XO....don't read this...you can read it in one of
your favorite rags when the rest of the media catches up!
Ahmadinejad Plots Military Attack on Israel
Unable to Fight the Cyber Worm, Iran Is Bent on Revenge
As Tehran gropes in the dark for a solution to the crisis caused by the malignant Stuxnet cyber worm to its vital
strategic systems, Iranian President Mahmoud Ahmadinejad is reported by Iranian sources as having warned Syrian
President Bashar Assad when they met last in Damascus that he is gearing up for military revenge. Tehran's allies
Syria, Hizballah in Lebanon and Hamas in Gaza should get ready, he said. for Israel to take it as an opportunity to
attack them.
Their conversation took place Saturday, Sept. 18, three days after word of the software invasion surfaced.
Our sources add that the Iranian president admitted he did not know who was responsible for the cyber attack -
and may never find out - but he is certain that either Israel or the United States, or both, launched it to stop
Iran's nuclear program in its tracks. Even if it was Israel, he said, Washington would have known and approved.
Ahmadinejad described the damage to Iran's nuclear and military resources as more devastating than the Israel
raid on Syria's plutonium reactor at A-Zur exactly three years ago.
He reminded Assad that then, too, Israel and the US had worked together to destroy the Syrian-Iranian nuclear
plant under construction by North Korea. Israeli cyber commando units, he said, simultaneously raided additional
Syrian nuclear facilities and made off with nuclear materials, equipment and software which they passed to the
United States.
Ahmadinejad schedules attack on Israel for early October
This, said Ahmadinejad, was the second time in three years that the US and Israel have jointly attacked Iran's
nuclear program - and that is one time too many. Tehran is resolved this time not to let them get away with
fighting the Islamic republic without even declaring war.
He told Assad that although the form the Iranian attack on Israel had not been finally worked out, it would probably
take place during the first half of October at around the dates of his scheduled state visit to Lebanon on Oct. 13-14.
Less than a week after this conversation, the Iranian president stood up at the UN General Assembly and said,
"Most people believe the US government was responsible for the attacks of September 11, 2001." Another theory,
he said, was that "some segments within the US government orchestrated the attack to reverse the declining
American economy and [strengthen] its grip on the Middle East in order to save the Zionist regime."
In Tehran, our sources disclose, these outrageous remarks were later presented to political and military circles as
Iran's first response to the cyber attack. Twenty-four hours later Tehran came clean about it - and not by chance.
Wednesday, Sept. 29, Washington responded to the saber-rattling in Tehran.
Top Iranians accused of murder, torture, beating, rape
President Barack Obama signed an executive order imposing sanctions on eight Iranian officials held responsible
for serious human rights abuses, including the killing, torture, beating and rape of Iranian citizens since the country's
disputed 2009 presidential election. Note that this was the first time Washington had singled out top-flight Iranian
military and security personages for personal penalties. Mohammad Ali Jafari, commander of the Islamic Revolutionary
Guards Corps, was additionally branded a criminal who should stand trial for murder.
The sanctions also encompassed Heydar Moslehi, Minister of Intelligence, Mostafa Mohammad Najjar, Interior Minister
in charge of Iranian security and intelligence services, and Gen. Hossein Taeb, Deputy IRGC commander and head of
the corps intelligence.
Obama only signed the sanctions order this week whereas the eight officials' crimes occurred more than a year ago
following their crackdown on the political opposition which accused the regime of falsifying the presidential elections.
The US president took this step with the clear intention of adding to the demoralization prevailing in high places in
Tehran over their failure to bring the destructive Staxnet worm under control. Details on its ravages and the infighting
at the top of the Islamic regime appear in separate articles below.
The Stuxnet Malworm's First Strike
An Assessment of Initial Cyber-Damage to Iran's Nuclear Program
Here first are two pertinent facts.
Fact One: While expert and Iranian sources consulted by DEBKA-Net-Weekly agreed that Iran's nuclear
program is partly paralyzed by the invasion of the powerfully malignant Stuxnet software, Western intelligence
organizations tracking the program disagree about the scale of the shutdown and its effect on Iran's progress
toward a weapon.
