Iran officially accused Israel of carrying out the attack on the Natanz nuclear facility and vowed revenge. Iran’s Atomic Energy Authority confirmed that the uranium enrichment at the facility was not affected, and announced that it had identified the perpetrator of the sabotage operation and that a wanted is being conducted, as reported by the Iranian website “Noor News “.
It is clear from this information that Iran is certain that its nuclear facility has been exposed to an act of electronic sabotage, and its official accusation means that it has good information to point the finger at Israel.
Reports indicate that the accident at the nuclear facility was caused by the electrical grid that powers the new centrifuges, which were installed one day before the breakdown.
We conclude from the speech of the spokesman for the Ministry of Foreign Affairs of Iran, Saeed Khatibzadeh, that the accident left no human or environmental casualties, but indicated that it could have led to what he described as a disaster and a crime against humanity.
It is true that the attack is electronic, but how did the executor, whoever it was, gain access to the electrical grid inside the reactor? Was this done from a distance or was it an attack from within?
Is Iran stung from the same burrow?
We should note here that the available information on the nature and circumstances of the cyber attack is not yet clearly available, but as reported by the media, the attack targeted the power grid, resulting in a fire or explosion.
According to this information, the scenario of a Russian cyber attack on Ukraine’s power plants is more likely in this case.
In this attack in late 2015, the Russians used a malware called Trisis or Triton designed to disable the automated industrial control program known as ICS, which allows industrial facilities to stop operating safely in the event of a presence. the first attack in the world that targeted this system and was successful.
Security systems work to prevent unsafe conditions in the facility. When gas fuel pressure or reactor temperature rises to unsafe limits, for example, these programs automatically close valves or initiate cooling processes to prevent accidents that could endanger health or life.
The virus that was used in the recent attack on the Iranian reactor could be one of the types of software that attacks these systems, which unfortunately were not developed by common hackers, but by country-linked piracy groups.
The “Stuxnet” virus, believed to be a joint US-Israeli creation, is the best known of the family of computer viruses associated with infrastructure sabotage, and it is a worm.
A computer worm is a small independent program that does not depend on others created to carry out destructive actions, or with the purpose of stealing some of the data of some users while browsing the Internet, or damaging them or their interlocutors.
In 2010, Stuxnet destroyed Iranian centrifuges at Iran’s own Natanz facility, and the attack came amid concerns and tensions from the West over Tehran’s nuclear program.
The virus put thousands of centrifuges out of work and, although what happened was not confirmed, the analyzes at the time indicated that there was a double agent using a USB storage device (Flash), with the virus to infect computer systems. , That it was not connected to the Internet specifically to protect it from remote external attacks.
Once implanted, a worm lay dormant within the Natanz computer network until certain conditions were met, then the malware virus started working as soon as the conditions were met, changed the icons on the system, and sent signals to the systems. security that makes it appear that everything is working normally.
Stuxnet allowed the centrifuges at Natanz at the time to spin at a much higher speed and without the safety systems realizing what was happening, leading to their suspension and out of service.
The human factor
These viruses cannot enter the computer networks of nuclear facilities remotely, since these facilities are not connected to the Internet in any way, and there is a special security network that detects any unknown entry into the systems, and there are different levels access to parts of the computer network.
Therefore, the breach is likely to have been produced from within, so the implementing body only needs one person with access to one of the computers connected to the network to enter the virus, which will remain inactive until activated , and in the meantime, this client has managed to escape.
One of the Israeli pilots who attacked the Iraqi nuclear reactor in July 1981 recalled what General Eitan told them shortly before his departure: “If you are captured, say everything you know. You think you know a lot, but you know nothing.” . . “
This particular phrase, which the general said about the Iraqi Tammuz reactor 40 years ago for a conventional military operation, about the pilots who carried out ignorance of anything about the circumstances of the operation, is exactly what is being done now in terms of electronics. sabotage that neither the State nor the intelligence agencies can possess Modern technology: Clear and tangible evidence that condemns the executor.