By SIOBHAN GORMAN
WASHINGTON—The U.S. is pursuing a wide-ranging, high-tech campaign against Iran’s nuclear program that includes the cybersabotage project known as Stuxnet, which was developed by the Central Intelligence Agency in conjunction with Idaho National Laboratory, the Israeli government, and other U.S. agencies, according to people familiar with the efforts.
The covert CIA effort also includes persistent drone surveillance and cyberspying on Iranian scientists, they said.
The U.S. strategy to use technologically advanced measures against Iran illustrates how the Internet and other remote-access capabilities are facilitating spy operations deep inside denied territories.
“It’s part of a larger campaign,” said a former U.S. official familiar with the efforts. “It’s a preferable alternative to airstrikes.”
U.S. officials and their allies accuse Iran of operating an illicit nuclear enrichment program to develop atomic weapons, a charge Iran denies.
Through the administrations of President Barack Obama and his predecessor, George W. Bush, the U.S. has pursued a cyber campaign, code-named “Olympic Games,” to attack the Iranian program, former officials said.
The existence of Stuxnet and the presumption of U.S. and Israeli involvement have been widely reported, even though U.S. officials have never confirmed the government’s role. The code name and scope of the project and other details of the effort were reported on Friday by the New York Times in an adaptation from a coming book.
The first stage of the effort involved inserting so-called beacons into the computers running the control systems used in Iran’s Natanz nuclear enrichment facility, former officials said. Beaconing is a technique U.S. cyberwar operators often use to electronically map and monitor computer systems they infiltrate, the officials said.
Then, the National Security Agency teamed up with Israeli counterparts to develop the attack code that would become known as Stuxnet, former officials said. It was introduced into the Iranian facility via a flash drive. The Stuxtnet worm was discovered by researchers in 2010 after it was inadvertently released on the Internet and turned up in computer systems in several countries, including Iran, current and former officials said.
A key element of Olympic Games which hasn’t been previously disclosed was a partnership between the CIA’s Information Operations Center and the Idaho National Laboratory.
Idaho National Lab has a cadre of researchers who investigate vulnerabilities in computerized control systems that run critical infrastructure. Researchers there probed the specific control system used for the Iranian enrichment program, a former U.S. official said.
“They found out how you could make them destroy themselves,” the former official said.
The CIA declined to comment. The Department of Homeland Security declined to comment on behalf of Idaho National Lab, which is run by the Department of Energy but has joint programs with a number of government agencies.
Iranians have accused the U.S. and Israel of being behind the cyberattacks. The country’s mission to the United Nations didn’t return a call seeking comment.
Officials are looking to see whether the revelations about covert U.S. efforts to spy on and sabotage Iran’s nuclear program will create new hurdles for upcoming negotiations this month on Iran’s nuclear program.
White House spokesman Tommy Vietor declined to comment on U.S. efforts to counter Iran’s nuclear program, but said that the focus of international talks was Iran’s flouting of international requirements.
“The reason the world is united is because Iran has failed to meet its clear obligations with regard to its nuclear program,” he said. Until Iran complies with nonproliferation obligations, he added, “they will continue to be isolated, and nothing can change that except for concrete steps by the Iranians.”