The Rest Is Classified - 71. Israel Attacks Iran: The Dawn of Cyber Warfare (Ep 4)
Episode Date: August 5, 2025How did the Stuxnet cyberweapon, designed to be covert, break out into the wild? What were the world-changing implications of this sophisticated attack on Iran's nuclear centrifuges, and what happened... when it was exposed? Listen as David McCloskey and Gordon Corera reach the finale of their series on the Stuxnet cyberweapon, discussing its discovery by cybersecurity researchers and the subsequent shift in tactics against Iran's nuclear ambitions. ------------------- To sign up to The Declassified Club, go to www.therestisclassified.com. To sign up to the free newsletter, go to: https://mailchi.mp/goalhanger.com/tric-free-newsletter-sign-up ------------------- Get our exclusive NordVPN deal here ➼ nordvpn.com/restisclassified It's risk-free with Nord's 30 day money back guarantee ------------------- Order a signed edition of Gordon's latest book, The Spy in the Archive, via this link. Order a signed edition of David's latest book, The Seventh Floor, via this link. ------------------- Email: classified@goalhanger.com Twitter: @triclassified Assistant Producer: Becki Hills Producer: Callum Hill Senior Producer: Dom Johnson Exec Producer: Tony Pastor Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
For exclusive interviews, bonus episodes, ad-free listening, early access to series,
first look at live show tickets, a weekly newsletter, and discounted books,
join the declassified club at the rest is classified.com.
It would be irresponsible for someone of my background to even speculate,
But it's not speculation to know that someone just used a cyber weapon to affect damage,
not in the cyber domain, but in the physical domain.
That's the first significant crossover that we've seen.
Now look, I tell audiences that crashing a thousand centrifuges at a time is almost an unalloyed good.
But when you describe what just happened there in a slightly different way,
someone just used a cyber weapon during a time of peace to affect physical destruction
in what another nation would only describe as critical infrastructure,
Well, you've got to realize that although that was a good deal, it was also a really big deal.
And it does have second and third order effects.
A new class of weapons has been used.
Go deeper into history and say somebody's crossed the Rubicon.
We've got a legion on the different side of the river now.
Well, welcome to the rest is classified.
I am David McCloskey.
And I'm Gordon Carrara.
And that, Gordon, is an interview that you did.
Those are not your words, but those of General Michael Hayden.
Former director of the NSA and the CIA in an interview with you back in 2013, not taking
responsibility for Stuxnet, but commenting on the sort of world-changing implications of this
cyber weapon. And we are now, dear friends, in the final episode of our series on this really
first attack on Iran's nuclear program. And the U.S. and Israel have unleashed
this code, which has come to be known as Stuxnet, which has targeted Iran's very precious
centrifuges with this kind of remarkable precision and sophistication.
And the Iranians, now it's been three plus years at this point of this code working
its way through largely this facility, this enrichment facility at Natanz.
And things have been breaking.
Machinery has been slowing down.
And where we left last time was that this code, this worm, has broken out into the wild.
And cybersecurity researchers in Europe and the states are starting to see, really all over the world,
are starting to see this code appear on their computers.
And at the same time, the U.S. and Israel, allegedly, are stepping up the game to try to bring even more pain to Iran.
nuclear program. That's right. The secret is out by the summer of 2010 and this code which was designed
to be covert is now being found on machines around the world. It's not shutting them down
because it's not designed to, but it is visible and people can start to look at it. I can remember
talking to an interesting chap called Eugene Kaspersky soon after. He's the flamboyant Russian
founder of the antivirus company Kasperski is named after him. And he remembers his team coming
into his office and saying, we've been waiting for something like this to happen. Well, it's
happened. Kasperski says he'd been worried about an attack on physical infrastructure using
codes since 2002. He says he decided not to speak out in case it gave attackers the idea.
That was until he realised the cat was out of the bag. When he saw the film Die Hard 4, Live
Free or Die Hard, in which Bruce Willis battled cyber terrorists, which I should say is one of
our producer Callum's favourite films. He was saying,
earlier, and suggesting that we should basically have just kind of talked about that film
for the whole of this series.
Could be a bonus episode.
Could be a bonus episode.
Thank you, Hollywood, Kasperski says, when that film comes out in 2007.
