71. Israel Attacks Iran: The Dawn of Cyber Warfare (Ep 4) - The Rest Is Classified

Summary4 min read

The Rest Is Classified - Episode 71: Israel Attacks Iran: The Dawn of Cyber Warfare

Overview

In Episode 71 of The Rest Is Classified, titled "Israel Attacks Iran: The Dawn of Cyber Warfare," hosts David McCloskey and Gordon Corera delve into the groundbreaking Stuxnet cyberweapon attack on Iran's nuclear program. This episode marks the culmination of a four-part series exploring the intricate world of cyber espionage, covert operations, and their profound impacts on global geopolitics. Released on August 5, 2025, the episode provides a comprehensive analysis of Stuxnet's discovery, execution, fallout, and its lasting implications on modern warfare.

1. The Genesis and Impact of Stuxnet

David McCloskey opens the discussion by highlighting the unprecedented nature of Stuxnet, emphasizing its role as the first cyberweapon to cause physical destruction. He states:

"Someone just used a cyberweapon to affect damage not in the cyber domain, but in the physical domain. That's the first significant crossover that we've seen." (01:25)

Stuxnet targeted Iran's Natanz enrichment facility, disrupting thousands of centrifuges with remarkable precision. The worm's ability to cause tangible damage blurred the lines between digital and physical warfare, setting a precedent for future cyber operations.

2. Discovery and Global Awareness

The hosts recount how Stuxnet's code eventually leaked into the wild around the summer of 2010, making cybersecurity experts worldwide aware of its existence. General Michael Hayden remarks:

"The secret is out by the summer of 2010. This code, which was designed to be covert, is now being found on machines around the world." (03:55)

Notably, Eugene Kaspersky, founder of Kaspersky Lab, had anticipated such sophisticated attacks, suggesting that Hollywood's portrayal in Live Free or Die Hard eerily mirrored real-world cyber threats.

3. Attribution and the US-Israel Nexus

As Stuxnet's components were analyzed, clues within the code pointed towards a collaboration between the United States and Israel. Hayden discusses embedded references:

"You find a date like that in the code...it's a bit of a reference...it looks like the Israelis are behind it." (11:34)

The presence of culturally significant names and dates in the code suggested intentional Easter eggs, further implicating the US-Israel alliance in the operation.

4. Speculations on British Involvement

David McCloskey probes the potential role of British intelligence agencies, given their close ties with the US and Israel. Hayden responds:

"I find it plausible... there are indications from some of the early espionage code that there might have been some British involvement." (14:12)

While the core operation was likely spearheaded by the US and Israel, modular contributions from other nations, including the UK, cannot be entirely dismissed.

5. Stuxnet's Aftermath and Iran's Cyber Response

With Stuxnet exposed, Iran began to bolster its cybersecurity defenses and retaliate in cyberspace. Hayden outlines subsequent attacks:

"In 2012, there's an attack on Saudi oil giant Aramco...they're hitting companies rather than Western states." (20:34)

Iran's retaliatory measures included cyberattacks on Saudi Aramco and various financial institutions, signaling the beginning of an escalating cyber conflict.

6. The Evolution and Escalation of Cyber Warfare

The discussion shifts to the broader implications of Stuxnet, likening it to the Manhattan Project in its strategic significance:

"Stuxnet is the first connection point between cyber conflict and the physical world." (23:36)

Hayden underscores the complexity and resource-intensive nature of such operations, dispelling myths of cyberattacks being easily executable by non-state actors.

7. Implications for Iran's Nuclear Program

Despite the extensive damage inflicted by Stuxnet, Iran's nuclear program persisted. Hayden reflects on the limited long-term impact:

"It has bought short time, but not stopped it completely." (30:38)

The hosts discuss subsequent Israeli strikes on Iran's nuclear facilities, suggesting a shift from cyber sabotage to more overt military actions as part of a sustained effort to curb Iran's nuclear ambitions.

8. Conclusion and Future Outlook

In wrapping up the series, McCloskey and Corera emphasize the enduring shadow war between Israel and Iran. They highlight the continuous cycle of cyberattacks and physical strikes, underscoring the challenges in fully neutralizing Iran's nuclear capabilities.

"Those pillars of the Israeli campaign against Iran's nuclear program are very much alive and well a decade after Stuxnet." (35:14)

Notable Quotes

David McCloskey (01:25): "Someone just used a cyberweapon to affect damage not in the cyber domain, but in the physical domain."
General Michael Hayden (03:55): "The secret is out by the summer of 2010... people can start to look at it."
General Michael Hayden (11:34): "It's kind of interesting... it might be pointing towards the US and Israel."
General Michael Hayden (20:34): "Iran's going to hit back in cyberspace... they’re hitting companies rather than Western states."
General Michael Hayden (23:36): "Stuxnet is the first connection point between cyber conflict and the physical world."
General Michael Hayden (35:14): "Those pillars of the Israeli campaign against Iran's nuclear program are very much alive and well a decade after Stuxnet."