One faction, most of them US intelligence evaluators, points to the difficulty of separating out the damage caused
by the cyber attack from the two other causes of the current slowdown: Technical glitches which Iranian engineers
are unable to repair - is one; the absence of a center of authority in Tehran competent to give the directors of the
program and its various plants and installations the go-ahead for the next stage and earmark the necessary budgeting
- is the other. According to this group, the slowdown from the latter cause is dramatic. It arises from a seesaw within
the revolutionary leadership over where to take the nuclear program next: all the way to a weapon - or not?
The situation within the program is so "chaotic," according to one US intelligence view, that "There is no chance that
in the next 12-18 months the Iranians will be technologically capable of building a nuclear bomb or warheads."
Stuxnet delays nuclear progress - but may not be the only culprit
If this evaluation holds up, then the Obama administration's judgment - that a decision on action must be taken within
a year because by then, Iran will be able to produce an operational weapon - goes by the board. This premise was at
the bottom of President Barack Obama's separate understandings with Saudi King Abdullah and Israeli Prime Minister
Binyamin Netanyahu in recent weeks.
According to this view, the moment of decision has lost its urgency in terms of the need to impose more economic
and financial sanctions and, certainly, for military action.
Fact Two: Iran and its nuclear installations in particular have been under attack since July - not by rockets
or warplanes - or even covert special forces, but by a malworm called Stuxnet.
Is this worm to blame for the partial shutdowns, delays and chaos described as besetting Iran's nuclear program
and the reshuffling of Obama's timeline for it to mature into an operational weapon? The answer to that question
depends on whom you ask.
Three different groups of knowledgeable sources in Washington and Jerusalem:
1. The two are certainly connected.
This group finds it possible that the clandestine organization or organizations which launched the cyber offensive -
whichever they were - took note of the technical malfunctions dogging Iran's nuclear program and used Stuxnet as
a hitch-hiker to make them worse. But even they were surprised when the malworm turned out to be powerful and
harmful enough to open up new diplomatic options for President Obama.
If the US, then the cyber attack saved it from military action
This group is sure it is no accident that the peaking of Stuxnet ravages in Iran coincided with the staging Tuesday,
Sept. 28, of the first United States three-to-four day exercise on responses to a hostile cyber-blitz. The Department
of Homeland Security's Cyber Storm III has deployed thousands of cyber-security personnel from government and
industry to drill their responses to attacks on vital services such as power, water and banks. Tehran would not have
missed this "coincidence."
2. The two are not connected.
According to this theory, the intelligence organizations responsible for the cyber attack on Iran used the paralytic
mess in the nuclear program to leak word of a full Stuxnet virus attack in order to panic Iran's leaders into reaching
the "right" decision about their nuclear drive, i.e. to stop short of building a nuclear device and stand still at the
critical threshold - or else face a full-blown cyber attack by this deadly malworm.
In other words, the cyber attack on Iran is a lot milder than publicly depicted.
Military sources confirm that only three countries ? the US, Germany and Israel - have the technology and skills
for conducting a cyber attack on this order. Since Berlin would not consider such a strike on Tehran, it stands to
reason that it must have come from the US and Israel, possibly without either clueing in the other.
One view claims that Washington resorted to Stuxnet to buy time for avoiding military action against Iran and
succeeded beyond all its expectations.
If Israel, a single malworm shot down Iran's regional pretensions
According to an alternative hypothesis, Israel used its high-tech military cyber intelligence unit to stage the attack.
Tired of being strong-armed by the Obama administration into holding back on a military strike against Iran, Jerusalem
accepted a military intelligence recommendation to substitute a cyber offensive for military action, a course Washington
has never vetoed.
