Profile picture
Kim Zetter
@KimZetter
, 10 tweets, 3 min read Read on Twitter
Exclusive: How Secret Dutch Mole Aided U.S.-Israeli Stuxnet Cyber Attack on Iran. For yrs an enduring mystery has surrounded the Stuxnet attack: How did US/Israel get the malware onto computers at the highly secured uranium enrichment plant? Now we know. news.yahoo.com/revealed-how-a…
In 2004, the CIA and Mossad asked Dutch intelligence to help them get into the Natanz facility in Iran. Dutch intel had a mole in Iran who then set up two front companies, one of which got him into the Iranian plant before the summer of 2007.
With intelligence obtained by the mole, the developers of Stuxnet were able to target their attack; he then helped them get it onto the air-gapped sytems in Iran in 2007.
There is evidence to support claim that attackers updated Stuxnet in Sept 2007 based on intel from Dutch mole; @symantec researchers @liam_omurchu & Eric Chien note that on Sept 24, 2007 the attackers compiled the payloads that targeted the PLCs that controlled the centrifuges.
Stuxnet had two payloads, one targeting the Siemens 315 PLC, one targeting the Siemens 417 PLC. The payloads for both got updated/compiled on Sept 24, 2007. They were compiled a just a few hours apart; the 417 code was compiled at 2:57pm; the 315 code was compiled at 6:53pm.
The 417 attack code was the only one the attackers unleashed at Natanz in 2007 - it showed up in the wild in Nov. 2007 when someone uploaded it to Virus Total. The 315 attack code didn't get unleashed until June 2009, and then again in March and April 2010.
I should note that we always suspected the 2007 version of Stuxnet got onto machines via an inside mole; I wrote in the Stuxnet book that this version of the code had only one way of spreading - via USB - so the attackers needed direct or near-direct access to the target machines
When they unleashed later version of Stuxnet in 2009, they didn't use Dutch mole. Instead they infected employees at 5 Iranian companies so they'd unwittingly carry Stuxnet to target. This always meant to me that the attackers had lost the direct access they had in 2007...
But as @liam_omurchu suggests in story published today, it's also possible they simply no longer needed that direct access, since later version of Stuxnet was fully automated for spreading
For anyone who wishes to know more about the Stuxnet story, I published a book on the operation - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon - which you can find here: amazon.com/Countdown-Zero…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Kim Zetter
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @KimZetter see all

Profile picture
Kim Zetter
@KimZetter
Great scoop. That 2016 expulsion of Russian diplomats from compounds in SF and elsewhere wasn't retaliation for meddling in US election - the compounds were part of Russian spy op that targeted FBI communications. @zachsdorfman @JennaMC_Laugh @SeanDNaylor news.yahoo.com/exclusive-russ…
"American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams.
"Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet."
Read 10 tweets
Profile picture
Kim Zetter
@KimZetter
CNN says US extracted top-level spy from Russia shortly after May 2017 mtg. A Russian media outlet says Russian official Oleg Smolenkov, his wife and 3 children disappeared "without a trace" during vacation to Montenegro in June 2017. dailystorm.ru/news/sotrudnik…
The Russian article describes Smolenkov as a "state adviser to the Russian Federation" and says he "worked at the Russian Embassy in the United States, when Yuri Ushakov, now Assistant to the President of Russia, was Ambassador Extraordinary and Plenipotentiary in Washington"
Could these two events be related? Unclear, but CNN reporting that the extraction occurred shortly after May 2017 would help lead Russian government to identity of spy, if not already known. But if Smolenkov was the spy, the Russian gov likely already knew it before CNN story
Read 9 tweets
Profile picture
Kim Zetter
@KimZetter
In secret mission in 2017, the US extracted from Russia one of its highest-level covert sources inside the Russian government - in part because of concerns that Trump admin repeatedly mishandled classified intel and could expose the covert source as a spy. cnn.com/2019/09/09/pol…
The decision to extract the spy occurred after May 2017 meeting in Oval Office in which Trump discussed highly classified intel w/Russian Foreign Minister Sergey Lavrov and Russian Ambassador to US Sergey Kislyak. The intel, concerning ISIS in Syria, had been provided by Israel.
NYT confirmed CNN story and gives more details about how operation to extract spy went down. CIA, worried about his safety, proposed in late 2016 to extract him. But "the situation grew more tense when the informant at first refused citing family concerns" nytimes.com/2019/09/09/us/…
Read 10 tweets

Related threads

Profile picture
⏳╰☆💕☆𝓡𝓸𝓷𝓭𝓪☆💕☆╮⏳
@40_Ronda
Americans are once again allowing the Republican and Democrat party divide us over race, when in fact race is not the issue! Please look at the foreign policies these woman support, and the policies they do not support! This is not about race & we must address the real issues!
@AyannaPressley, @RashidaTlaib, @IlhanMN, @AOC.

