The New Attack On Iran By Israel and America....the "Flame" Malware

First it was Stuxnet, the computer worm that plagued the nuclear software programming for the Iranians' nuclear facilities and now, the latest computer weapon, one apparently developed and delivered by the Israelis and Americans, has been put into action against Iran's oil industry - this new weapon, a piece of malware is called "Flame."

And I think it's pretty darn cool.   :)

From the article at The Telegraph:

Last week similarities were discovered between the coding of Flame, a piece of Malware disguised as a Microsoft software update, and Stuxnet, a virus previously launched on Iran's nuclear infrastructure.

“This is about preparing the battlefield for another type of covert action,” one former high-ranking US official reportedly told The Washington Post. “Cyber collection against the Iranian programme is way further down the road than this.”

The CIA, NSA and Office of the Director of National Intelligence, as well as the Israeli embassy in Washington, did not comment on the newspaper's report.

Earlier this month it was reported that those responsible for the Flame and Stuxnet cyber-attacks ‘cooperated at least once’ in the early stages of their development, according to Russian security company Kaspersky Lab.

What we haven't really heard in all of this is just how devastating this has all been to the Iranians - we all know how widespread the estimates are of the Iranians' nuke capabilities and progress so it's hard to judge but one has to believe that significant delays have taken place and at the same time, one has to hope that we and the Israelis have a whole train of these computer weapons lined up ready to continue the assault.

Flame virus 'created by US and Israel as part of intensifying cyber warfare'


Last week similarities were discovered between the coding of Flame, a piece of Malware disguised as a Microsoft software update, and Stuxnet, a virus previously launched on Iran's nuclear infrastructure.

“This is about preparing the battlefield for another type of covert action,” one former high-ranking US official reportedly told The Washington Post. “Cyber collection against the Iranian programme is way further down the road than this.”

The CIA, NSA and Office of the Director of National Intelligence, as well as the Israeli embassy in Washington, did not comment on the newspaper's report.

Earlier this month it was reported that those responsible for the Flame and Stuxnet cyber-attacks ‘cooperated at least once’ in the early stages of their development, according to Russian security company Kaspersky Lab.

The new findings reveal that the teams shared source code of at least one module prior to 2010. “What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected,” said Alexander Gostev, Chief Security Expert at Kaspersky Lab.



The new found connection concerns a special module known as ‘Resource 207’ that was found in earliest known version of Stuxnet, created in 2009 but was later removed from the 2010 version. ‘Resource 207’ has a lot in common with the code used in Flame.

Resemblances include the names of mutually exclusive objects, the algorithm used to decrypt strings, and similar approaches to file naming. Furthermore, the primary function of ‘Resource 207’ was to distribute the Stuxnet infection from machine to another through removable USB drives. The code which is responsible for distribution of malware using USB drives is completely identical to the one used in Flame.

However despite the newly discovered facts, Mr Gostev remains confident that Flame and Stuxnet originate from completely different platforms, used to develop multiple cyber-weapons.

“They each have different architectures with their own unique tricks that were used to infect systems and execute primary tasks. The projects were indeed separate and independent from each other.”

A recent New York Times investigation has suggested that President Obama, in cooperation with the Israelis, has consistently ordered sophisticated cyber attacks on the computer systems that run Iran’s main nuclear enrichment facilities. The programme became public in the summer of 2010 due to a programming error and soon became known as Stuxnet.

Kaspersky Lab’s recent discovery of the link between Stuxnet and Flame opens the way for allegations that once again, the USA and Israel are behind a cyber attack on Iran. The Israeli government have distanced themselves from any such accusations despite an interview in which a minister appeared to back the attacks. The UN’s head of telecommunications Dr Hamadoun Toure labelled the New York Times investigation as ‘speculation’ whilst refuting any US responsibility for Flame.

It's Cute, It's Cuddly, It Likes To Attack Iranian Computers!

By Findalis

It is back, or it never left, either way it is driving the Iranians meschuge!  It is the worm Stuxnet and this is its latest round of carnage upon the Iranian Nuclear Program:

In a major setback to Iran's nuclear program, technicians will have to unload fuel from the country's first atomic power plant because of an unspecified safety concern, a senior government official said.

