9 September 2019

The Dutch Connection

By FRED KAPLAN

New information about the computer worm Stuxnet provides further proof that President Donald Trump is harming U.S. security by dissing our traditional allies.

Stuxnet was the highly sophisticated and secretive cyberattack operation that set back Iran’s nuclear program by a few years—enough time to wedge an opening for the diplomacy that produced the multinational Iran nuclear deal of 2015.

It has long been known, though never officially acknowledged, that Stuxnet was a U.S.-Israeli program. But an article published by Yahoo News on Monday—written by two of the most scrupulous journalists on the subject of cyberwar—reports that a crucial role was played by a mole recruited by Dutch intelligence, at the behest of the CIA and Mossad.

The recruiting began in 2004—“a time,” the article notes, “when there was still extensive cooperation and strong, multilateral agreement among the U.S. and its allies about how to deal with the Iranian nuclear program.”


This degree of cooperation and agreement no longer exists, thanks to Trump’s capricious withdrawal from the nuclear deal and his carelessness with sensitive intelligence, which has made some allies reluctant to share their findings with Washington.

The Stuxnet virus was inserted into Iran’s uranium-enrichment plant at Natanz. When activated, it drastically altered the speed of the plant’s centrifuges—the spinning paddles that enriched the uranium—causing them to crash or break.
The question is how freely the Dutch, and other allies, will continue providing their American cousins with sensitive stuff, given Trump’s dangerous policies and his carelessness.

The attack—also known as Operation Olympic Games—was first reported by David Sanger in the New York Times in 2012, well after the Iranians caught on to what was going on and neutralized the virus. More details were laid out in the 2014 book Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, by Kim Zetter—who is one of the authors of the Yahoo story.

However, until now, the public has not known how the hack got underway. Before Stuxnet, the Iranians had “air-gapped” the system controlling the centrifuges at Natanz—meaning, it had no connection to the internet. An insider would have had to insert a USB flash drive somewhere in the system. (When I was researching my book Dark Territory: The Secret History of Cyber War, one source told me it had been inserted in a printer that was hooked up to a computer that also ran the control system.) But who was the insider? How did he get inside?

The Yahoo story reports that the insider was an Iranian engineer, recruited by Dutch intelligence, who entered the Natanz plant several times as a mechanic working for a “front company” that had wrangled a contract with the Iranians.

The Netherlands got involved in this—and had the knowhow to do so—because the Iranian centrifuges were based on a Dutch design that had been stolen in the 1970s by Pakistan, which, over the next two decades, provided the blueprints and materials to several tyrants around the world. All along, Dutch intelligence was infiltrating Pakistan’s supply chain, in part with spies, in part through hacking.

Dutch cyberoffensive operations have been more extensive—and more useful to the United States—than one might assume. Zetter’s co-author, Dutch journalist Huib Modderkolk, broke the story, a year ago, that Dutch intelligence first informed the FBI that Russians were hacking the computers of the Democratic National Committee during the 2016 election. The Dutch knew this because they’d been monitoring the computers of “Cozy Bear,” the codename for the Russian group that hacked the DNC.

The question is how freely the Dutch, and other allied intelligence agencies, will continue providing their American cousins with sensitive stuff, given Trump’s dangerous policies and his carelessness. Sharing intel is a courtesy among allies, but it’s also a risk. If the intel leaks out, the objects of the surveillance—often an adversary—will know they’re being watched. Technical specialists can often infer from the intel just how they’re being watched, and they can change their behavior accordingly—thus making further surveillance very difficult, maybe impossible.

On Aug. 30, Trump tweeted a photo of a charred launchpad at Iran’s space center—which had just experienced its third failure this year—along with a caustically toned message that the United States had nothing to do with the explosion, thereby raising suspicions that, in fact, it did. Within hours, amateur sleuths deduced which U.S. spy satellite had taken the photo as well as the satellite’s technical capabilities.

In short, Trump had photographed an image from a beyond-top-secret intelligence briefing—probably with his easy-to-hack cellphone—and then tweeted it to the world.

Asked about the tweet, Trump told reporters that he had the “absolute right” to release classified material. This is true. The authority to classify (or declassify) any or all information stems from executive orders dating back to Franklin D. Roosevelt and updated by almost every president since. In other words, the vast array of officials who stamp “Top Secret” (or “Declassified”) on documents do so on behalf of the president. So if the president wants to do this directly, for whatever reason (or lack of reason), no laws have been broken.

However, just because a president can do this doesn’t mean he should. Retired Lt. Gen. James Clapper, former director of national intelligence (and, before then, director of the agency that operates spy satellites), said of this particular indiscretion, “You can bet every adversary is going to school on what’s been exposed. I can’t see what the point is, other than to make fun of the Iranians.”

This was not a one-time lapse. In May 2017, during a meeting in the Oval Office, Trump told two top Russian officials—Foreign Minister Sergei Lavrov and Ambassador Sergey Kislyak—that a U.S. ally had provided intelligence about a new ISIS terrorist threat involving the use of laptops on airplanes. He told the Russians so much about the intel that the Russians could identify the ally—Israel—and infer that it had a spy inside ISIS, a fact that alone is highly sensitive.

Just as he did more recently, Trump defended his action, saying he had “the absolute right” to handle classified information in whatever way he chose. Yet, several past and present intelligence officials condemned the disclosure about ISIS as “shocking” and a potential “blow” to America’s relationship with Israel and other allies. A former senior U.S. official told the Washington Post at the time, “Trump seems to be very reckless and doesn’t grasp the gravity of the things he’s dealing with, especially when it comes to intelligence and national security.”

Not much has changed on that score in the subsequent two years. Meanwhile, tensions with allies have sharpened and soared; the initial suspicions about Trump’s cluelessness and carelessness have been confirmed time and again. He remains unaware, or maybe unconcerned, that the United States relies on allies in countless ways—the revelation about Dutch cooperation on Stuxnet being just one. If this goes on for much longer, the allies will drift away, and we will be much less secure as a result.

No comments: