The 2020 Tokyo Olympics begin on July 23, albeit delayed by a year due to the Covid-19 pandemic, and are still raging today with a mutated but more virulent Delta variant. There are already a few cases where athletes and officials have tested positive for Covid-19 even before the games have officially started. Nonetheless, more than a decade ago, there were other Olympic Games that demonstrated to the world the possible use of cyber resources in a real-life operation to carry out sabotage. Operation Olympic Games, or better known as the Stuxnet attack on the Iranian nuclear facility in Natanz, was a cyber sabotage operation that ran between 2009 and 2010 and is suspected by the US and Israel.
Iran has been suspected of developing nuclear weapons at its uranium enrichment facility at Natanz, and Israel is considering ways to destroy the facility. Israel launched Operation Orchard in 2007, during which air strikes supported by electronic warfare bombed and destroyed the Syrian nuclear research building at the Al-Kibar site. The air strikes by the Israeli Air Force F-15I and F-16I fighter jets were aided by a combined electronic and cyber attack on Syrian air defense systems called Suter, which involved breaking the data link that Syrian radars with their radar operators’ screens (they would become blank screens see). The United States might have been concerned about more serious consequences if the Israelis had launched an air strike on Natanz and allegedly pursued a cyber-sabotage program with the Israelis.
A sophisticated worm, later known as Stuxnet, was developed to infiltrate Iranian industrial computers (programmable logic controllers, PLCs) with the Siemens Step 7 software (used in Natanz) via zero-day exploits. The worm was designed to infect only those selected computers as it should not be spread around the world. Stuxnet can copy files, observe computer screens and keystrokes, remotely control computer functions including turning on computer microphones and recording covert voices in the vicinity, turning on bluetooth and logging into smartphones and other devices, and sending false feedback to controllers scientists watching the screens, did not see the actual results).
Stuxnet would infect industrial computers and secretly sabotage the monitoring and data acquisition systems (SCADA) by manipulating the controls on the valves that pump uranium gas into the centrifuges in Natanz’s reactors. It accelerated the amount of gas and overloaded the spinning centrifuges, causing overheating and serious damage. Everything would look normal to the Iranian scientists watching the computer screens and the intent was to blame the scientists for the mistakes.
However, the Iranians knew about the danger of cyber attacks and had taken the computers connected to the reactor offline, cut the connection to cyberspace and thus effectively created an “air gap”. Despite all of its sophisticated cyber infiltration functions, the malware was physically inserted into Iranian computers by an unknown agent via a USB stick.
The malware served its purpose. She managed to destroy a quarter of Iranian centrifuges and temporarily halt the nuclear program while the Iranians sought an explanation. Stuxnet accidentally started infecting some computers outside of the Natanz facility, and it wasn’t long before antivirus companies Symantec and Kaspersky discovered this.
According to various estimates, the Iranian nuclear program has been temporarily postponed by six to twelve months. It wasn’t until the 2015 nuclear deal, the Joint Comprehensive Plan of Action (JCPOA), signed with sweet rewards, that Iran cut most of its nuclear program. However, the US exit from the deal in 2018 has been suspended. Iran has resumed part of its nuclear program since last year.
Iran has also learned from the attack on the Olympic Games and developed its own cyber offensives. Stuxnet-like malware, later known as Shamoon, attacked the computers of Saudi Aramco, an American-Saudi Arabian oil company, and wiped out 30,000 of their hard drives. The origins of the shamoon malware are often attributed to Iran.
More than a decade later, cyber resources are now commonly and widely used for information gathering, sabotage and intelligence operations by large numbers of states and non-state actors, for criminal activity or strategic purposes, or both. The recent Colonial Pipeline ransomware incident and Microsoft Exchange cyber espionage continue to demonstrate the evolving forms of cyber operations.
Operation Olympic Games has shown the enticing potential of using cyber resources to carry out sabotage and network exploitation tasks. Nevertheless, the Olympic Games also vividly illustrated the paradox of strategy – that every new tactic or technology loses its surprise effect after its first use. The adversary will learn to adapt and develop ways and technology to counter this and may even carry out their own sophisticated and more devastating counter-offensives. Similar to the sporting Olympic Games, athletes learn from their own strengths and weaknesses and from the strengths and weaknesses of their opponents in order to develop their training regime in such a way that setbacks are turned into triumphs.
Adam Leong Kok Wey is Associate Professor of Strategic Studies and Assistant Director of Research at the Center for Defense and International Security Studies (CDISS) at the National Defense University of Malaysia. His latest books are Eastern and Western Perspectives of Strategy and Special Operations, edited by NDUM Press (2021) and Killing the Enemy! Assassination Operations During World War II, published by Bloomsbury (2020).
Image: Reuters.
Comments are closed.