Because, you know, it's not entirely realistic, but it is the idea that you could.
Oh, it's not?
Yeah, I think the cyber security aspects of it may not be perfect.
But as a concept, it's a good example where Hollywood does get things right.
Because as a concept that hackers could take down physical infrastructure, it is right.
But now it's for real.
You know, now in 2010, it's for real because Kaspersky, other cybersecurity researchers,
have basically got a cyber missile in their hands.
And they have never seen anything so sophisticated.
And it's so interesting what happens in the next few months,
because you see this kind of hive mind of cybersecurity researchers go into action.
And I've watched it lots of times since.
then where it's often done on social media platforms. It used to be mainly on Twitter and X,
where people are saying, I found this, I found that, and they're starting to publish,
talk about what they're finding. Often, you know, one person's an expert on one bit of code,
one's on another, but they're starting to piece it together collectively this group of
cybersecurity researchers, sometimes just work for tiny companies, sometimes they work for the
big, big companies. Best book on this, mentioned it before, Kim Zeta's Countdown to Zero Day.
because that goes through the process of discovery as people are trying to look at the delivery system, the missile, as well as the payload of the code that was in it.
And they can see that this is completely different from anything they've seen before in sophistication.
Normally attackers build on existing tools and code, but this is different. It's completely original.
Two particular individuals, Liam Amercher and Eric Chen of Semantec, see a kind of series of really unusual elements.
to this. I mean, one of them is that it's going to use this attack for what are called zero days,
a bit of jargon, but a zero day gets its name because it's an undiscovered vulnerability in a
piece of code. So normally you say it's four days since this has been patched. A zero day,
there's zero days since it's been patched because it's not been patched. There's not a solution
to the vulnerability. And therefore, it's incredibly valuable a zero day because it is a way
that's not yet been discovered to get into a system.
Well, and it's actually a product, right?
I mean, it's something that if discovered can be sold effectively.
Yeah, a zero day is really valuable.
There's a market for zero days where people who find them, who look for vulnerabilities,
then sell them.
You can sell them back to the company, you know, to Apple or Google or whoever,
and they'll pay for them.
Or you could sell it on the black-gray market to people who want to use the vulnerability
maliciously. And the fact that they've got four zero days in this, that is unprecedented. Because
why would you need four, you know, in one system? It's because this virus is getting into different
systems. And someone could have sold those for money. So immediately, you're like, this is not
criminals. No criminal hacker would be investing this much time and using this much code.
It's stolen legitimate digital security certificates from a company, I think, in Taiwan. It wasn't
faked. It was real. Again, that is high end. But,
But they can also see these researchers from Symantec, when they map the location of where the
infections have happened, of the 38,000 machines they tracked, more than 22,000 were in Iran.
So you can already see like, this is like, this is a very sophisticated KDivit code,
and it's really interested in Iran.
It loves Iran.
And then, you know, they're not experts on industrial control systems, but you get experts like
Ralph Langer, who is an expert, who suddenly.
he goes, okay, this could be used to attack centrifuges. Centrifuges are in Iran. People start
publishing online in research papers. Some of the details of this takes a while because people
can't quite grasp what it is. So it's taking months really for people to piece it together.
And this is, by the way, where it gets the name Stuxnet. What is that a reference to?
I think it's just a tiny reference in some of the drivers and the code to Stuxnet. And that often
happens. People just will pick out something and they'll just call it that because it looks like a
unique name. I always find it interesting with these cyber researchers because they are at this
point exposing what they must realize is a nation state espionage program. And you're a private
cybersecurity researcher. And you are making public or publishing details of a covert action
program. And I think you can sense some of them are, it's not that they're nervous about doing it
because they think they have a duty to do it
because there's a risk to systems from this
and from all these vulnerabilities, which have been found.
But they're worried, you know, are they going to get spied on it?
Is this going to have some implications for them?
It's kind of interesting.
And they get a bit paranoid.
You know, they're starting to check under their cars for bombs.
You know, they're worried about being tailed.
I mean, they really are.
They're hearing clicks on phones.
All that kind of stuff is happening to these cybersecurity researchers
as they're publishing it.
They think the CIA are on to them.
They're in a Jason Bourne film, basically.