Key Takeaways

Stuxnet's Significance: Marked a pivotal moment where cyber operations directly impacted physical infrastructure, redefining modern warfare dynamics.
Attribution Challenges: The intricate nature of Stuxnet's code led to debates over the responsible parties, ultimately pointing towards a US-Israel collaboration.
Escalation of Cyber Conflicts: Post-Stuxnet, Iran's retaliatory cyberattacks initiated a new era of cyber warfare, emphasizing the vulnerabilities of critical infrastructure.
Persistent Shadow War: The ongoing covert operations between Israel and Iran illustrate the complexities and enduring nature of cyber and physical sabotage campaigns.
Future Implications: The episode underscores the necessity for robust cybersecurity measures and the geopolitical ramifications of state-sponsored cyberattacks.

Final Thoughts

Episode 71 of The Rest Is Classified offers an in-depth exploration of one of the most sophisticated cyberattacks in modern history. By meticulously dissecting Stuxnet's origins, execution, and aftermath, McCloskey and Corera provide listeners with a nuanced understanding of cyber warfare's evolving landscape. This episode not only chronicles past events but also serves as a cautionary tale about the escalating integration of cyber tools in international conflicts.

Loading summary

Transcript97 lines

[00:04]
David McCloskey
For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books. Join the Declassified club@therealDisclassified.com you're deep into.
[00:18]
Gordon Carrera
Your favorite true crime binge the twist, the theories, and suddenly hunger hits. Grab a Paleo Valley 100% grass fed beef stick. These aren't your average gas station snacks. They're made from real beef sourced from regenerative small American family farms. No preservatives, no gluten, no grains, soy or sugar. Just naturally fermented protein that fuels your obsession. Whether you're road tripping, hiking or pulling an all nighter with your favorite case, choose from five bold original jalapeno summer sausage, garlic summer sausage and teriyaki. They're keto, paleo and carnivore friendly, made to work with your lifestyle, not against it. With over 55 million sticks sold and a 60 day money back guarantee, you've got nothing to lose. Get 15% on your first order@paleovalley.com Just use code Paleo at checkout.
[01:25]
David McCloskey
It would be irresponsible for someone of my background to even spin speculate, but it's not speculation to know that someone just used a cyberweapon to affect damage not in the cyber domain, but in the physical domain. That's the first significant crossover that we've seen. Now look, I tell audiences that crashing a thousand centrifuges at a time is almost an unalloyed good, but when you describe what just happened there in a slightly different way. Someone just used a cyberweapon during a time of peace to effect physical destruction in what another nation would would only describe his critical infrastructure. Well, you've got to realize that although that was a good deal, it was also a really big deal. And it does have second and third order effects. A new class of weapons has been used. Go deeper into history and say somebody's crossed the Rubicon. We've got a legion on the different side of the river now. Well, welcome to the Rest is classified. I am David McCloskey.
[02:19]
General Michael Hayden
And I'm Gordon Carrera.
[02:20]
David McCloskey
And that, Gordon, is an interview that you did. Those are not your words, but those of General Michael Hayden, former director of the NSA and the CIA, in an interview with you back in 2013. Not taking responsibility for Stuxnet, but commenting on the sort of world changing implications of this cyber weapon. And we are now, dear friends, in the final episode of our series on this really first attack on Iran's nuclear program and the US And Israel have unleashed this code, which has come to be known as stuxnet, which has targeted Iran's very precious centrifuges with this kind of remarkable precision and sophistication. And the Iranians now, it's been three plus years at this point of this code working its way through largely this facility, this enrichment facility at Natanz. And things have been breaking. Machinery has been slowing down. And where we left last time was that this code, this worm, has broken out into the wild. And cybersecurity researchers in Europe and the States are starting to see, really all over the world are starting to see this code appear on their computers. And at the same time, the US and Israel allegedly are stepping up the game to try to bring even more pain to Iran's nuclear program.
[03:56]
General Michael Hayden
That's right. The secret is out by the summer of 2010. And this code, which was designed to be covert, is now being found on machines around the world. It's not shutting them down because it's not designed to, but it is visible and people can start to look at it. I remember talking to an interesting chap called Eugene Kaspersky soon after. He's the flamboyant Russian founder of the antivirus company Kaspersky. It's named after him. And he remembers his team coming into his office and saying, we've been waiting for something like this to happen. Well, it's happened. Kaspersky says he'd been worried about an attack on physical infrastructure using code since 2002. He says he decided not to speak out in case it gave attackers the idea. That was until he realized the cat was out of the bag when he saw the film Die Hard 4 Live Free or Die Hard, in which Bruce Willis battled cyber terrorists, which I should say is one of our producer Callum's favorite films. He. He was. He was saying earlier and suggesting that we should basically have just kind of talked about that film for the whole. For the whole of this series.
[04:57]
David McCloskey
Could be a bonus episode.
[04:59]
General Michael Hayden
Could be a bonus episode. Thank you, Hollywood. Kaspersky says when that film comes out in 2007, because Hollywood, you know, it's not entirely realistic, but it is the idea that you.
[05:08]
David McCloskey
Oh, it's not.
[05:11]
General Michael Hayden