The vague explanation raised questions about whether the mysterious computer worm known as Stuxnet might have caused more damage at the Bushehr plant than previously acknowledged. Other explanations are possible for unloading the fuel rods from the reactor core of the newly completed plant, including routine technical difficulties.

While the exact reason behind the fuel's removal is unclear, the admission is seen as a major embarrassment for Tehran because it has touted Bushehr -- Iran's first atomic power plant -- as its showcase nuclear facility and sees it as a source of national pride. When the Islamic Republic began loading the fuel just four months ago, Iranian officials celebrated the achievement.

Iran's envoy to the U.N. nuclear monitoring agency in Vienna said that Russia, which provided the fuel and helped construct the Bushehr plant, had demanded the fuel be taken out.

"Upon a demand from Russia, which is responsible for completing the Bushehr nuclear power plant, fuel assemblies from the core of the reactor will be unloaded for a period of time to carry out tests and take technical measurements," the semiofficial ISNA news agency quoted Ali Asghar Soltanieh as saying. "After the tests are conducted, (the fuel) will be placed in the core of the reactor once again."

"Iran always gives priority to the safety of the plant based on highest global standards," Soltanieh added.

Calls to the Russian nuclear agency Rosatom for comment were not answered Saturday afternoon.

The spokesman of the Atomic Energy Organization of Iran said the fuel unloading was nothing unusual.

"It's a kind of technical inspection and to obtain confidence about the safety of the reactor," Hamid Khadem Qaemi told the official IRNA news agency. He accused foreign media of blowing the issue out of proportion.

The Bushehr plant is not among the aspects of Iran's nuclear program that are of top concern to the international community and is not directly subject to sanctions. It has international approval and is supervised by the U.N.'s nuclear monitoring agency, the International Atomic Energy Agency.

In a report released Friday about Iran's nuclear program, the IAEA said that Tehran informed the agency on Wednesday that it would have to unload the fuel rods. The agency said it and Tehran have agreed on the "necessary safeguards measures."

A senior international official familiar with Iran's nuclear program said the IAEA had no further details. He said unloading and reloading fuel assemblies is not unusual before any reactor startup. The official asked for anonymity because his information was confidential.

Soltanieh and other officials have not specified why the fuel had to be unloaded, but Iranian officials denied any link to the Stuxnet computer virus.

"Stuxnet has had no effect on the control systems at the Bushehr nuclear power plant," Nasser Rastkhah, a senior official in charge of nuclear security, told the official IRNA news agency.

Foreign intelligence reports have said the control systems at Bushehr were penetrated by the malware -- malicious software designed to infiltrate computer systems -- but Iran has all along maintained that Stuxnet was only found on several laptops belonging to plant employees and didn't affect the facility's control systems.

Some computer experts believe Stuxnet was the work of Israel or the United States, two nations convinced that Iran wants to turn nuclear fuel into weapons-grade uranium.

The Islamic Republic is reluctant to acknowledge setbacks to its nuclear activities, which it says are aimed at generating energy but are under U.N. sanctions because of concerns they could be channeled toward making weapons. Only after outside revelations that its enrichment program was temporarily disrupted late last year by Stuxnet did Iranian officials acknowledge the incident.

The startup of the Bushehr power plant, a project completed with Russian help but beset by years of delays, would deliver Iran the central stated goal of its atomic work -- the generation of nuclear power.

But the inauguration of the facility has been delayed for years. Iran said when it began inserting the fuel rods in October that the 1,000-megawatt light-water reactor would begin pumping electricity to Iranian cities by December. But it pushed back the timing to February, citing a "small leak" and other unspecified reasons.

The Bushehr plant itself is not among the West's main worries because safeguards are in place to ensure that the spent fuel will be returned to Russia and cannot be diverted to weapons making.

The United States and some of its allies believe the Bushehr plant is part of a civil energy program that Iran is using as cover for a covert program to develop a nuclear weapons capability. Iran denies the accusation.

The Bushehr project dates back to 1974, when Iran's U.S.-backed Shah Mohammed Reza Pahlavi contracted with the German company Siemens to build the reactor. The company withdrew from the project after the 1979 Islamic Revolution toppled the shah and brought hard-line clerics to power.

