Despite an error in the Stuxnet worm that attacked Iran’s uranium enrichment program, which caused the malware to spread wildly out of control and infect computers outside of Iran in 2010, President Barack Obama ordered U.S. officials who were behind the attack to continue the operation.
That was despite the fact that Stuxnet was spreading to machines in the United States and elsewhere and could have contained other unknown errors that might affect U.S. machines.
The information comes in a new report from The New York Times, which asserts that an error in the code led it to spread to an engineer’s computer after it was hooked up to systems controlling the centrifuges at Iran’s uranium enrichment plant near Natanz. When the engineer left the Natanz facility, he spread it to other machines, writes Times reporter David Sanger, based on a book he has written that will be released next week.
Sources told Sanger that they believed the Israelis introduced the error in the code.
“We think there was a modification done by the Israelis,” an unidentified U.S. source reportedly told the president, “and we don’t know if we were part of that activity.”
Vice President Joe Biden accused the Israelis of going “too far,” a source told Sanger.
According to the Times, Obama wondered to advisers whether the attack should be discontinued after Stuxnet began spreading, believing the operation might have been irrevocably compromised.
“Should we shut this thing down?” Obama reportedly asked at a meeting in the White House Situation Room that included Biden and the director of the Central Intelligence Agency at the time, Leon E. Panetta.
But aides advised him that it should proceed since it was unclear how much the Iranians knew about the code, and the sabotage was still working.
At the time, security researchers were still furiously trying to figure out what Stuxnet was designed to do, and hadn’t yet discovered that it was attacking the centrifuges in Iran. They would later determine that it was very targeted code that was tailor-made to attack only machines in Iran’s enrichment program. Although it infected more than 100,000 computers in and out of Iran, it didn’t do damage to those computers. But given that U.S. authorities appeared to be unclear about what the Israelis might have done to change the code, the exchange between Obama and his advisors seems to indicate that Obama gave the order to continue without the administration knowing precisely whether the code might damage other machines outside of Iran.
In weeks following that meeting, Sanger writes, while researchers at Symantec in the United States were still examining the code, the Natanz plant was hit by a newer version of the computer worm. A few weeks after Stuxnet was detected and disclosed in July 2010, the malware temporarily took out about 1,000 centrifuges in Iran.
The ongoing cyberattack authorized by Obama coincided with the Administration and members of Congress chastising China for its supposed roles in cyber-intrusions into government contractors, human rights groups and Western corporations. The Times piece notes that Obama was aware and concerned that the government’s forays into cyberattacks would give justification to Iran, China and other entities conducting similar attacks against the United States.