Yeah. I think the cyber security aspects of it may not be perfect, but there's a concept, it's a good example where Hollywood does get things right, because that's a concept that hackers could take down physical infrastructure. It is. Right. But now it's for real, you know, now in 2010, it's for real because Kaspersky Other cybersecurity researchers have basically got a cyber missile in their hands and they have never seen anything so sophisticated. And it's so interesting what happens in the next few months because you see this kind of hive mind of cyber security researchers go into action. And I've watched it lots of times since then, where it's often done on social media platforms. It used to be mainly on Twitter and X, where people are saying, I found this, I found that. And they're starting to publish, talk about what they're finding. Often, you know, one person's an expert on one bit of code, one's on another, but they're starting to piece it together collectively. This group of cybersecurity researchers sometimes just work for tiny companies, sometimes they work for the big, big companies. Best book on this, mentioned it before, Kim Zeta's Countdown to Zero Day, because that goes through the process of discovery as people are trying to look at the delivery system, the missile, as well as the payload of the code that was in it. And they can see that this is completely different from anything they've seen before in sophistication. Normally attackers build on existing tools and code, but this is different. It's completely original. Two particular individuals, Liamurchu and Eric Chen of Semantek, see a kind of series of really unusual elements to this. I mean, one of them is that it's going to use this attack for what are called zero days, bit of jargon, but a zero day gets its name because it's an undiscovered vulnerability in a piece of code. So normally you say it's four days since this, this has been patched, a zero day. There's zero days since it's been patched because it's not been patched. There's not a solution to the, to the vulnerability. And therefore it's incredibly valuable, a zero day, because it is a way that's not yet been discovered to get into a system.
[07:21]
David McCloskey
Well, and it's actually a product, right? I mean, it's something that, if discovered, can be sold effectively.
[07:28]
General Michael Hayden
So, yeah, a zero day is really valuable. There's a market for zero days where people who find them, who look for vulnerabilities, then sell them. You can sell them back to the company, you know, to Apple or Google or whoever, and they'll pay for them. Or you could sell it on the black gray market to people who want to use the vulnerability maliciously. And the fact that they've got 40 days in this, that is unprecedented. Because why would you need four, you know, in one system, it's because this virus is getting into different systems and someone could have sold those for money. So immediately you're like, this is not criminals. No criminal hacker would be investing this much time and using this, this much code. It's stolen legitimate digital security certificates from a company, I think in Taiwan. It wasn't faked. It was real. Again, that. That is high end. But they can also see these researchers from Symantec when they map the location of where the infections have happened. Of the 38,000 machines they tracked, more than 22,000 were in Iran. So you can already see, like, this is, like, this is a very sophisticated code. And it's really interested in Iran.
[08:37]
David McCloskey
Loves Iran.
[08:38]
General Michael Hayden
It loves Iran. And then they're not experts on industrial control systems, but you get experts like Ralph Langer, who is an expert, who suddenly goes, okay, this could be used to attack centrifuges. Centrifuges are in Iran. People start publishing online in research papers. Some of the details of this takes a while because people can't quite grasp what it is. So it's taking months, really, for people to piece it together. And this is, by the way, where it gets the name Stuxnet.
[09:06]
David McCloskey
What is that a reference to?
[09:09]
General Michael Hayden
I think it is just a tiny reference in some of the drivers in the code to Stuxnet. And that often happens. People just will pick out something and they'll just call it that because it looks like a unique name. I always find it interesting with these cyber researchers because they are at this point exposing what they must realize is a nation state espionage program. And, you know, you're a private cybersecurity researcher and you are making public or publishing details of a covert action program. And I think you can sense some of them are. It's not that they're nervous about doing it because they think they have a duty to do it, because there's a risk to systems from this and from all these vulnerabilities which have been found. But they're worried, you know, are they going to get spied on? Is this going to have some implications for them? It's kind of interesting. And they get a bit paranoid. You know, they're starting to check under their cars for bombs. You know, they're worried about being tailed.
[10:04]
David McCloskey
I mean, they really are.
[10:05]
General Michael Hayden
They're hearing clicks on phones. All that kind of stuff is happening to these cyber security researchers as they're publishing it. They think the CIA are onto them. They're in a Jason Bourne film, basically.
[10:15]
David McCloskey
I understand why you would be paranoid, but I Find it highly implausible that cars were beaconed or that anyone was followed or anything like that. I just don't. I don't see it.
[10:26]
General Michael Hayden
If you were a cyber security researcher, you probably would get a lot of other international spy agencies hacking into your systems to see what you're discovering and what you know, though. So I could imagine cyber espn.
[10:39]
David McCloskey
Oh, yeah. That would be fair game of, like, if you're. Yeah. If you're running a cybersecurity firm in somewhere in Europe or in Russia or something. Yeah. I mean, there could be an interest in learning what you know about it. Although the reality is, from a American standpoint, hypothetically, you already know what this thing is. Yeah. So you have to assume, I think once it's out in the wild, I mean, this is why we set up that wonderful cliffhanger Gordon at the end of the last episode where, I mean, once it's out, you have to assume, I think, that you're running on sort of borrowed time and that you just have to use this thing inside Iran as much as possible before it comes out. Collecting on the cyber security research is actually. Doesn't seem particularly valuable to me, to be honest, because you're like, well, it's out. We know what this is. They'll piece it together. They'll discover eventually that the target is the Iranian nuclear program. So we just. We just got to work with the time we've got and do as much damage as possible before this thing comes to light.