I understand why you would be paranoid, but I find it highly implausible that cars were beaconed or that anyone was followed or anything like that. I just don't. I don't see it.
If you were a cybersecurity researcher, you probably would get a lot of other international spy agencies hacking into your systems to see what you're discovering and what you know those. So I could imagine cyber espion.
Oh, yeah, that would be fair game of like if you're, yeah, if you're running a cybersecurity firm in somewhere,
in Europe or in Russia or something.
Yeah, I mean, there could be an interest in learning what you know about it.
Although the reality is, from an American standpoint, hypothetically, you already know what
this thing is.
So you have to assume, I think, once it's out in the wild, I mean, this is why we set up
that wonderful cliffhanger, Gordon, at the end of the last episode, where, I mean, once it's
out, you have to assume, I think, that you're running on sort of borrowed time and that you just
have to use this thing inside Iran as much as possible before it comes out.
Collecting on the cybersecurity research is actually doesn't seem particularly valuable to me,
to be honest, because you're like, well, it's out. We know what this is. They'll piece it together.
They'll discover eventually that the target is the Iranian nuclear program. So we just got to
work with the time we've got and do as much damage as possible before this thing comes to light.
And it's starting to become obvious, you know, who was behind it. And there are interesting
clues in the code. One has a string of numbers that look like a dead.
date. I think it's 1979-0509. And it was the day the researchers realized that a prominent
Iranian Jewish businessman was executed by firing squad in Tehran shortly after the Islamic
revolution for allegedly being a spy. Now, it's interesting, isn't it? Because you find
a date like that in the code and you go, well, that's an interesting date. Is it a clue that the Israelis
are behind it? Is it a false trail? Someone else has left? I always find it interesting because people
do leave these Easter eggs and these little clues in code. And code writers love doing that.
I always find it interesting. It's like a game that they're just showing off or leaving a trail
for people to follow. There's another word, Murtis appears in a file name, which in Hebrew was a
link to the name Hadassah, which was the name of a biblical figure, Esther, who married a Persian
king and saved the lives of Jews when she pleaded for their lives after learning of a plot
to kill them all. Again, you know, all of that is starting to point perhaps towards Israel,
as well as perhaps towards the US.
And in the US, meanwhile, there is a blame game, unsurprisingly,
about the fact that it's getting exposed.
I find that may be unsurprising in Washington.
That seems unsurprising.
But yeah, the briefing afterwards will all be,
it was the Israelis fault.
It's kind of interesting.
What's the logic there that it was the Israelis fault?
The logic is that they had rushed
and that the code was somehow sloppy
and that sloppy code had been put in
which had allowed it to escape and therefore get discovered
and that the Israelis had done some modification to the code,
maybe to speed up the propagation of the worm
or make it more likely to spread.
And there's some questions about whether the US were part of that,
were cognizant of it, whether the Israelis did it themselves.
But of course, that's the briefing from Washington,
much easier to blame someone else.
But by the point of November 2010, it's out there.
And a few months after it's first in the wild,
the finger is pointing pretty clearly
because of some of the back history
of some of the code
and some of the things they can find in it
that it's the US and Israel.
What about the Brits, Gordon?
I feel like in most of our series,
you throw the Brits in,
even when they're not invited to the party.
You think about who might have been involved in pieces of this.
It would seem reasonable to assume that GCHQ or SIS would have played
some role somewhere, just thinking about the closeness of the relationship in particular with the
Americans. How would I put it? I find it plausible. I remember talking to one very senior British
intelligence official at the time, and they said they were not surprised when Stuxnet happened and
was revealed. And that's a wonderfully ambiguous statement, isn't it? Because you can be not
surprised because you were part of it. Or you can not surprised. You can be not surprised because
this is the kind of stuff we'd expect the Americans and the Israelis to do. I get the sense that they
were at the very least aware of it.
And there are some indications from some of the early espionage code.
There might have been some British involvement in that.
There's actually some really interesting suggestions from our friend Edward Snowden's documents.
But there have been perhaps some British role in the espionage bit.
So what I don't know what you think, David.
My instinct is that other countries may have been involved in this.
But definitely US-Israel at the core, I think the other countries may have been involved
in kind of modular bits of Stuxnet.
