The malware that disrupted Iran’s nuclear program in 2010 was delivered by a Dutch engineer working at the enrichment plant in Natanz, a Dutch daily has claimed.
For more than a decade, no one knew how the virus Stuxnet –widely believed to be an American-Israeli creation– had found its way to the control systems of Iran’s most sensitive and tightly watched nuclear facility in Natanz.
In 2019, two investigative journalists, one Dutch and one American, published a report in Yahoo News, suggesting that the virus had been released by “a mechanic working for a front company doing work at Natanz”, who in reality worked for AIVD, the Dutch intelligence agency.
At the time, the authors believed the mole to be Iranian. But the investigative report in the Dutch daily Volkskrant has named him as Erik van Sabben.
According to the report, van Sabben was married to an Iranian woman and worked in Dubai for a company that serviced Iran’s oil and gas industry. So he could have been the perfect recruit. And he was indeed recruited by AIVD in 2005 at the request of US and Israeli secret services.
The US and Israel have never acknowledged involvement in the cyber attack on Iran’s nuclear program, but most experts share the view that such a sophisticated cyberweapon could have been developed by Israel and the United States only as part of a joint sabotage campaign known as Operation Olympic Games, which is still unacknowledged.
The new report comes at a time when Iran has once more accelerated its enrichment program, turning its back on a secret deal many diplomats say the regime had made with the Biden administration in 2023 to cap the enrichment at 60-percent purity in exchange for the release of billion of dollars of its money in Iraq and South Korea.
Iran is reported to have enough highly enriched uranium to make three nuclear bombs, if enriched further during a few weeks. The UN nuclear watchdog (IAEA) has repeatedly raised concern about Iran’s enrichment levels –which experts say has no civilian justification.
In its latest report (December 2023), the IAEA stated that Iran is enriching to up to 60%, close to the roughly 90% that is required to make a nuclear weapon. One place this is being done is the Pilot Fuel Enrichment Plant (PFEP) at Natanz complex –the very same facility Stuxnet targeted almost 15 years ago.
Stuxnet is believed to have had affected the control systems at Natanz enrichment facilities, forcing a change of speed in the centrifuges’ rotor and causing breakdown.
The extent of the damage it caused is not known with certainty. It seems to have been significant enough, though, to force the nuclear authorities in Iran to halt uranium enrichment several times.
In November 2010, Mahmoud Ahmadinejad, then-president of Iran, confirmed for the first time that a cyberweapon had hit the country’s nuclear facilities. “They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts,” he said.
Fingers were pointed at “the Americans” and “the Israelis”, especially after two Iranian nuclear scientists were assassinated. But no reasonable explanation was given as to how the malware had entered the facilities.
More than a decade later, Volkskrant has offered an explanation –but little consolation for those who, according to the new report, spent around “one billion dollars” on a malware that they hoped would set back Iran’s nuclear program, although the operation undoubtedly slowed down Iran's efforts for a while.