X

US reportedly had cyberattack plan for Iran if nuclear talks failed

There were elaborate plans aimed at disabling Iran's critical infrastructure, according to a new documentary.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read
Stuxnet: Computer worm opens new era of warfare
Enlarge Image
Stuxnet: Computer worm opens new era of warfare

The Stuxnet worm damaged computers at a nuclear facility in Iran in 2010.

 CBS Interactive

The US developed an elaborate plan for massive cyberattacks on Iran's critical infrastructure during the early days of the Obama administration, according to a documentary premiering this week.

Code-named "Nitro Zeus," the plan aimed to disable Iran's electrical grid, air defenses and communications services, according to details of the film revealed Tuesday by The New York Times and Buzzfeed. The plan provided the US with a backup if diplomatic efforts to limit the country's nuclear program failed and a military conflict began, according to the reports.

A key goal of the cyberattacks, according to the "Zero Days" documentary, was disabling the Fordo nuclear enrichment site, considered one of the hardest targets in Iran because it is built deep into a mountain near the city of Qum. The proposed operation would have inserted a worm into the Fordo's computers systems, disabling the facility's centrifuges used to enrich uranium.

The documentary details years of heightened tensions between Iran and the West that many feared would lead to armed conflict before a nuclear accord was finally reached in 2015. The operation underscores the greater importance that cyber-operations are taking in military planning.

Nitro Zeus was "likely the largest and most complex cyberwar plan the US has ever created," director Alex Gibney told Buzzfeed.

Cyberattacks on Fordo were intended as a sequel to "Olympic Games," the codename given to a 2010 cyberattack blamed on the US and Israel that used a sophisticated worm called "Stuxnet" to destroy 1,000 centrifuges at Iran's Natanz nuclear facility. Rather than steal data, Stuxnet left a backdoor meant to be accessed remotely to allow outsiders to stealthily knock the facility offline and at least temporarily cripple Iran's nuclear program.

The Nitro Zeus operation, according to the documentary, used US hackers based at the Remote Operations Center in Fort Meade, Maryland, to penetrate large sections of Iran's critical infrastructure and ready a disabling attack that would be launched alongside a military operation. However, some within the State Department and the National Security Agency expressed concern over the legality and ethics of disabling civilian infrastructure in addition to military targets.

The documentary also allegedly confirmed that Israel modified the Stuxnet worm, making it far more aggressive. Even though Stuxnet targeted industrial facilities, it also infected regular PCs and as a result was discovered in June 2010, about a year after the earliest known version was believed to have been created.

Long-held suspicions that the US was behind Stuxnet were confirmed in June 2012 by The New York Times. Citing unnamed US government sources, the Times reported that Stuxnet was developed by the US, possibly with help from Israel, as a way to preempt a military strike against Iran over its nuclear program.

The Stuxnet payload was reportedly delivered to the facility on a standard thumb drive by an Iranian double agent working for Israel.