I ask for Americans to please look at the human policies these woman are addressing. I ask Americans to actually research the US Foreign Policy that causes massive Refugees and Endless War.
I ask Americans to look at who is funding the election campaigns of their representatives. I ask Americans to question why we are continously at war, when it does not benefit the United States! I ask Americans to research the foreign influence that controls US policy!
Read 112 tweets
Profile picture
Heshmat Alavi
@HeshmatAlavi
#Iran Update
1)
 -Iran claims US cyber-attack following drone downing was unsuccessful
-Iran navy chief: downing of US drone was a "firm response", can be repeated
- Pompeo in KSA amid Iran tensions
-US set to impose new “strong” sanctions on Iran; Tehran says will have no effect
2)
 -UK PM Theresa May:
--Houthi attack on Abha is cowardly, reckless
--Priority is finding diplomatic solution to defuse tension with Iran
--Working to keep nuclear deal. If Iran doesn’t cooperate, other options exist.
-Jubeir: More sanctions if Iran persists hostile policies
3)
 -Trump to Iran: “No Nuclear Weapons & No Further Sponsoring of Terror!”
-US Navy: USS Boxer arrives to Mideast amid heightened tensions with Iran
-UK could join US military action against Iran, Jeremy Hunt says
-US, Israeli & Russian Nat Sec meeting in Israel
Read 4 tweets
Profile picture
Heshmat Alavi
@HeshmatAlavi
#Iran’s IRGC shot down a US drone Thursday morning when it entered southern Iranian airspace, according to the state-run IRNA news agency identifying the drone as an RQ-4 Global Hawk.
CENTCOM spokesman to AP: “There was no drone over Iranian territory.”
apnews.com/e4316eb989d549…
#BREAKING
"U.S. Navy MQ-4C Triton high-altitude drone shot down by Iranian surface-to-air missile this evening over Strait of Hormuz in international airspace" - U.S. official to @LucasFoxNews
#Iran IRGC chief Hossein Salami:
Downing of US drone sends a "clear message" to Washington

(File Photo)
Read 25 tweets
Profile picture
Filomena Rocha
@Filomen03258997
6. United States decided to label #IRGC terrorists. But who are the real terrorists? Who created, trained, armed & financed the worst terrorist groups in the world?

#Hypocrites #DoubleStandards #Liars #Warlords #USRealTerrorists
1. United States decided to label #IRGC terrorists. But who are the real terrorists? Who created, trained, armed & financed the worst terrorist groups in the world?
🤨👇🏼
threadreaderapp.com/thread/1116293…
2. United States decided to label #IRGC terrorists. But who are the real terrorists? Who created, trained, armed & financed the worst terrorist groups in the world?
🤨👇🏼
threadreaderapp.com/thread/1121015…
Read 40 tweets
Profile picture
Sonia Mota
@SoniaKatiMota
#Iran Protests courtesy of the #CIA
Jun 25, 2009 After President Mahmoud Ahmadinejad won the Iranian Election, riots and protests erupted in #Tehran, The western media was quick to report on this #PSYOPS.
#US politicians, #Israel, #SaudiArabia & media dream of #RegimeChange in #Iran.
Jan 3, 2018 The more intense and violent demonstrations in Iran have given way to patriotic rallies with thousands of Iranians shouting pro-government slogans.
Jan 3,2018 Are the protests in #Iran spontaneous, or are they the result of another #RegimeChange operation?#TheCorbettReport James explores the past, present & future of #US and #Israel-i involvement in Iran, & the attempts to foment unrest in the country.
Read 31 tweets
Profile picture
LTG Jerry Boykin
@GenBoykin
#Iran has obviously not fully considered #Russia. Russia does not want a war between #Israel and #Iran in #Syria. So the Russians are now trying to mediate between the two nations. Russia has too much at stake in Syria. #SyriaStrikes #middleeast #tcot #ccot
#War between #Iran and #Syria would draw the #UnitedStatesOfAmerica into the fight and that would be a disaster for #Russia. Believe it or not, Russia does not want to tangle militarily with the US or Israel in Syria. #SyriaStrikes #middleeast #tcot #ccot
Scenario 1:
#Iran will launch another strike but it may come from #Hezbollah in #Lebanon or #Hamas in #Gaza. Or it could be another attack from #Syria into #Israel. My guess is that it will be a #terrorattack. #SyriaStrikes #middleeast #tcot #ccot #airstrike
Read 6 tweets

Trending hashtags

#UPDATE #MilitaryIndustrialComplex #UnitedShades #USTroops #UnitedStates #Hezbollah #SaudiArabia #Copenhagen #LarrySummers #Palestine #USAID #Washington #DeepStateCorruption #CIA #RIP #NancyPelosi #protest #FairObserver #IsraeliApartheid #IRGC #OPEC #Arab #FreeManning #Holocaust #Warlords
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!