
How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran - jbegley
https://news.yahoo.com/revealed-how-a-secret-dutch-mole-aided-the-us-israeli-stuxnet-cyber-attack-on-iran-160026018.html
======
jacquesm
Interesting how the whole world was in an uproar over Assange endangering
lives and this gets a free pass. We should make up our minds about stuff like
this, either Assange should be treated as a reporter or this reporter is
endangering lives.

I hope that whoever this mole was that he/she has good life insurance and no
kids. Based on this info it should be trivial to figure out who it was and
even if the journalist got it wrong there will likely be repercussions against
the people implicated here.

~~~
jabedude
The article heavily implies that the Dutch mole was executed years ago.

~~~
meowface
Not necessarily. All it says is two of their intelligence sources refused to
answer the question of whether or not he was executed.

They reported Iran executed some number of people who were believed to be
moles or otherwise guilty of harming the program. According to the sources,
Iran doesn't seem to know with certainty if they got the right people, or if
the executed individuals were merely unwitting carriers who got infected.

It's also possible they didn't care so much and considered this sort of
incompetence/negligence (of course, not such a fair accusation given their
adversaries) a capital offense. They may have executed everyone involved,
wittingly or not, to serve as a deterrent and increase future OPSEC. Many it's
just a bonus for them if a mole also got caught in the net.

This is kind of like a game theory puzzle: if he was executed and you say he
was, you give them valuable information. Same if he wasn't and you say he
wasn't. You could lie, but Iran's intelligence reading this article may
suspect you'll lie. Or they may think it's a double bluff or something.

The safest move to cause the least damage and give Iran as little info as
possible may be to say the mole may or may not have been executed. There's
also the possibility that the sources fuzzed the story a bit: there may have
been more than one mole, or, less likely, zero moles. Intelligence is always
cat-and-mouse mind games, with fact and fiction often intermixed carefully.

~~~
cam_l
Your little game theory puzzle actually just goes to show that 'intelligence'
is mostly FUD.

There was a great article posted the other day on HN suggesting that MI5 had
not, in it's entire history during the cold war, unearthed any concrete
evidence of, or caught any, Russian spies (save for two instances uncovered
incidentally by local police, and one who was a royal and hence never
charged).

But none of that mattered. The appearance of subterfuge and counter, is much
more important than any actual success. And as you suggested, there needn't
have been any mole at all, for the events to play out exactly as they did.

~~~
mav3rick
Who was the royal?

~~~
cam_l
Sorry, can't find the original article at the moment, but here is a wiki link
about the royal spy.

[https://en.m.wikipedia.org/wiki/Anthony_Blunt](https://en.m.wikipedia.org/wiki/Anthony_Blunt)

------
arianvanp
Original article: [https://www.volkskrant.nl/nieuws-achtergrond/aivd-speelde-
cr...](https://www.volkskrant.nl/nieuws-achtergrond/aivd-speelde-cruciale-rol-
bij-sabotage-kernprogramma-iran~ba24df9f/)

~~~
macintux
Discussion (eventually, maybe):
[https://news.ycombinator.com/item?id=20860056](https://news.ycombinator.com/item?id=20860056)

------
trhway
>Germany contributed technical specifications and knowledge about the
industrial control systems made by the German firm Siemens that were used in
the Iranian plant to control the spinning centrifuges

may be it is all just a smoke screen and parallel construction, and the virus
was just included in the next patch update :) Wouldn't be the first time. The
parallel construction is obviously needed to make Iranians and the likes to
continue hunting for moles (sucks to be executed as a mole for an USB drive
that you have no idea about found in your house), tightening security and
wasting their money/resources in all the other ways while still continuing to
buy Siemens/etc.

~~~
lawnchair_larry
When has a vendor previously put a virus in a patch update?

------
miller_joe
Co author is Kim Zetter the Wired journalist who has been covering Stuxnet for
years and wrote a great book on it “Countdown to Zero Day”.

~~~
chance_state
For those interested in this topic but not interested enough to read 450 pages
about it, I would encourage you to check out the book and only read the
chapters that seem interesting.

While the book is somewhat chronological and story-driven, there's still a ton
of interesting info packed into it that I think a lot of HN readers would
love.

------
yasp
Interesting, but why reveal now?

~~~
arianvanp
It took Huib years of Investigative journalism to find this out. The official
stance of the agency is that this didn't happen. And the state was trying to
sue him for publishing his work [https://www.volkskrant.nl/nieuws-
achtergrond/aivd-doet-aangi...](https://www.volkskrant.nl/nieuws-
achtergrond/aivd-doet-aangifte-tegen-volkskrant-journalist-publicatie-over-
digitale-spionage-bevat-staatsgeheimen~b45a9482/)

------
fortran77
It's never been confirmed this was a "U.S. - Israeli" attack, if there was any
attack in the first place.

~~~
freeflight
> if there was any attack in the first place.

So Stuxnet just randomly self-assembled on the Internet, to attack very
specific air-gapped industrial controllers?

~~~
mattr47
Well that is basically how we came into existence, right? Its not like some
all powerful creator programmed our DNA. So, the same random events can happen
with computer viruses.

~~~
earenndil
It is orders of magnitude of orders of magnitude less likely.

