we don't know the detail of it, but you can imagine President Obama going, I'm only going to sign this off, you know, this more aggressive attack. If I know it's not going to take down Iranian electricity grids or neighbouring countries electricity grids or come back to our electricity grids and take them down and do these kind of things. You could imagine that will be the stipulation which is put on unleashing this new covert action, more aggressive covert action as part of the program.
[25:54]
David McCloskey
But of course I guess you can put an expiration date on it and you can write up the legal kind of language however you'd like, but the reality with a self propagating computer worm is that you really have no control where it's going to end up. Right? So at some point presumably, spoiler alert, it's going to escape.
[26:15]
Gordon Carrera
Right? And I think the idea was it would just remain within this Iranian network of natanz and look for the configuration it was after and then act but oops. Oops. The problem with the self propagating worm is that it's a self propagating worm and you can't control where it goes. So just like you know, Robert Morris, this kid in the 80s who didn't plan to crash the entire US Internet at that time, there are unintended consequences when you release something onto the Internet. And so it looks like, I mean we can't know exactly what happens, but there must have been a moment where perhaps an Iranian scientist whose laptop had been infected with this worm, then plugs into the Internet, you know, with maybe the same laptop and at that point the worm escapes. I just have this vision of a kind of big kind of cybery worm.
[27:11]
David McCloskey
A giant worm like in a giant.
[27:13]
Gordon Carrera
Sandworm, like in June. Yeah, I just Imagine it tunneling through a fiber optic cable and going, I'm free. And it's free at last. Yes, free at last. And it's out. And it looks like it is a mistake in the code. It looks like there wasn't intended to get out onto the general Internet, but it is going to escape all around the world. And so in the summer of 2010, suddenly it's appearing, and it's appearing on machines, this bit of code everywhere. And it is the most sophisticated piece of malicious software any cybersecurity researcher has ever seen in the history of the world. And it's out there on all these machines, and yet it's, it's not doing stuff to their machines.
[27:58]
David McCloskey
The one person who had their, their laptop connected to a Siemens PLC and to some shock, to see what was happening.
[28:06]
Gordon Carrera
Yeah, and it's going to take them months to understand, understand. But, but also in the White House as well. As soon as they realize this, which is in the summer of 2010, there is, there's panic. You know, there's an emergency meeting of top US Officials in the Situation Room once they realize it's out in the wild. And it's really interesting because they agree that this isn't going to be secret for long. People are going to work out what it is, and so they're actually going to roll the dice again and give it another chance to do as much damage as possible before the Iranians work out what it is. So it looks like they actually, at that point, inject two more versions into the system to try and hit the thousand centrifuges they really want to take out. They kind of swing for the fences again as a kind of last swing.
[28:52]
David McCloskey
They're going for the home run before.
[28:53]
Gordon Carrera
You get caught out. Is that what happens before you, before they catch you out and they catch the ball? Is that a good analogy?
[29:01]
David McCloskey
No, no, that's. That one.
[29:02]
Gordon Carrera
Horrible.
[29:03]
David McCloskey
That one. That one doesn't work. One question that I have is, so this, this virus, this worm, I mean, sat on computers inside the Iranian nuclear program now at this point for three years and wasn't discovered. Why is it that as soon as it gets out, it's seen right away.
[29:25]
Gordon Carrera
It must be something to do with that specific bit of code, because the original code was also really carefully designed to be encrypted to also not show up when you do a kind of virus scanning system to be hidden in all those ways. But at this point, it is out. It is a larger bit of code than anything that's ever been seen before, and it is starting to sit on systems. And on some systems, it does kind of muck around with them a bit. So in a few places, it doesn't quite switch them off. But you can start to see that there's a big block of code sitting on a system and doing something, even if you don't understand what it is. And so now the race is on because you've got the code unleashed. You've got the Iranians perhaps about to realize that there might be a link between what's happening and the problems in their nuclear program, and all these researchers in the outside world from the summer of 2010 trying to pick it apart and understand what's happening. So we are really reaching the final stages now of this covert action.
[30:26]
David McCloskey
That sounds like a great cliffhanger, Gordon. To end our third episode on Stuxnet and Olympic Games and look toward the thrilling climax in which the US And Israel allegedly will double down yet again on the power of this cyber weapon. And a whole host of cybersecurity researchers are going to start to unpack what exactly is this worm that has escaped and look at this kind of history changing cyber weapon as it gets out into the wild. But of course, you don't have to wait for that episode. You can join the declassified club at the restisclassified@goal hanger.com get early access to all of these wonderful episodes, get bonus content. There's so many reasons to do it. We hope to see you there. And we'll see you next time.
[31:23]
Gordon Carrera
See you next time.