Stuxnet worked

Stuxnet was better than a bomb at delaying the development of Iran’s nuclear weapons development programme.

According to a top German computer consultan, the Stuxnet virus, which has attacked Iran’s nuclear facilities and which Israel is suspected of creating, has set back the Islamic Republic’s nuclear programme by two years.

The consultant, who was one of the first experts to analyse the program’s code and was only identifed as “Langer”, told The Jerusalem Post  that it will take two years for Iran to get back on track.

“This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”

There have been claims that the virus is still infecting Iran’s computer systems at its main uranium enrichment facility at Natanz and its reactor at Bushehr.

Last month, the International Atomic Energy Agency (IAEA), the United Nation’s nuclear watchdog, said that Iran had suspended work at its nuclear-field production facilities because of Stuxnet.

Langer said that Iran’s best move would be to throw out all of the computers that have been infected by the worm.

Even if the computers were thrown out, Stuxnet would have much to fear from outside contractors using Stuxnet infected computers.

Langer said it was extremely difficult to clean up installations from Stuxnet, and Iran was not very good at IT security.

“Once they got rid of the virus, and this will take time, and then they need to replace the equipment, and they have to rebuild the centrifuges at Natanz and possibly buy a new turbine for Bushehr.”

There have been two suspects for releasing Stuxnet. The first is Israel’s Military Intelligence Unit 8200, known for its advanced Signal Intelligence (SIGINT) capabilities. The other is the US.

Senior IDF officers confirmed that Iran had encountered significant technological difficulties with its centrifuges at the Natanz enrichment facility, so it means that they have been watching to see how Stuxnet worked.

Stuxnet must have taken years to develop and there is 15,000 lines of code, involved, Langer said.

*Update An IAEA spokesperson got in touch with us. We’re told:

“The IAEA has never speculated, let alone said or confirmed, on the possible cause or causes that led to the suspension of work at the Natanz uranium enrichment facility in November. Quite simply, this is not what IAEA safeguards inspections are about.

“You can verify this to be the case by reading the 23 November IAEA Safeguards report on Iran that was de-restricted by the IAEA Board of Governors and is now available here.”