So we talked a bit about whether the Dutch had been involved
in getting an engineer to plant one of the USBs,
whether he knew what he was doing,
whether the Dutch knew it was sabotage rather than espionage question mark.
But I definitely feel like others might have been involved,
but maybe not at the absolute core of this.
It also seems plausible to me.
I mean, you look at two pieces of this shadow war, right?
the assassination of scientists and then the sort of cyber program to degrade and affect
Natanz. And it's very easy for me to understand why on the assassination front, the Israelis are
going it alone, right? There would be a lot of other countries that would say, nope, not going to do
that, not going to have any part in killing civilian scientists. But then on the other side,
on the cyber piece, I can see why there would be a whole host of countries.
with real interest in getting involved in that program, right? Because it's not going to kill
anybody. It's going to slow Iran's, you know, progress toward a bomb. And so I can see why as that
develops, there would be logical bits for other friendly intelligence services to sort of plug
into to get access to reporting that they otherwise might not have and to take part in kind of
slowing this down. So I think it seems likely to me that there's probably a whole bunch of
countries outside of, allegedly, the U.S. and Israel that are involved in different pieces of
this. I mean, I don't know how big the group was, but I think it's probably not just the CIA and
NSA and Mossad. Yeah, there might have been a few more people playing at the Olympic Games.
But by the time you get to November 2010, cybersecurity searches are published material.
And at that point, November 2010, technicians at Natanz bring the spinning centrifuges basically to a halt because they're aware of something's going on.
And it does look like, though, and we'll come back to the kind of overall damage, but it does look at that point, the kind of swing for the fences has hit and maybe taken down about a thousand of those centrifuges.
But fascinatingly, you know, you mentioned assassinations there.
So November 2010, Stuxnet now exposed, so it looks like that covert action is over.
that same month, Israel assassinations a nuclear scientist in Tehran using a bomb planted by a
motorcyclist. To me, that confluence of timing is fascinating, isn't it? Because it does suggest
that Israel, perhaps, assuming it's Israel, we all think it is, Mossad doing the assassinations,
has basically gone, okay, that covert action is done. We may now need to up our game
with going back to the assassinations and push that to kind of degrade the nuclear program.
there had been a bit of a pause hadn't there in the assassinations. And that pause kind of
tracks when Stuxnet is doing the most damage. To me, that feels a plausible argument. It's hard
to know for sure. I think that would be just more evidence for the kind of hypothesis I laid out
where the Israelis are doing the assassination stuff alone. There's a broader group that's doing
Stuxnet. If Stuxnet is basically rolled up, the Israelis figure, well, okay, back to this
blunter instrument, right, of trying to degrade the program.
And it's really interesting because some of those cyber security researchers, you know,
out in the private sector, who'd been exposing Stuxnet, actually say they feel physically sick
when they hear about the assassination, because they are wondering, did their exposure
of the computer code lead Israel to switch from using code to killing people?
And I guess they, for them, suddenly realize, you know, they're computer researchers,
cyber researchers, and they're dealing in matters of life and death, effectively.
Sure.
I mean, they can't possibly be held responsible for that.
No, I think it is true, right?
I mean, there's pretty solid arguments we've made based on the timing that the Israelis
precisely because the code got out decided to go back to killing.
And I guess maybe there, Gordon, to take a break.
And when we come back, we'll look at all of this and what it means for the Iranian nuclear.
program, what it means for cyber war, and I think what it tells us about the most recent
batch of strikes.
See you after the break.
Well, welcome back.
The Stuxnet worm is out in the wild.
The Iranians know about it.
And I guess the question now, Gordon, is what in the world are the Iranians going to do about
all this?
Yeah.
So part of it is they start to clean their.
centrifuge program of the virus, unsurprisingly, wipe it down, get out the wipes, and protect it even
more, which is going to make it harder. But it's also Iran's going to hit back in cyberspace.
They'd already built some cyber capacity, particularly actually to target that green movement,
the protest movement, around 2009, 2010. They built up cyber militias to do surveillance on their
own population because they were worried that social media was being used to organize them. But
now they start to use some of their cyber capacity to go on the attack. Very interesting, 2012,
so still a couple of years later that summer, there's an attack on the Saudi oil giant Aramco,
and 30,000 computers belonging to Aramco are crippled. They're wiped by something called a wiper.