Israeli planners figured that paralyzing Iran's nuclear program, defusing its military prowess and disabling Revolutionary
Guards resources with a single electronic worm, would finally burst the balloon of Iran's pretensions as a mighty regional
power. Its innate vulnerabilities would be paraded, making even its Arab neighbors and allies, Syria, Hizballah and Hamas,
sit up and note their iconic champion's downfall.
Without confirming whether or not Jerusalem was behind the attack and, if so, if it had the nod from Washington,
a senior US intelligence source talking to sources recalled how in September 2007 Israel demolished the plutonium
reactor North Korea was building as a project to be shared with Iran. To disarm Syria's Russian-made missiles guarding
the reactor, Israel activated the radar's built-in kill switch. In Iran, too, the source theorized, someone must have planted
a similar built-in kill switch in the control systems of its nuclear development infrastructure.
In so doing, Israel found a surprising way out of the controversy over a military strike on Iran's nuclear facilities -
at least for the time being. According to this argument, Israel most likely orchestrated the Stuxnet attack and did
so successfully. All that sources can say for certain this week is that whoever was behind the first act of cyber war
against physical institutions of a state never imagined its success would be so dramatic. A partial catalogue of its
results appears in the next article.
Iran Nonplussed
Malworm Stuxnet Proved More Destructive than a Conventional Attack
Nuclear enrichment site in NatanzWith the impact of the first cyber offensive ever inflicted on a state just
beginning to register, the magnitude of the damage Iran has already suffered may be hard to grasp.
The attack which crested in the last couple of weeks has wrought strategic ravages on a scale comparable
to an attack by conventional weapons. The big difference, as military sources point out, is that Stuxnet has
not demolished buildings, military bases or physical utilities - or caused massive loss of life. No more than a
dozen individuals were killed. They were sitting in front of computers which imploded in military laboratories
and installations and civilian utilities or were trapped in fires which flared at big strategic installations when
Stuxnet shut down their systems and networks.
A conventional war on a comparable scale would have caused massive devastation. Strategic and military
infrastructure would have been pulverized and casualty figures soared to at least one thousand dead and
5,000 injured. Most media and Iranian outlets have built their reporting on the new cyber war around
descriptions of how Stuxnet works and guesswork about its source - or sources.
Undisclosed so far are eight pieces of essential data which are exclusively listed hereunder:
Attack focused on nuclear and military targets - less on civilian infrastructure
1. The attack has focused on Iran's nuclear and military resources - less on civilian infrastructure.
The concealed projects of Iran's nuclear weapons program have, in particular, been either partially damaged
and would meet the conventional military definition of "temporarily out of action," or so immobilized as to require
many months, perhaps more than a year, before they are restored to even partial operation.
2. Most of Iran's key military facilities, including the nuclear laboratories in North Tehran, the atomic
reactor in Bushehr, the uranium enrichment plants in Natanz and the thousands of centrifuges spinning there,
are gravely disabled and working at minimal capacity.
3. Some of Iran's military command and control centers at military and Revolutionary Guards Corps
headquarters are shut down, along with field command centers for ballistic missile batteries, key airbases,
air defenses and navy. Alien computer software was found loaded in their networks instead of normal operating systems.
A high-ranking Persian Gulf official remarked that an enemy attack in the last two weeks would have found Iran virtually
stripped of its defenses. A missile strike combined with a commando landing on Iran's strategic sites would have met with
slight resistance. Neither the General Staff nor the IRGC Command was in any state to muster the forces needed to repel
an invasion for more than a few hours. Tehran today, said the source, is a city without protection against an air strike
or a ground offensive.
4. The most serious impairment has been suffered by the military industrial giants, which are relied on in
emergencies to keep up a rapid supply of munitions and replacement parts to the military and Revolutionary Guards
(IRGC) units, intelligence sources report. Hundreds of these plants are near breakdown.
Not thousands but millions of computers affected
The intelligence assessment is that the computers and operating systems of Iran's military industrial complex were
especially vulnerable to viral invasion because their Supervisory Control and Data Acquisition (SCADA) systems are
controlled by the imported Siemens management software called Simatic WinCC, which is used around the world by
armed forces, oilfields, power stations, large communications systems, airports and ships.
