Cyber Strike By Foreign Force Caused Iran Explosion: Israeli Experts

02 Jul 2020

Cyber Strike By Foreign Force Caused Iran Explosion: Israeli Experts

Iranian officials confirmed damage to a building built near the Natanz nuclear power plant today, saying an "accident" occurred. Israel has denied any connection to the huge explosion in the secret facility.

By Arie Egozi

July 2, 2020


Credit: ISI

TEL AVIV: A mysterious attack using a “kinetic cyber” weapon has caused extensive damage to one of Iran’s most important nuclear facilities, experts here say.

In recent weeks, Israel has dramatically intensified its efforts to prove to the world that Iran has not stopped its race to a nuclear bomb. This effort, sources here say, may explain a series of “incidents” in Iran’s nuclear infrastructure in recent weeks and especially the huge blast that has destroyed big parts of a secret facility in Parchin associated with this country’s nuclear program.

Satellite images show the big blast at Parchin Friday occurred at a secret site that was built by the Iranians as part of their nuclear program.

Iranian officials first claimed that the huge blast was caused by a gas leak in the “public area” of the Parchin military base, where Iran had in the past been suspected of conducting high-explosive tests for nuclear warheads.

The gas storage area is part of the Khojir missile facility. The explosion caused heavy damage to the Shahid Bakeri Industrial Group, which makes solid-propellant rockets, according to one analyst cited by the news agency. Large industrial buildings at the site visible from satellite photographs also suggest missile assembly being conducted there.

In addition, Iranian officials confirmed damage to a building built near the Natanz nuclear power plant today, saying that an “accident” occurred. The Iranians say the crucial centrifuge facility, needed for Iran to make nuclear weapons, was not damaged.

Israel has denied any connection to the huge explosion in the secret facility.

However, multiple sources here say the explosion could have been caused by a “kinetic cyber” attack that one source says was performed by a “major force.”

A cyber expert here who talked with BD on condition of anonymity said cyber could have been used in many ways: “For instance, shutting down all the security cameras on a targeted site so security personnel are not aware that someone is doing something.”

Israeli experts say that the Iranian nuclear program has been accelerated because Teheran is worried that a continued arms embargo will make it very hard to obtain systems and materials that are needed for getting to a nuclear bomb.

“We insert all the points along the flight path into a deep neural network that was trained to be able to predict the exact launch point and the location of the drone operator,” Eliyahu Mashhadi of Ben Gurion University says. Testing the model with the flight simulator, the team were able to locate and target the drone operator 78% of the time.

Last year, the US Defense Intelligence Agency said Iran has the largest underground facility program in the Middle East, which “supports most facets of Tehran’s ballistic missile capabilities, including the operational force and the missile development and production program.” Iran has said that the cause of the explosion, which sent a huge fireball over Tehran and charred wide areas of scrubland, is under investigation.

The last major blast at a missile base near Tehran killed the Revolutionary Guard’s missile program chief, Hassan Tehrani Moghaddam. It was initially described by Iranian officials as an accident, although Israel was suspected.

The first major cyber attack against the Iranian nuclear program was made in 2010 by Israel and the US using what has become known as Stuxnet.

Martin Ivezic, a cyber expert here, writes in a research paper that an early version appears to have been deployed in 2007, but it didn’t reach its target. Perhaps that version’s goal was merely to gather intelligence. Its sophisticated platform was readily adaptable to espionage purposes and several related pieces of malware were primarily designed for that purpose.

According to Ivezic, the intelligence that its developers eventually obtained about Iranian operations enabled them to get Stuxnet inside Iran’s air-gapped (not connected to the internet) Natanz facility in 2009. “They did this by infecting five Iranian companies that installed equipment in Natanz. When technicians at these companies connected their laptops to Natanz equipment, they unwittingly caused Stuxnet to download and spread throughout the facility. Through this indirect connection, Stuxnet’s developers were able to upload and command the malware through 2010, even though they did not have a direct connection with it.

Stuxnet is considered the largest and most expensive malware development effort in history, a project too big for anyone but a nation-state to produce. It was also far too precisely targeted to damage anything other than equipment used only in Iranian uranium enrichment facilities.

The attack damaged centrifuge rotors through two different routines – The first involved dramatically, but briefly, speeding centrifuges above their maximum safe speed, then briefly slowing them dramatically below their minimum safe speed. The malware would then wait weeks before repeating the cycle, to reduce the chances of detection. The second, more complex routine involved over-pressurizing centrifuges to increase rotor stress over time.

The two states appear to be increasingly relying on cyber weapons. Iran, according to a report in London’s Financial Times, tried to increase chlorine levels in water flowing to residential areas in Israel during an April cyberattack.

The head of Israel’s National Cyber Directorate said after the attack was avoided that it could have resulted in injecting high doses of chlorine or other chemicals into the water supply. Also, there was a chance that the attack would have triggered a fail-safe, shutting down the pumps and leaving thousands without water during the recent deadly heatwave in Israel.

An unnamed Israeli official told the Financial Times that the attack created “an unpredictable risk scenario” by starting a tit-for-tat wave of attacks on civilian infrastructure, something both countries had so far avoided.