The code hadn't been executed quite properly, but a burning American flag appears as an image
on some of those machines. A bit of a message. It didn't actually stop.
oil and gas production, though.
I think that's one of the interesting things about it.
It damages the corporate network, but it doesn't get to the controllers.
It doesn't move into the physical world.
Exactly, which is the key to Stuxnet's success and what makes Stuxnet so unique
is it moves from the corporate network or from a regular network onto the controllers.
So it's a show of force, but it doesn't have the impact that Stuxnet is going to have.
Although it does freak out, I think, a lot of companies.
And I remember that at the time, because they're all suddenly realizing
Iran is retaliating against companies rather than against Western states.
And they then attack a whole load of banks and American banking websites.
But again, it's not super sophisticated.
They just take their websites offline for a couple of days by flooding them with traffic.
So it's Iran hitting back.
Everyone assumes it's Iran.
They're not going to hit back by launching missiles.
They're not going to block the Straits of Hormuz at this point.
But they're going to fire a warning shot.
against companies, probably oil companies and financial companies, because they're imposing
sanctions on Iran's financial and oil industry. So it makes sense. And it is a bit of a surprise,
I think, in the West, because it shows Iran is capable of hitting back. There's going to be
more of these, you know, back and forth between Israel and Iran. There's one attack on the Iranian
oil and gas ministry computers in which the song Thundersruck by ACDC, which is a particular
favourite of mine, is blared out at full volume on computers in the middle of the night, which
That's a, that's a cyber attack I like.
I've got sympathy with that.
You know, a bit of, a bit of ACDC.
Maybe that could be our podcast theme song, Gordon.
That could be one of our, one of our, exactly.
Well, to see, I don't, I don't think the, I don't think Callum and Becky, our producers
are going to like changing their music.
It's too late.
Yeah, exactly.
Get into all kinds of copyright issues.
But I guess the point is that we're now moving into this era in which cyber attacks are
picking up.
Things are going to escalate in cyberspace.
end of 2015, Russia turns off a Ukrainian power grid.
So again, it's the using a cyber attack, but to turn off a power grid, only for a few hours,
but you're getting this movement of cyber into the real world in a limited way.
And it's interesting. China, when it's accused of spying in cyberspace, they go, yeah,
but you, the US, are the ones who militarized cyberspace first and introduced destructive cyber attacks.
not in one sense. They're right. You know, this idea of cyber sabotage, below the threshold of war,
grey zone attacks, makes cyber tempting, states start to move into it. And so there is this,
who crossed the Rubicon, who put the troops on the other side of the river first. It is the United
States. Allegedly. Now, I think you can also say it would have happened anyway.
Absolutely. You could see the vulnerability of these systems. And I find it hard to believe
that the Russians would have gone, oh, we're not going to attack Ukraine. We don't know. Exactly.
We found a way we just won't, we won't be the first to do it.
Yeah.
Right.
I think the conversation around the should here to me, I don't know, isn't particularly
interesting because it just seems inevitable that it would have happened at some point.
But it is fascinating that when you think about what is the kind of modern day analog to the Manhattan
project, right, or to the atomic bomb, I think there is a great argument to be made that
it is Stuxnet.
It is the first connection point between cyber conflict and the physical world, such as the
Iranians taking down a Saudi computer network and putting up pictures of a burning American flag
on the monitors, right?
It's affecting outcomes in a world of atoms through, you know, bites and zeros and ones,
which is incredible.
Yeah, I agree. I mean, it is that when Michael Hayden talks about having the whiff of August 1945, you know, in Hiroshima as being a good example. I think it, you know, it is an interesting analogy. It's not quite the same. As he says, it's got a whiff of it. It's not a direct analogy. But it is interesting, isn't it? Because it is a bit like Hiroshima. The US is the first to use the atomic bomb. It's the first to develop it. It is different, I guess, because it's stealthier. It's more deniable than an overt use of military.