5. Intelligence sources familiar with IRGC operations report severe damage to the command centers and training
facilities the Al Qods Brigades runs for foreign terrorists, as part of its external clandestine and terror-sponsoring mission.
Its facilities are forced to operate now at sub-optimal capacity.
6. Iran's key power grid, pumping and water supply stations, the computers controlling public transport, including
railways, and the haulage companies serving major Iranian cities, have been marginally affected. The hold-ups in public
transport and the delivery of fuel and food to the populace are much milder than the shutdowns overtaking national
strategic and military systems. These minor hitches appear designed to give Tehran a broad idea of the wholesale
paralysis awaiting Iran if the operators of Stuxnet take their attack to a higher level.
7. At the end of last week, the Iranians reported 30,000 of their computers had been affected. Monday,
September 27, some Iranian sources were talking about 45,000, including 30,000 in the Bushehr nuclear reactor
and military facilities alone. (Administratively, the Natanz uranium enrichment facility is located in the same
province as Bushehr)
According to sources, Tehran issued these low figures to downplay the scale of the damage for the benefit of the public.
In reality, Western intelligence calculates that millions of computer systems and personal computers were struck.
Our sources say that a Stuxnet invasion of just one sector, such as the military industry or banks, could disable
three million computers in less than half an hour.
Stuxnet's massive theft of computerized Iran intelligence secrets
8. Iran has taken a huge intelligence setback from this digital invasion aside from the physical damage.
Intelligence sources report that no one aside from its programmers can tell how much intelligence data the Staxnet
raiders extracted from Iran's military, intelligence and industrial computer systems before they were discovered.
All the Iranians know at present is that the malworm, which was kept latent inside their most sensitive computers
for months before it was activated, was not idle.
It captured every scrap of data the targeted systems processed, received or loaded onto other local or outside
computers and transferred it directly to an unidentified operating center abroad.
Tehran's nuclear, military, financial and intelligence systems were stripped of their secrets and laid bare to
alien eyes to a degree unparalleled in any world conflict. Yet Iran has no notion of who the cyber raiders
are or exactly what secrets they have purloined. The only way they could assess the damage was to determine
the approximate date of the Stuxnet invasion and assume that all the information processed from that date on
had been stolen. And that is exactly what Iranian intelligence experts have done.
They fixed January 1, 2010 as the malworm's first day of operation inside their systems and are treating the
entire body of technological, intelligence and personal information which passed through Iranian servers and
personal computers from that day on as compromised material.
Does anyone have the code for undoing the malworm?
On Monday, September 27, Hamid Alipour, deputy head of Iran's government-owned Information Technology Company,
who has been assigned to lead the counter-attack on the cyber assailant, warned that the Stuxnet worm is "mutating
and wreaking further havoc on computerized industrial equipment." He said, "The attack is still ongoing and new versions
of this virus are spreading."
According to this Iranian computer expert, the hackers, who enjoyed "huge investments" from a series of foreign countries
or organizations, designed the worm to exploit five different security vulnerabilities." It is not a "normal" worm, he stressed.
His words indicated that Tehran is completely at sea over the crisis, with no notion when the cyber attack will end or who
is behind it. The next day, the head of the Atomic Energy Organization of Iran, Ali Akbar Salehi tried to correct the impression
of panic. But he was forced to admit that the country's first nuclear reactor, inaugurated with much fanfare in August, faced
a delay of at least two or three months before it supplied energy. He denied that the reactor had been hit by the marauding
virus.
Wednesday, Sept. 29, sources disclosed that Iran had secretly approached computer security experts in West and East
Europe, offering them substantial payment for advice on how to get rid of the worm.
Those experts turned cagey when Tehran refused to tell them exactly which plants, strategic centers and control systems
were under attack, allow them access to personally inspect Stuxnet's targets or describe the changes made in imported
control systems. These experts described the Iranian officials they spoke to as sounding desperate. Iranian computer
security experts had found their efforts to purge the cyber raider made Stuxnet more aggressive than before and triggered
a second round of attacks.