[11:35]
General Michael Hayden
And it's starting to become obvious, you know, who was behind it. And there are interesting clues in the code. One has a string of numbers that look like a date. I think it's 1-979-0509. And it was the day the researchers realized that a prominent Iranian Jewish businessman was executed by firing squad in Tehran shortly after the Islamic revolution for allegedly being a spy. Now, it's interesting, isn't it, because you find a date like that in the code and you go, well, that's an interesting date. Is it a clue that the Israelis are behind it? Is it a false trail someone else has left? I always find it interesting because people do leave these Easter eggs and these little clues in code, and code writers love doing that. I always find it interesting. It's like a game that they're just showing off or leaving a trail for people to follow. There's another word, Mirtus, appears in a file name, which in Hebrew was a link to the name Hadassah, which was the name of a biblical figure, Esther, who married a Persian king and saved the lives of Jews when she pleaded for their lives after learning of a plot to kill them all. Again, you know, all of that is starting to point perhaps towards Israel as well as Perhaps towards the U.S. and in the U.S. meanwhile, there is a blame game, unsurprisingly about the fact that it's getting exposed. I find that maybe unsurprising at what that seems unsurprising. But yeah, the briefing afterwards will all be, it was the Israeli's fault. It's kind of interesting.
[12:58]
David McCloskey
What's the logic there, that it was the Israelis fault?
[13:00]
General Michael Hayden
The logic is that they had rushed and that the code was somehow sloppy and that sloppy code had been put in which had allowed it to escape and therefore get discovered. And that the Israelis had done some modification to the code, maybe to speed up the propagation of the worm or make it more likely to spread. And there's some questions about whether the US were part of that, were cognizant of it, whether the Israelis did it themselves. But of course, that's the briefing from Washington. Much easier to blame someone else. But by the point of November 2010, it's out there and few months after its first in the wild, the finger is pointing pretty clearly because of some of the back history of some of the code and some of the things they can find in it, that it's the US and Israel.
[13:47]
David McCloskey
What about the Brits, Gordon? I feel like, what about the Brits? Most of our series, you throw the Brits in, even. Even when. When they're not invited to the party. You. You think about who might have been involved in pieces of this. It would seem reasonable to assume that GCHQ or SIS would have played some role somewhere. Just thinking about the closeness of the relationship in particular with the Americans.
[14:12]
General Michael Hayden
How would I put it? I find it plausible. I remember talking to one very senior British intelligence official at the time, and they said they were not surprised when stuxnet happened and was revealed. And that's a wonderfully ambiguous statement, isn't it? Because you can be not surprised because.
[14:28]
David McCloskey
You were part of it, or you could not surprise.
[14:31]
General Michael Hayden
You could be not surprised because this is the kind of stuff we'd expect the Americans and the Israelis to do. I get the sense that they were at the very least aware of it. And there are some indications from some of the early espionage code there was might have been some British involvement in that. There's actually some really interesting suggestions from our friend Edward Snowden's documents that there been perhaps some British role in the espionage bit so what? I. I don't know what you think, David. My instinct is that other countries may have been involved in this, but definitely us, Israel, at the core. I think the other countries may have been involved in kind of modular bits of stuxnet. So we talked a bit about whether the Dutch had been involved in getting an engineer to plant one of the USBs, whether he knew what he was doing, whether the Dutch knew it was sabotage rather than espionage. Question mark. But I definitely feel like others might have been involved, but maybe not at the absolute core of this, it also.
[15:27]
David McCloskey
Seems plausible to me. I mean, you look at two pieces of this shadow war, right? The assassination of scientists and then this sort of cyber program to degrade and affect Natanz. And it's very easy for me to understand why on the assassination front, the Israelis are going it alone. Right. There would be a lot of other countries that would say, nope, not going to do that. Not going to have any part in killing civilian scientists. But then on the other side, on the cyber piece, I can see why there'd be a whole host of countries with real interest in getting involved in that program. Right, because it's not going to kill anybody. It's going to slow Iran's, you know, progress toward a bomb. And so I can see why, as that develops, there would be logical bits for other friendly intelligence services to sort of plug into, to get access to reporting that they otherwise might not have, and to take part in kind of slowing this down. So I think it seems likely to me that there's probably a whole bunch of countries outside of allegedly the US And Israel that are involved in different pieces of this. I mean, I don't know how big the group was, but I think it's probably not just the CIA and NSA and Mossad.
[16:48]
General Michael Hayden