force. So in that sense, it isn't quite the same. I think always think cyber nuclear analogies are a bit
of a mistake. But it is a big moment. I think it is the kind of crossing of a threshold, which is to say
you can take down a piece of critical infrastructure outside of war with a cyber attack. I guess the
only thing that I think is that it's really hard to do. You know, I think that is the key thing
about Stuxnet, which I think is often misunderstood, is that this is not easy. And I think
if there's one message from, is that this took years and a bit like the Manhattan Project,
it takes millions of dollars, years of effort and the best offensive hackers that the US
and Israeli government and perhaps other governments have at their disposal in order to be able to
do this one covert act and one act of sabotage. I find that fascinating. Yeah, it's not a bunch of
people in a suburban basement eating pop tarts, right? And figuring this out. This is a state level
effort that's got a whole bunch of infrastructure and funding behind it. Although you have to figure
the comparison to the Manhattan Project breaks down a little bit here because I would figure that
even though there are real barriers to entry, it's not as high as developing a nuclear weapon.
It is more dangerous in that way because the marginal cost of chaos in this world is lower
than in nuclear, I would think.
No, that's true.
And actually, one of the problems is some of that code can get out into the wild and then
people can repurpose it and use it.
And that's one of the worries about Stuxnets.
People are going to do that.
Luckily, that hasn't happened, though, right?
No, no.
But, well, there is another moment where listeners might be interested in that 2017, the UK NHS
gets taken down by something called WannaCry, which is a really interesting story.
And we should definitely do it at some point.
Yeah, it's a good one.
Because it's a North Korean hack, which gets out of control.
But here's the interesting bit.
The North Koreans are using cyber weapons stolen from the NSA.
They end up in the wild, and then they get repurposed by the North Koreans and take down Britain's energy.
I mean, you know, that is a wild story, which shows that there is something about cyber, which is, it can be repurposed and get out into the wild.
But I think there's a good quote from Kieran Martin, who's the former head of the UK National Cyber Security Center.
His analogy is Stuxnet is like the moon landing, you know.
So it's fake.
Is it?
You know, you mean the wind blowing?
We're back to tinfoil hats, David.
I should say, if you're watching, I'm not wearing the tinfoil hat today.
You're in your astronaut suit.
Yeah, exactly.
With the wind blowing on the moon.
I think Kieran's point, and Kieran, I'll talk to you about this separately, but I think
his point is not that Stuxnet was faked, but that it was really hard to do. And it takes a superpower like
the US to be able to do it and that you can't just repeat it whenever you want. And other countries
can't kind of quickly do it. Because I think it goes back to all that research you had to do.
You had to have the centrifuges. You had to build a copy of Natanz. You had to kind of work out
what programmable logic controller would do it. You had to, you know, the amount of...
Have a horse blanket. You have to have a horse blanket. The amount of recon and intelligence work,
which went into Stuxnet, I think is enormous.
And maybe it overinflates what cyber weapons can do.
Because again, another story, when Russia invades Ukraine in 2022,
everyone is expecting massive cyber attacks as part of it.
And there are, but they don't really have as much impact as people had expected.
And again, it just suggests doing the kind of targeted physical attack of a Stuxnet
is really, really, really, really hard.
It's just not straightforward.
I mean, I think the perception to go back to the diehard, for your diehard comparison,
I think the perception is that the way that these attacks happen is that somebody has like a gonculator that basically...
What is a gonculator?
Exactly. It's a very powerful tool.
It's a technical term. You've got like there's, you know, the bad guy or whoever, right?
The spy service has like a gonculator that turns off things.
Big red button.
We can just turn off the electricity. We can just turn off all the water.
treatment plants. I think there's a sense that it's a little bit more blunt than that. And I think
what hopefully we've shown over these four episodes on Stuxnet is that it's actually a really tailored
kind of operation. And so it takes a lot of time and it takes a lot of effort and all of that,
right? The problem is, of course, now 2010, it's over. And in the meantime, the Iranian program
is still a nuclear program. They still got a nuclear program. Natanz is still there. What happened to
that nuclear program, Gordon? What happened in the intervening years? I did it.
is interesting because when you look at the damage inflicted by the virus, you can't really measure it.
It's quite hard to measure. But the general view would be that it set it back definitely months,
maybe years. It's a stretch. Some people say three years, but some people say three months.
It's a wide range. It's a pretty wide range. It wouldn't seem worth it if it was actually three months.
I agree. I mean, but the Iranians say, and they would say this, we've incurred some slight damages here and there,
but we've been able to manage pretty well.
