Last week, The New York Times reported that Stuxnet, the computer worm which infected computers around the world in 2010, was developed by the United States in conjunction with Israel to destroy Iran’s nuclear centrifuges.
“It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives,” wrote David Sanger, the paper’s chief Washington correspondent.
Sanger describes how President Obama decided to speed up clandestine cyberattacks against Iran’s nuclear facilities – and significantly expand America’s use of cyberweapons – in his new book Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, which details how President is using both innovative weapons and strategies to address rapidly growing threats around the world.
On Monday’s Fresh Air, Sanger talks about the President’s changing foreign policy strategies in Yemen, Libya, Syria, Iraq, Pakistan and Afghanistan, where early idealism in the White House eventually transitioned into a policy called “Afghan Good Enough.”
“Afghan Good Enough,” the nickname of a committee organized to narrow the goals in Afghanistan, met regularly with the President to determine what was considered ‘good enough’ in terms of goals for the country.
“The kind of conversations that took place within that group represented a realpolitik that no one ever admits to on Sunday morning talk shows,” writes Sanger. “One participant told me later, ‘We spent the time asking questions like, ‘How much corruption can we live with?’”
Sanger also details the President’s aggressive use of weapons like drones in Afghanistan and Pakistan and his acceleration of cyberwarfare attacks in Iran, where the U.S. and Israel developed computer worms designed to take down Iran’s nuclear facilities.
Before they could attempt to take down Iran’s Natanz nuclear enrichment plant, however, U.S. and Israeli officials needed to know what it looked like. Sanger explains that they initially sent a bit of computer code called a beacon into Natanz to map the plant’s electronic infrastructure.
“This beacon went in and basically built a blueprint for how the Iranians had designed the electronics of this plant and then came back out and phoned home, back to the National Security Agency and Unit 8200, the Israeli’s equivalent of the NSA,” says Sanger. “And from the data that they gathered there, the U.S. and the Israelis designed a computer worm that would replicate within the system.”
But U.S. officials first wanted to test the worm. So they built a full-scale replica of the Natanz nuclear energy plant on the grounds of the Department of Energy’s national laboratories.
“They literally attacked their own mockup of the plant,” says Sanger. “And one day they brought back … the rubble of a destroyed centrifuge that had been attacked merely by computer commands. They had accomplished for the first time, the destruction that previously the United States or other countries could accomplish only through bombing a facility.”
When President Obama took office in 2009, he met regularly with the security officials working to destroy the nuclear centrifuges.
“They would explain to the President what the latest version of the worm had done or had not done, what they were aiming for, and at the end of these sessions, he would essentially authorize them to move forward,” says Sanger. “He would say, ‘You can move to the next step’ and these attacks grew bolder and bolder until one day, at the end of 2010, when they made a big mistake.”
That mistake allowed the computer worm – nicknamed Stuxnet — to spread to an Iranian engineer’s computer, after he connected the computer to a centrifuge. When that engineer then went online, the virus began replicating – and spreading all over the world.
“The worm did not detect that its environment had changed,” says Sanger. “So all of a sudden it thought the whole Internet – the whole world – was that same environment [as the plant] and it began propagating itself.”
Initially Sanger and his colleagues at The New York Times thought that Stuxnet had been released on the Internet by intelligence officials hoping to get the worm inside Iran’s nuclear facilities.
“In fact, we had it backwards,” he says. “It had started in Natanz and escaped like a zoo animal.”
When U.S. and Israeli officials learned that Stuxnet had escaped, they met with President Obama in the Situation Room. The President asked if the code could damage computers outside the plant. After security officials assured him that was not the case, the President decided the program could go forward. A week later, another iteration of the code brought down 1,000 centrifuges within Iran.
“The official internal estimate is that [this code] delayed Iran’s progress and weapons capability by 18 months to 2 years,” says Sanger. “I had some outside experts who believe that that is not true – that Iranians have recovered fairly quickly. But what we don’t know – and will never know – is whether they would have been able to build far better centrifuges and far more sophisticated centrifuges had this not happened. Because as their centrifuges were literally blowing up, they ended up firing people, taking centrifuges off line – because they were trying to figure out what was going wrong. As one official said to me, ‘It was to make them feel stupid.’”
On concerns about the cyberattacks program
“While the U.S. now has a very subtle understanding of when it wants to use drones and not, there is no equivalent right now of when you use cyberweapons. Partly that is because Olympic Games was so secret and part of that is because the weapon is new and developing so fast that no one is really gathering together the sort of theory about how and when you would use it, when you would use it as a deterrent that we developed in the 1950s about nuclear weapons.”
On preparing for cyberattacks
“In the old nuclear age, you could sit under a big screen under a mountain in Colorado and you could see where the missiles were coming from. If there’s a cyber attack from China or Russia or Romania or Mexico, it may well run through a server in another country. And it may take months before you know where it really came from.”