Yeah, there might have been a few more people playing at the Olympic Games, but by the time you get to November 2010, cybersecurity searchers have published material. And. And at that point, November 2010, technicians at Natanz bring the spinning centrifuges basically to a halt because they're aware of something's going on. And it does look like, though, and we'll come back to the kind of overall damage, but it does look at that point, the kind of swing for the fences has hit and maybe taken down about a thousand of those centrifuges. But fascinatingly, you know, you mentioned assassinations there. So. November 2010, Stuxnet now exposed. So it looks like that covert action is over. That same month, Israel assassinates a Nuclear scientist in Tehran using a bomb planted by a motorcyclist. To me, that confluence of timing is fascinating, isn't it? Because it does suggest that Israel, perhaps assuming it's Israel, we all think it is, Mossad doing the assassinations has basically gone, okay, that covert action is done. We may now need to up our game with going back to the assassinations and push that to kind of degrade the nuclear program.
[17:56]
David McCloskey
Because there had been a bit of a pause, hadn't there, in the assassinations?
[18:00]
General Michael Hayden
And that pause kind of tracks when stuxnet is doing the most damage. To me, that feels a plausible argument. It's hard to know for sure.
[18:08]
David McCloskey
I think that would be just more evidence for the kind of hypothesis I laid out where the Israelis. The Israelis are doing the assassination stuff alone. There's a broader group that's doing stuxnet. If stuxnet is basically rolled up, the Israelis figure, well, okay, back to this blunter instrument. Right. Of trying to degrade the program.
[18:28]
General Michael Hayden
And it's really interesting because some of those cybersecurity researchers, you know, out in the private sector who'd been exposing Stuxnet actually say they feel physically sick when they hear about the assassination because they are wondering, did their exposure of the computer code lead Israel to switch from using code to killing people? And I guess they, for them, suddenly realize, you know, that they're computer researchers, cyber researchers, and they're dealing in matters of life and death effectively. Sure.
[18:56]
David McCloskey
I mean, they can't possibly be held responsible for that.
[18:59]
General Michael Hayden
No, I think it is.
[18:59]
David McCloskey
I think it is true, Right. That. I mean, there's pretty solid arguments we made based on the timing, that the Israelis, precisely because the code got out, decided to go back to killing. And I guess maybe there. Gordon, let's take a break, and when we come back, we'll look at all of this and what it means for the Iranian nuclear program, what it means for cyber war, and I think what it tells us about the most recent batch of strikes.
[19:29]
General Michael Hayden
See you after the break.
[19:36]
David McCloskey
Well, welcome back. The Stuxnet worm is out in the wild. The Iranians know about it, and I guess the question now, Gordon, is what in the world are the Iranians going to do about all this?
[19:48]
General Michael Hayden
Yeah. So part of it is they start to clean their centrifuge program of the virus, unsurprisingly, down. Yeah. Wipe it down. Get out the wipes and protect it even more, which is going to make it harder. But it's also. Iran's going to hit back in cyberspace. They'd already built some cyber capacity, particularly actually, to target that green movement, the Protest movement. Around 2009, 2010, they built up cyber militias to do surveillance on their own population because they were worried that social media was being used to organize them. But now they start to use some of their cyber capacity to go on the attack. Very interesting. 2012. So still, a couple of years later that summer, there's an attack on. On the Saudi oil giant Aramco, and 30,000 computers belonging to Aramco are crippled. They're wiped by something called a wiper. The code hadn't been executed quite properly, but a burning American flag appears as an image on some of those machines. Hmm. Bit of a message. It didn't actually stop oil and gas production, though. I think that's one of the interesting things about it. It damages the corporate network, but it doesn't get to the controllers, doesn't move.
[20:58]
David McCloskey
Into the physical world.
[21:01]
General Michael Hayden
Exactly. Which is the key to Stuxnet success. And what makes Stuxnet so unique is it moves from the corporate network or from a regular network onto the controllers. So it's a show of force, but it doesn't have the impact that Stuxnet is going to have. Although it does freak out, I think, a lot of companies, and I remember that at the time, because they're all suddenly realizing it's Iran is retaliating against companies rather than against Western states, and they then attack a whole load of banks and American banking websites. But again, it's not super sophisticated. They just take their websites offline for a couple of days by flooding them with traffic. So it's Iran hitting back. Everyone assumes it's Iran. They're not going to hit back by launching missiles. They're not going to block the Straits of Hormuz at this point, but they're going to fire a warning shot against companies, probably oil companies and financial companies, because they're imposing sanctions on Iran's financial and oil industry. So it makes sense, and it is a bit of a surprise, I think, in the west because it shows Iran is capable of hitting back. There's going to be more of these back and forth between Israel and Iran. There's one attack on the Iranian Oil and Gas Ministry computers in which the song Thunderstruck by acdc, which is a particular favorite of mine, is blared out at full volume on computers in the middle of the night, which. That's a. That's a cyber attack. I like. I've got sympathy with that. You know, a bit of. Bit of AC dc maybe.
[22:27]
David McCloskey
That could be Our podcast theme song, Gordon, that could be one of our. One of our. Exactly. Love to see. I don't. I don't think the. I don't think Callum and Becky, our producers are gonna. Are gonna like. I don't think that's too late. Yeah, exactly. Get into all kinds of copyright issues.
[22:41]
General Michael Hayden
Yeah. But I guess the point is that we're now moving into this era in which cyber attacks are picking up, things are going to escalate in cyberspace. End of 2015, Russia turns off a Ukrainian power grid. So again, it's the. Using a cyber attack, but to turn off a power grid. Only for a few hours, but you're getting this movement of cyber into the real world in a limited way. And it's interesting. China, when it's accused of spying in cyberspace, they go, yeah, but you, the US are the ones who militarized cyberspace first and introduce destructive cyber attacks. Not in one sense, they're right. You know, this idea of cyber sabotage below the threshold of war, grey zone attacks makes cyber tempting. States start to move into it. And so there is this. Who crossed the Rubicon? Who put the troops on the other side of the river first?
