A Dutch engineer, an operative of the Dutch General Intelligence and Security Service (AIVD), played a pivotal role in a covert operation which used the infamous Stuxnet malware to sabotage Iran’s nuclear program, a two-year investigation conducted by Dutch newspaper de Volkskrant revealed.
Stuxnet, a sophisticated malware discovered in 2010, was designed to compromise industrial control systems (ICS) associated with nuclear centrifuges, causing widespread damage. The malware, believed to be a joint effort by the CIA and the Israeli Mossad, infected hundreds of thousands of devices and caused physical harm to numerous machines.
According to the newspaper, Erik van Sabben was recruited in 2005. The engineer then worked for transport company TTS in Dubai, but then made a move to the Arab Al-Jaber Group before returning to TTS. At the transport company he was in the 'ideal position' to get specialist Western equipment to Iran.
Van Sabben, who posed as an Iranian engineer, managed to infiltrate the Natanz nuclear facility, a critical site for Iran's nuclear program. The report outlines years of preparation leading up to the covert operation. The meticulously planned mission, conducted in collaboration with the CIA and Mossad, reportedly cost a staggering $1 billion.
Van Sabben introduced the Stuxnet malware into the facility through a water pump. The malware was hidden within the pump, allowing it to propagate and compromise the industrial control systems. The technology had cost between one and two billion dollars to develop, according to then CIA director Michael Hayden. However, some security researchers have deemed the cost questionable.
“Good points. Also, I don’t buy the $1 billion price tag. Millions, certainly, dozens of millions, sure. A billion? I don’t think so,” Mikko Hypponen, chief research officer at WithSecure, said.
The report suggests that the setback to Iran's nuclear program was significant, delaying their efforts by “several years.”
It is unclear whether Van Sabben himself knew that the equipment he had to bring to Natanz was infected with malware, the report notes. Van Sabben died in a motorcycle accident shortly after leaving Iran in January 2009.