Military sources say that the Iranians are not the only ones stumped for solutions to the first cyber offensive in the history
of war. World intelligence chiefs would dearly like to know whether the inventors of Stuxnet who planted it in Iran are still
in control of the destructive malworm.
Discord at the Top Delays Iranian Action against Cyber Worm
Ayatollah Khamenei Turns His Back on Ahmadinejad
Ever since 2007, whenever Israel raised the need for military action to wipe out Iran's nuclear bomb drive, Washington
argued that the ensuring war emergency would only unite the Iranian people behind its rulers and their policies. The supreme
spiritual leader Ayatollah Ali Khamenei and President Mahmoud Ahmadinejad would profit by perpetuating their radical grip on
the regime.
This week, under the biggest cyber attack in the history of world conflicts, Iran swept this theory away. Even in the
big cities where some key systems and personal computers were disrupted by the invasive virus, there were no popular
rallies behind the government. In any case, the leadership itself was split down the middle by a division at the top.
Ordinary Iranians were a bit surprised by the unusual openness allowed the media in reporting the details of the attack -
but remained passive. They were not even roused from their apathy by the official IRNA news agency's revelation Monday,
Sept. 27, that "personal computers are also being targeted by the malware. Although the main objective of the Stuxnet virus
is to destroy industrial systems, its threat to home computer users is serious."
People just shrugged and waited to see what the government would do about it. They showed no sign of sympathy for
the troubled regime or worry about the setback to Iran's nuclear program - certainly not for the Revolutionary Guards'
struggle against the computer worm. Just the opposite; they sat back and watched to see if the regime cracked.
Iranian citizens were not the only ones waiting and watching.
Popular confidence in organs of state ebbing
A large slab of the population with a direct vested interest in the regime beating the malworm is reported by Iranian
sources to be getting increasingly nervous.
Hundreds of thousands of officers and rank and file of the Revolutionary Guards (IRGC) and possibly millions of basij militiamen,
who are charged with maintaining public order in the cities, have been brainwashed for many years into trusting that Iran is
the top boss of the region, a world-class military power which is more than a match not only for little Israel but for mighty
America.
Among these guardians of the regime, who are also its dependants, the suspicion is suddenly growing that the giant has a
weak center. They see their infallible political and military leaders falling down against the challenge of a malignant computer
worm consuming their advanced systems of governance and war.
Now they are not sure whom or what to believe.
The IRGC's deputy commander Gen. Hossein Salami was sent Monday with soothing words to reassure them. He announced
that the Corps and the armed forces had produced protective devices applicable to all points of the country. Iran possesses
"all the defensive structures it needs to fight a long-term war against the biggest and most powerful enemies" and "more
advanced weapons and equipment than in the past," he said.
What weapons systems was Gen. Salami talking about? his once blindly obedient subordinates wondered.
Why the sudden
talk about "fighting a long-term war?"
His words did nothing to allay the uncertainty spreading through this bastion of the regime any more than the streets of Iran.
Because the regime doesn't have a clue how to deal with the cyber attack, no one can tell what tomorrow will bring.
Recruited two days later was the head of the Atomic Energy Organization of Iran, Ali Akbar Salehi. He met with the same
skepticism as the IRGC commander when he said "The virus has not reached the main system?We have started protective
measures for computers since last year and we intensified them two months ago to prevent any virus." Denying the Bushehr
reactor had been damaged, he added: "I say firmly that enemies have failed so far to damage our nuclear systems through
computer worms despite all their measures and we have cleaned our systems."
The trouble is that Salehi was forced to admit to a delay of several months in activating the Bushehr reactor.
Moreover, a day earlier, on Tuesday, Sept. 28, another Iranian official, Hamid Alipour, deputy head of Iran's
government-owned Information Technology Company, warned that the Stuxnet worm is "mutating and wreaking
further havoc on computerized industrial equipment" and "new versions of the virus are spreading."