[23:34]
David McCloskey
It is the United States, allegedly.
[23:37]
General Michael Hayden
Now, I think you can also say it would have happened anyway.
[23:39]
David McCloskey
Absolutely.
[23:40]
General Michael Hayden
You could see the vulnerability of these systems. And I find it hard to believe that the Russians would have gone, oh, we're not going to attack Ukraine.
[23:48]
David McCloskey
Exactly. We found a way. We just won't. We won't be the first to do it. Yeah, right. I think the, the conversation around the. The should here, to me, I don't know, isn't particularly interesting because it just seems inevitable that it would have happened at. At some point. But it is fascinating that when you think about what is the kind of modern day analog to the Manhattan Project. Right. Or to the atomic bomb. I think there is a great argument to be made that it is stuxnet. It is the first connection point between cyber conflict and the physical world. It's not just the Iranians taking down a Saudi computer network and putting up pictures of a burning American flag on the, on the monitors. Right. It's. It's affecting outcomes in a world of atoms through, you know, bytes and zeros and ones. Which. Which is incredible.
[24:48]
General Michael Hayden
Yeah, I agree. I mean, it is that when Michael Hayden talks about having the whiff of August 1945, you know, and Hiroshima as being a good example, I think it, you know, it is an interesting analogy. It's not quite the same as he says. It's got A whiff of it. It's not a direct analogy, but it is interesting, isn't it? Because it is a bit like Hiroshima. The US is the first to use the atomic bomb. It's the first to develop is different, I guess, because it's stealthier, it's more deniable than an overt use of military force. So in that sense it isn't quite the same. I think always think cyber nuclear analogies are a bit of a mistake, but it is a big moment. I think it is a kind of crossing of a threshold, which is to say you can take down a piece of critical infrastructure outside of war with a cyber attack. I guess the only thing that I think is that it's really hard to do. You know, I think that is the key thing about Stuxnet, which I think is often misunderstood, is that this is not easy. And I think if there's one message from. Is that this took years. And a bit like the Manhattan Project, it takes millions of dollars, years of effort, and the best offensive hackers that the US and Israeli government and perhaps other governments have at their disposal in order to be able to do this one covert act and one act of sabotage. And I find that fascinating.
[26:10]
David McCloskey
Yeah, it's not a bunch of people in a suburban basement eating pop Tarts. Right. And figuring this out, this is a state level effort that's got a whole bunch of infrastructure and funding behind it. Although you have to figure the comparison to the Manhattan Project breaks down a little bit here because I would figure that even. Even though there are real barriers to entry, it's not as high as developing a nuclear weapon. It is more dangerous in that way. Because the marginal cost of chaos in this world is. Is lower than in nuclear, I would think.
[26:43]
General Michael Hayden
No, that's true. And actually one of the problems is some of that code can get out into the wild and then people can repurpose it and use it. And that's one of the worries about stuxnet, is people, people are going to do that.
[26:54]
David McCloskey
Luckily that hasn't happened though, right, Gordon?
[26:56]
General Michael Hayden
No, no, but. Well, there is another moment where listeners might be interested in that. 2017, the UK NHS gets taken down by something called WannaCry, which is a really interesting story and we should definitely do it at some point. Yeah, it's a good one because it's. Because it's a North Korean hack which gets out of control. But here's the interesting bit. The North Koreans are using cyber weapons stolen from the nsa. They end up in the wild and then they get repurposed by the North Koreans and take down Britain's energy. I mean, you know, that is a wild story which shows that there is something about cyber which is. It can be repurposed and get out into the wild. But I think there's a. There's a good quote from Kieran Martin, who's the former head of the UK National Cyber Security Center. His analogy is Stuxnet is like the moon landing, you know, so it's fake. Is it? Is it? You know, you mean the wind blowing. This is. We're back to tinfoil hats, David.
[27:52]
David McCloskey
This is like, I should say, if you're watching, I'm not wearing the tinfoil hat today.
[27:57]
General Michael Hayden
You're in your astronaut suit.
[28:00]
David McCloskey
Exactly.
[28:01]
General Michael Hayden
The wind blowing on the moon. I think Kieran's point. And Kieran, I'll talk to you about this separately, but I think his point is not that Stuxnet was faked, but that it was really hard to do, and it takes a superpower like the US to be able to do it, and that you can't just repeat it whenever you want and other countries can't kind of quickly do it. Because I think it goes back to all that research you had to do. You had to have the centrifuges, you had to build a copy of Natanz. You had to kind of work out what programmable logic controller would do it. You had to, you know, the amount.
[28:32]
David McCloskey
Have a horse blanket.
[28:33]
General Michael Hayden
You have to have a horse blanket. The amount of recon and intelligence work which went into Stuxnet, I think, is enormous, and maybe it overinflates what cyber weapons can do. Because, again, another story. When Russia invades Ukraine in 2022, everyone is expecting massive cyber attacks as part of it, and there are. But they don't really have as much impact as people had expected. And again, it just suggests doing the kind of targeted physical attack of a Stuxnet is really, really, really, really, really hard. It's just not straightforward.
[29:06]
David McCloskey
I mean, I think the perception, to go back to the. The die hard for your die hard comparison, I think the perception is that the way that these attacks happen is that somebody has, like, a gonculator that basically.