I would say if I were an Iranian. That's what you would tell. We've managed through this terrible
crisis and there's been no impact. That's what I would say if I were the Iranians. So it clearly had
an impact. It took out at least a thousand centrifuges. It looks like. No one is, of course,
sure. The IAEA inspectors are friends with the magnifying glasses. They can see that it slowed them
down. They can see where their magnifying glasses broken centrifuges. So it's definitely had an impact.
It has bought time, but not stopped it. It is not stopped it completely. And that
was, I guess, always the point was buying time. And when you look at the decision-making at the start,
it was not this is going to destroy the Iranian nuclear program. It was, we're going to buy time
and we're going to do this unprecedented thing. We're going to do something which is potentially
risky and which could have blowback, but we're going to do it to buy some time. And in a sense,
it does buy time. And you can argue crossing the Rubicon is a big deal, but it's less of a big deal
at that point than starting a war in the Middle East.
You know, it's back to Bush.
I want the third option.
He doesn't want either an Iranian bomb or a war.
This was his third option.
And for a while, at least, it buys them that time.
First off, I have to say that if Stuxnet is running in some capacity from 27 to 2010,
I find it hard to believe that the delay was only a couple months.
Yeah, I agree.
That seems implausible.
I think we're probably talking about years, but you're right, that nobody could know.
So that's one point.
I think the second point is it does seem like, and it just, I guess, draws it into, you know, the world we're in today where the U.S. and Israel have just overtly hit Iran's nuclear program is that it's not actually plausible to think that any of these sort of sabotage operations would eventually convince the Iranians to just sort of pack it up.
Yeah.
Like that seems like a bit of an out there idea.
So you're always dealing with the reality that at some point, either you're going to have to let the Iranians get to a point where they've got to break out capability or you've got to hit the program militarily, right, because you can't fully degrade the program with covert means.
Or you have to hope that there's some kind of political change in Iran where, you know, the regime decides.
stop the program. Like Gaddafi did. You're right. And Obama, we went back to where we were
talking about previously about him wanting to use diplomacy. And to some extent, he gets that because
they get what's called the JCPOA, the agreement in 2015, in which Iran agrees to restrict
its enrichment. So to kind of constrain the enrichment that's taking place. But then
President Trump leaves the deal, says it's a bad deal, unilaterally. So Iran then is back in
business and start to push forward again. And now it's harder to do another Stuxnet. You could maybe
only do it once. And then it's interesting, isn't it? Because you do get some more covert action.
You do get more attempts to do it. I mean, there's a, I remember getting an email on July 1st,
2020, just before midnight. I got an email in my inbox from a group calling itself the Homeland
Tigers. Just came to my work email. It's a good name. They claim to be Iranians. Hmm. And they said
they started a fire at Natanz. Now, I always assumed, I think this was an Israeli thing. And they were
basically emailing journalists like me to try and claim responsibility and to try and suggest that
it was an Iranian, you know, domestic group. I slightly find that implausible. But they sent me,
you know, details of this. And it wasn't yet public. And then the next day it emerges,
there has been a fire at Natanz. The Homeland Tigers were on to something, Gordon.
The Homeland Tigers. But there's going to be more of these little explosions. And of course,
November 2020, picking up to our previous episode, you get the assassination campaign, claims arguably
its biggest target, Mosun Fakrizade, or Fakrizade, the man who's been driving a lot of the military
side, and he's taken out in 2020. Well, and even a couple years before that was when the Israelis,
it was 2018, when the Israelis conducted that wild operation to basically go into warehouses,
I think a big warehousing facility in Tehran and basically steal all of the hard copy documents
about the nuclear program, the themes from the kind of stucks in that era, I guess you could say.
Cyber attacks, physical sabotage, an assassination campaign, and then this kind of almost like
a public relations trying to shed as much light as possible on the Iranian program,
those, I guess, pillars of, you know, the Israeli campaign against Iran's nuclear program
are very much alive and well a decade after Stuxnet, right?
And up to the point of these most recent strikes.
