But what if Operation Olympic Games hadn’t gone as planned? What if the malware did not work as designed, leaving Iran’s nuclear capabilities intact, and on course to create a true weapons proliferation program deep in the heart of the Middle East? This was apparently on the minds of senior U.S. officials, both in the White House, and various intelligence agencies as they designed a plan that could effectively knock out Iran’s entire critical infrastructure, all without firing a single shot. That plan was Nitro Zeus, a new age of cyberwarfare that the world had never seen before. According to an anonymous National Security Agency (NSA) source, “We spent hundreds of millions, maybe billions on it.”
“We were inside, waiting, watching, ready to disrupt, degrade and destroy those systems with cyber-attacks. In comparison, Stuxnet was a back-alley operation. [Nitro Zeus] was the plan for a full-scale cyber war with no attribution. It allowed the NSA to attack Iran’s command-and-control systems to disable communications; to hack in and disable air defenses, so that US or Israeli warplanes would not be shot down, and financial systems either infected or backdoored in the event of a war.”
According to NY Times reporters David Sanger and Mark Mazzetti, Nitro Zeus was “…part of an effort to assure President Obama that he had alternatives, short of a full-scale war, if Iran lashed out at the United States or its allies in the region. At its height…Nitro Zeus involved thousands of American military and intelligence personnel, spending tens of millions of dollars and placing electronic implants in Iranian computer networks to “prepare the battlefield,” in the parlance of the Pentagon.”
Its goal? Completely knockout and disable Iran’s air defenses, communication channels, and critical parts of its power grid. America was close to dropping a massive cyber bomb on Iran, much like the Enola Gay – a Boeing B-29 Superfortress bomber – that became the first aircraft to drop an atomic bomb.
Origins of Nitro Zeus
Nitro Zeus’ roots can be traced back to the Bush administration, yet it was with Obama that it gained serious momentum. The President asked General John R. Allen at United States Central Command to develop a plan of attack against the Iranians if diplomacy failed.
2009 and 2010 were tense times indeed between America and Iran, as the Iranians were reportedly close to producing bomb-grade material with their centrifuges, a clear indication of possibly inching closer to developing nuclear weapons. Israel, already accused of assassinating key Iranian nuclear scientists in an attempt to disrupt Iran’s proliferation activities, now wanted to bomb the Natanz facility, despite dire warnings from the United States that such an act would throw the Middle East into chaos.
While the plan was ultimately shelved as Iran showed a willingness to tone down its nuclear weapons development, Nitro Zeus is a clear example of the new military offensive measures being deployed by the United States. It’s the new arms race, but whereas a nuclear weapons strike by former Cold War adversaries would have without question decimated countries, the cyberwar of today has many shades of uncertainties, and that’s a huge challenge. What countries and other loosely affiliated groups possess these capabilities and to what degree? Should the United States embark upon a ‘first strike’ edict against any nation or regime deemed a threat to our national security? If so, what are the consequences for America? Challenging, complex questions with even tougher answers.
According to an anonymous NSA leaker, Nitro Zeus (NZ), “…in comparison [to NZ], Stuxnet was a back-alley operation. NZ was the plan for a full-scale cyber-war with no attribution.”
The New Reality of Cyber
Iran has stated on numerous occasions that the attack on their nuclear facilities emboldened them, possibly worsening the scenario of a hostile regime one day possessing the world’s most-deadliest weapons. Has the genie been let out of the bottle? Is Pandora's box now open and can never be closed? Critics say yes, that America fired the first cyber shot with Stuxnet that will forever change the rules of warfare. Perhaps, but it was bound to happen by somebody – a rogue nation, a skilled individual hacker. America, with help from the Israelis, beat everyone to the punch with Stuxnet, and with alarming success.
Ralph Langer, a German cybersecurity expert, who, early on analyzed the Stuxnet worm, warns that “Unfortunately, we are seeing threats from all directions. After Stuxnet, it extends throughout the spectrum, from nation-states down to the average hacker…You can pull off a cyber strike against such systems without any insider knowledge at all…Most people overestimate the level of technical skills required for such an attack. Some of the attacks that we have seen in Stuxnet can be automated. You don’t need an experienced engineer to do something similar. You don’t need a genius in control systems or in hacking. You just need to copy the design…Any idiot, any stupid hacker, can use such a tool and configure and administer a sophisticated cyber-attack just by using his mouse. This is going to happen at some point in time.
Comments