A report from the Netherlands claims {that a} Dutch man performed a key position within the infamous Stuxnet worm assault in opposition to an Iranian nuclear facility, which then by chance escaped into the broader world.

It’s not information that the US and Israel are extensively believed to be the creators of the delicate Stunxnet malware, which exploited zero-day flaws to sabotage Iran’s uranium enrichment services at Natanz, or that the US is believed to have later tried to make use of a model of Stuxnet in opposition to North Korea’s nuclear weapons program.

If the report from NL Occasions is taken at face worth, what’s information is that an agent of AIVD (the Dutch intelligence company), named as Erik van Sabben, additionally assisted the assault.

The suggestion is that Erik van Sabben gained entry to Natanz, working undercover for a corporation putting in tools on the nuclear facility. Such an individual may not solely be capable of collect technical details about the pc techniques that handle centrifuges, but additionally introduce malware on a USB stick.

It actually sounds a extra believable approach of introducing malware to an air-gapped system than leaving a USB stick mendacity round within the automotive park, and hoping that somebody picks it up and plugs right into a PC.

Maybe essentially the most eyebrow-raising declare of all made within the report is an virtually throwaway comment that Stuxnet “price over a billion {dollars} to develop.”

That appears an astonishingly giant sum of money to have spent on a bit of malware, even for one so focused and revolutionary as Stuxnet. I discover the determine arduous to take critically with out extra clarification as to the way it was calculated.

A lot of the report by NL Information seems to be based mostly on a prolonged piece in de Volksrant from 2019, written by investigative Dutch journalist Huib Modderkolk.

Nonetheless, that article makes no point out of Erik van Sabben, and claims that AIVD recruited an unnamed Iranian (not Dutch) engineer.

Sadly, Erik van Sabben can’t reply to the claims that he performed a vital position in probably the most infamous cyber assaults in historical past. He died in a motorcycle accident, shortly after leaving Iran, in January 2009. He was 36 years outdated.

Replace: Due to Clu-blog reader Baerd who obtained in contact to level out that NL Information‘s story seems to be based mostly upon a newer article from de Volksrant than the one NL Information was linking to initially.

Discovered this text attention-grabbing? Observe Graham Cluley on Twitter, Mastodon, or Threads to learn extra of the unique content material we publish.