Yeah, because what you then see is that shadow war and some of it public continuing,
and you have the Iranians continuing to enrich, continuing to increase the amount of material,
shorten that breakout time through which they can, you know,
get to the bomb. And then, of course, you know, just this year, something changes, you know,
which changes the dynamics around this programme. You know, it is interesting to look at it with this
long view that we've had because Israel's argument is that they get new intelligence, which
suggests Iran is pressing forward on aspects of weaponisation, which you'll remember if you go
back to the early episode 2003, the US believes the Iranian stopped at that point, the final stage.
the weaponizations. Now, the Israelis suggest they have something new on that. Others I've spoken to
are more skeptical about that, and they think it's more that Israel's risk calculus has changed,
that Israel's risk calculus about tolerating an Iranian bomb after October the 7th changes,
and of course, all its proxies, you know, we talked about this on one of our bonus episodes,
really interesting interview, where all the proxies that Iran has have taken off the board,
off the chessboard. So Iran has less ability to respond if Israel wants to strike. And so I think
Israel just sees that opportunity of a weakened Iran and of a Trump administration, which they are
hoping might come in behind them, which of course it does. And then go for it. Now, I'm not saying
there wasn't any new intelligence, but I think that calculus is more of what's going on in my head.
Oh, it's really important. It's got to be. Yeah, because you think about the sort of Mayor Deghan
calculation on wanting to delay Iran's going to push toward a bomb because he's trying to avoid
a conflict.
And on the conflict side of that has got to be the sense that if we actually militarily strike
the Iranians, there's going to be a protracted regional war that's going to lead to thousands
of people getting killed, right?
And all the sudden, I think now, in the summer of 2025, with Hezbollah basically defanged and with the Israelis having already taken a big bite out of Iran's air defenses and with Iran really reeling, all of a sudden that calculation shifts.
And you think, well, the whole point of all of this, the shadow war stuff, is to degrade Iran's nuclear program as much as possible.
Well, all of a sudden, if the cost of the overt military strikes goes way down, it starts to look like a much better option for the Israelis, right?
And even if there's not really new intelligence on that front, all of a sudden it makes a lot more sense to overly strike.
And when you figure that if you're Netanyahu, you might be able to do this and then convince the Americans to join and use those big B-2s with the bunker buster bombs that maybe
can get you deep enough to create some real damage at Fordow. It starts to seem like a pretty
attractive idea. Even if you're only setting the program back a year or two, you figure why not
if you're Netanyahu, right? Yeah, totally. So that really does take us to where we are now with those
attacks, Natanz, which is where we started, getting bombed multiple times, you know, Fordo getting
hit by these massive ordnance penetrators, damage setback. Again, you know, hard to know.
What's happened underground, but also does Iran have more secret up sites?
Has it got another secret mountain site?
What's happened to the 400 kilograms of highly enriched uranium, which they, you know, stockpiled already?
Will Iran now raced for a bomb at a secret site or on the back foot, will it go for a deal?
I don't think we can know where it goes next.
But hopefully, I think by telling this story, we've helped explain how we got here
and how to understand the events as they've been unfolding.
Because I think that context is really important,
even if we can't really predict where this goes next.
And the big loser in this entire series, Natanz.
Yeah.
The poor site at Natanz is horse-blanketed, bombed, centrifuges ripped apart.
I mean, I know we're covering almost 20 years of history here,
But it seems like if you're an Iranian nuclear scientist or physicist or engineer, maybe you want to work elsewhere, right?
Which I guess is part of the whole point of the point, yeah.
Right, is let's go work on, you know, designing the next generation of Tupperware instead of nuclear moms.
So it has been quite the journey, Gordon.
And I have to commend you once again for your explanations of nuclear physics.
listeners to the podcast will, of course, understand that I don't enjoy giving you compliments,
but I think you navigate science very well.
I'll take it.
I'll take it.
We should note that although this series is ending, it's still a wonderful time to sign up for the declassified club, Gordon.
We've got a great interview, haven't we, with Jim Lawler, about Iran, which is talking about specifically the targeting and the sabotage of Iran's nuclear program.
So he ran one of the CIA teams, which was dealing with Iran's nuclear program and with the AQ Khan network, which we talked about.
We've heard from him a bit already about other aspects of his career, but it is an absolutely fascinating interview.
If you want to understand what sabotage really looks like, how it is done, it is amazing how you run front companies and all that stuff.
And that is going to be the bonus episode for our club members, which is coming out on front.
Friday. So do join at the rest is classified.com. But otherwise, see you next time. See you next time.