[29:19]
General Michael Hayden
What is a gonculator?
[29:21]
David McCloskey
Exactly? It's very. It's a very powerful term. It's a technical term. You've got, like, there's, you know, the bad guy or whoever, right? The. The spy service has, like, a gonculator that turns off things.
[29:32]
General Michael Hayden
Big red button.
[29:32]
David McCloskey
We can just turn off the electricity, we can just turn off all the water treatment plants. Like, I think there's a sense that it's a little bit more blunt than that. And I think what hopefully we've shown over these four episodes on Stuxnet is that it's actually a really tailored kind of operation. And so it takes a lot of time and it takes a lot of effort and all of that. Right.
[29:51]
General Michael Hayden
The problem is, of course, now 2010, it's over. And in the meantime, the Iranian program.
[29:57]
David McCloskey
Is still have a nuclear program.
[29:58]
General Michael Hayden
They still got a nuclear program. Natanz is still there.
[30:01]
David McCloskey
What happened to that nuclear program, Gordon?
[30:04]
General Michael Hayden
What happened in the intervening years? And it is interesting because when you look at the damage inflicted by the virus, you can't really measure it. It's quite hard to measure. But the general view would be that it set it back definitely months, maybe years. It's a stretch. Some people say three years, but some people say three months.
[30:22]
David McCloskey
It's a wide range.
[30:23]
General Michael Hayden
It's a pretty wide range.
[30:24]
David McCloskey
It wouldn't seem worth it if it was actually three months.
[30:28]
General Michael Hayden
I agree. I mean, but the Iranians say, and they would say this, we've incurred some slight damages here and there, but we've been able to manage pretty well.
[30:35]
David McCloskey
That's what I would say if I were an Iranian.
[30:37]
General Michael Hayden
That's what you would say.
[30:38]
David McCloskey
We've managed through this terrible crisis and there's been no impact. That's what I would say if I were the Iranians.
[30:45]
General Michael Hayden
So it clearly had an impact. It took out at least a thousand centrifuges. It looks like no one is, of course, sure. The IAEA inspectors, our friends with the magnifying glasses, they can see that it slowed them down. They can see with their magnifying glasses, broken centrifuges. So it's definitely had an impact. It has bought short time, but not stopped it. It has not stopped it completely. And that was, I guess, always the point was buying time. And when you look at the decision making at the start, it was not, this is going to destroy the Iranian nuclear program. It was, we're going to buy time, and we're going to do this unprecedented thing. We're going to do something which, you know is potentially risky and which could have blowback. But we're going to do it to buy some time. And in a sense, it does buy time. And you can argue crossing the Rubicon is a big deal, but it's less of a big deal at that point than starting a war in the Middle East. It's back to Bush. I want the third option. He doesn't want either an Iranian bomb or a war. This was his third option. And for a while at least, it buys them that time.
[31:47]
David McCloskey
First off, I have to say that if Stuxnet is running in some capacity from 27 to 2010, I find it hard to believe that the delay was only a couple of months. Yeah, I agree that seems implausible. I think we're probably talking about years. But you're right that nobody, nobody could know. So that's one point. I think the second point is it does seem like, and I guess draws it into, you know, the world we're in today, where the US and Israel have just overtly hit Iran's nuclear program, is that it's not actually plausible to think that any of these sort of sabotage operations would eventually convince the Iranians to just sort of pack it up. Yeah, right, like that. That seems like a bit of an out there idea. So you're always dealing with the reality that at some point either you're going to have to let the Iranians get to a point where they've got a breakout capability, or you've got to hit the program militarily. Right. Because you can't fully degrade the program covertly with COVID means, or you have to hope that there's some kind of political change in Iran where the regime decides to stop the program, like Gaddafi did.
[33:05]
General Michael Hayden
You're right. And Obama, we went back to where we were talking about previously, about him wanting to use diplomacy. And to some extent he gets that because. Because they get what's called the JCPOA, the agreement in 2015 in which Iran agrees to restrict its enrichment. So to kind of constrain the enrichment that's taking place. But then President Trump leaves the deal, says it's a bad deal unilaterally. So Iran then is back in business and starts to push forward again. And now it's harder to do another stuxnet. You could maybe only do it once. And then it's interesting, isn't it, because you do get some more walk over action. You do get more attempts to do it. I mean, there's a. I remember getting an email on July 1, 2020, just before midnight, I got an email in my inbox from a group calling itself the Homeland Tigers. This came to my work email.
[33:55]
David McCloskey
It's a good name.
[33:55]
General Michael Hayden
They claim to be Iranians and they said they started a fire at the Tans. Now, I always assume, I think this was an Israeli thing. And they were basically emailing journalists like me to try and claim responsibility and to try and suggest that it was An Iranian, you know, domestic group. I. I slightly find that implausible, but they sent me, you know, details of this and it wasn't yet public. And. And then the next day, it emerges there has been a fire at Natanz.
[34:21]
David McCloskey
The Homeland Tigers were onto something. Gordon.
[34:23]
General Michael Hayden
The Homeland Tigers. But there's going to be more of these little explosions. And of course, November 2020. Picking up to our previous episode, you get the assassination campaign claims arguably its biggest target, Mohsen Fakhrizade, or Fakrizade, the man who's been driving a lot of the military side, and he's taken out in 2020.
[34:42]
David McCloskey