A greater peril to the regime than the 2009 opposition uprising
The truth is that Iran's rulers, aware for almost two weeks of Stuxnet's depredations, recognize that their
regime's stability will be in dire peril as soon as the people, the troops and the intelligentsia catch
on to their helplessness in overcoming the rampaging worm. Their peril could be more acute than that posed
by the Green opposition movement which challenged the presidential election results in July 2009.
Yet the men who rule Iran have been unable to pull themselves together and get to grips with the hazard
because they are busy sparring with each other. As they maneuver for the high ground, Iranian sources report,
Ayatollah Khamenei and Ahmedinejad are wary of committing themselves to steps that might give the other the
upper hand.
The falling-out started in recent weeks when spiritual leader decided to turn his back on his prot?g? the president
and his close circle and revive his old ties with Ahmadinejad's arch-rival, ex-president Akbar Hashemi Rafsanjani,
a veteran powerhouse of Iranian politics who lent his support to the Green opposition's uprising last year.
This rapprochement was unfolding when Ahmadinejad stood before the UN Assembly on Sept. 23 and accused
America of being behind the 9/11 terrorist atrocity.
That speech was over the top even for the fire-eating Iranian president. Our Iranian sources report that he fired
two barrels - both to settle scores over the Stuxnet attack and as a battle cry against Khamenei's alliance with
a foe judged a relative pragmatist in terms of revolutionary Iran.
The first outward manifestation of this alliance occurred on Sept. 21 when Rafsanjani met with the families of
political prisoners, many of them jailed to silence the opposition to Ahmadinejad. According to Rafsanjani's website,
the meeting in his office lasted about three hours. The former president listened to every one of his visitors and
asked them to be patient.
"Liberty and justice are among the most important goals of the Islamic Republic and some shortcomings will certainly
not prevent [us] from reaching these noble goals," he said. He then explained that taking their demands to "agents"
(a reference to officials, many of them accused of abusing political prisoners) would not guarantee a positive response,
but he promised to address them to the Leader and hoped "it will not be fruitless."
This promise and other signs were quickly translated by political observers in Tehran as meaning that Khamanei had
opened his door to Rafsanjani and embarked on an epic shift away from Ahmadinejad's clenched fist toward an o
utreach to Iran's more liberal circles using his new ally as a bridge.
Iranian hardliners alarmed, Saudis amused
This shift alarms the extremist clerical factions and hardline IRGC commanders which make up the president's following -
all of them ardent advocates of Iran's acquisition of an arsenal of nuclear weapons and warheads. They see their great
dream going up in smoke if the spiritual leader is swayed by Rafsanjani and his long-held proposition that Iran should
set the stage for a nuclear capability by putting in place the technology and tools for assembling a weapon - and then
step back before crossing the line into building one.
This position would bring Iran a lot closer than it is today to the policy espoused by President Barack Obama.
It is hard to imagine Ahmadinejad letting it all go without a fight. Finding its Iranian neighbor doubly beleaguered
by an unstoppable cyber attack on their computer and control systems, on the one hand, and a domestic quarrel,
on the other, the rulers of Saudi Arabia were not above rubbing their hands in delight.
Tariq Alhomayed, editor-in-chief of the most important Saudi newspaper A-Sharq al-Awsat, the royal family's chief
mouthpiece wrote in its latest issue: "Despite all Iran's propaganda promoting the idea that it is the 'superpower'
of the Middle East, a power capable of confronting America, according to the Iranian President, Tehran today is
at the mercy of the 'Stuxnet' electronic virus. "Today, it is highly significant that a virus, resembling a 'worm,'
has managed to destabilize Iran. This has occurred despite all the Iranian statements, such as the infamous
'missile' propaganda, and other images of misinformation which have been broadcast by Tehran every day."
No one who counts in Damascus, Ankara, Beirut or Gaza will have missed this comment knowing it comes
from the horse's mouth in Riyadh. The planners of the Stuxnet assault on Iran will also have drawn their
own conclusions.