Well, and even a couple years before that was when the Israelis was 2018, when the Israelis conducted that wild operation to basically go into warehouses, I think, a big warehousing facility in Tehran and basically steal all of the hard copy documents about the nuclear program. That themes from the kind of stuxnet era, I guess you could say, cyber attacks, physical sabotage, an assassination campaign, and then this kind of almost like a public relations.
[35:14]
General Michael Hayden
Yeah.
[35:14]
David McCloskey
Trying to shed as much light as possible on the Iranian program. Those, I guess, pillars of, you know, the Israeli campaign against Iran's nuclear program are very much alive and well a decade after stuxnet. Right. And up to the point of these most recent strikes.
[35:33]
General Michael Hayden
Yeah. Because what you then see is that shadow war and some of it public continuing. And you have the Iranians continuing to enrich, continuing to increase the amount of material, shorten that breakout time through which they can, you know, get to the bomb. And then, of course, you know, just this year, something changes, you know, which changes the dynamics around this program. You know, it is interesting to look at it with this long view that we've had, because Israel's argument is that they get new intelligence which suggests Iran is pressing forward on aspects of weaponization, which you'll remember if you go back to the early episode, 2003, the US believes the Iranians stopped at that point point, the final stage, the weaponizations. Now, the Israelis suggest they have something new on that. Others I've spoken to are more skeptical about that and they think it's more that Israel's risk calculus has changed, that Israel's risk calculus about tolerating an Iranian bomb after October 7th changes. And of course, all its proxies. You know, we talked about this on one of our bonus episodes, really interesting interview, where all the proxies that Iran has taken off the board, off the chessboard. So Iran has less ability to respond if Israel wants to strike. And so I think Israel just sees that opportunity of a weakened Iran and of a Trump administration which they are hoping might come in behind them, which of course it does, and then go for it. Now, I'm not saying there wasn't any new intelligence, but I think that calculus is more of what's going on in my head.
[37:06]
David McCloskey
Oh, it's really important. It's gotta be. Yeah. Because you think about the. The sort of Mayor de Gun calculation on wanting to delay Iran's kind of push toward a bomb because he's trying to avoid a conflict. And on the conflict side of that has got to be the sense that if we actually militarily strike the Iranians, there's going to be a protracted regional war that's going to lead to thousands of people getting killed. Right. And all of a sudden, I think now in the summer of 2025, with Hezbollah basically defanged, and with the Israelis having already taken a big bite out of Iran's air defenses, and with Iran really reeling, all of a sudden, that that calculation shifts and you think, well, the whole point of all of this, the shadow war stuff, is to degrade Iran's nuclear program as much as possible. Well, all of a sudden, if the cost of the over military strikes goes way down, it starts to look like a much better option for the Israelis. Right. And even if there's not really new intelligence on that front, all of a sudden it makes a lot more sense to overtly strike. And when you figure that if you're Netanyahu, you might be able to do this and then convince the Americans to join and use those big B2s with the bunker buster bombs that maybe can get you deep enough to create some real damage at 4dao, it starts to seem like a pretty attractive idea. Even if you're only setting the program back a year or two, you figure, why not if you're Netanyahu, Right?
[38:50]
General Michael Hayden
Yeah, totally. So that really does take us to where we are now with those attacks, Natanzk, which is where we started getting bombed multiple times. Fordeaux getting hit by these massive ordnance penetrators. Damage setback again. Hard to know what's happened underground. But also, does Iran have more secret sites? Has it got another secret mountain site? What's happened to the 400 kg of highly enriched uranium which they stockpiled already? Will Iran now race for a bomb at a secret site or on the back foot? Will it go for a deal? I don't think we can know where it goes next, but hopefully, I think by telling this story, we've helped explain how we got here and how to understand the events as they've been unfolding because I think that context is really important, even if we can't really predict where this goes next.
[39:45]
David McCloskey
And the big loser in this entire series, Natanz. Yeah, the poor sighted Natanz is horse blanketed, bombed, centrifuges ripped, ripped apart. I mean, I know we're covering almost 20 years of history here, but it seems like if you're an Iranian nuclear scientist or physicist or engineer, maybe you want to work elsewhere. Right. Which I guess is part of the point. Yeah, right. Is so go work on, you know, designing the next generation of top or instead of, instead of nuclear bombs. So it has been quite the journey, Gordon. And I have to commend you once again for your explanations of nuclear physics. Listeners to the podcast will of course understand that I don't enjoy giving you compliments, but I think, I think you navigate science.
[40:38]
General Michael Hayden
I'll take it.
[40:39]
David McCloskey
That's right.
[40:39]
General Michael Hayden
I'll take it.
[40:40]
David McCloskey
That's right. We should note that although this the series is ending, it's still a wonderful time to sign up for the Declassified Club.
[40:46]
General Michael Hayden
Gordon, we've got a great interview, haven't we, with Jim Lawler about Iran, which is talking about specifically the targeting and the sabotage of Iran's nuclear program. So he ran one of the CIA teams which was dealing with Iran's nuclear program and with the Aq Khan network, which we talked about. We've heard from him a bit already about other aspects of his career, but it is an absolutely fascinating interview if you want to understand what sabotage really looks like, how it is done. It is amazing how you run front companies and all that stuff. And that is going to be the bonus episode for our club members, which is coming out on Friday. So do join@the restedclassified.com but otherwise, see you next time.
[41:34]
David McCloskey
See you next time.