In 1992, Iran signed a $1 billion deal with Russia to complete the project and work began in 1995.

Under the contract, Bushehr was originally scheduled to come on stream in July 1999 but the startup has been delayed repeatedly by construction and supply glitches.

The spokesman of the Atomic Energy Organization of Iran said the fuel unloading was nothing unusual.

The unloading of fuel rods only a few months of loading is NOT a routine occurance at any Nuclear Power Plant in the world. It is a sign of a problem either within the plant, with the fuel rods, or both.  I doubt that the Iranians will be able to bring the plant back on-line any time soon.

Whatever was paid for the Stuxnet worm was money very well spent.  It has out performed expectation and is still going strong.

It's Baaaaackkkkkk....Stuxnet Worm Returns To Wreak Havoc On Iran's Bushehr Nuclear Facility

Those poor Iranians...their nuclear program just seems to be having all of the bad luck lately as once again, the Stuxnet worm that ravaged the system a couple of months ago has resurfaced in the systems and at the very last minute, operations had to be shut down by Russians overseeing the project.

Look at this from the DEBKA article:

Iran's atomic energy chief Ali Akbar Salehi said on Jan. 29 that the Bushehr nuclear power plant would be connected to the national grid on April 9. He "forgot" about Tehran's promise to fully activate its first nuclear reactor Tuesday, Jan. 25. debkafile's intelligence and Moscow sources reveal that on that day, Iran's hand on the switch was held back at the last minute by Sergei Kiriyenko, chief of Rosatom (the Russian national nuclear energy commission which oversaw the reactor's construction. He came hurrying over to warn Tehran that Stuxnet was back and switching the reactor on could trigger a calamitous nuclear explosion that could cost a million Iranian leaves and devastate neighboring populations. He complained to President Mahmoud Ahmadinejad that the Iranian nuclear and engineering staff were ignoring the presence of the malworm and must be stopped.

I'm guessing that the Iranian people can't be too thrilled with the fact that their leaders seem to be oblivious to the dangers that were almost unheeded by the start up of the Bushehr facility a few days ago - I mean seriously, how would you feel if your very life was dependent on the watchful eye of a Russian scientist?

Now, I'm not saying that I want some disaster to befall the people of Iran but it would be nice if the political regime in that country were to pay the ultimate price for their obsession with moving this project forward at breakneck speed. Which makes me a bit dismayed by the cautious catch by the Russian supervisors. LOL.

One has to wonder at this time if this nuclear facility will actually ever be 100% safe to start up. I'm assuming that on the day the big switch if finally pulled, there probably isn't going to be a room full of mullahs there for the ribbon cutting ceremony.

Stuxnet returns to Bushehr reactor. Russia warns of nuclear explosion


Iran's atomic energy chief Ali Akbar Salehi said on Jan. 29 that the Bushehr nuclear power plant would be connected to the national grid on April 9. He "forgot" about Tehran's promise to fully activate its first nuclear reactor Tuesday, Jan. 25. debkafile's intelligence and Moscow sources reveal that on that day, Iran's hand on the switch was held back at the last minute by Sergei Kiriyenko, chief of Rosatom (the Russian national nuclear energy commission which oversaw the reactor's construction. He came hurrying over to warn Tehran that Stuxnet was back and switching the reactor on could trigger a calamitous nuclear explosion that could cost a million Iranian leaves and devastate neighboring populations. He complained to President Mahmoud Ahmadinejad that the Iranian nuclear and engineering staff were ignoring the presence of the malworm and must be stopped.

Kiriyenko told the Iranian president that the Russian engineers employed at the reactor notified Moscow that Stuxnet was again attacking the Bushehr systems after apparently taking a rest from its first onslaught last June. There was no telling which systems had been infected, because a key feature of the virus is that the systems' screens show they are working normally when in fact they have been fatally disarmed. Activating the reactor in these circumstances could cause an explosion far more powerful than the disaster at the Russian reactor at Chernobyl, Ukraine in April 1986, which released 400 times more radioactive material than the atomic bombing of Hiroshima.
The impression the Rosatom chief had gained from his staff at Bushehr was that the Iranian teams had been ordered to activate the reactor at any price to prove that the Islamic Republic had beaten Stuxnet. This concern overrode security. The consequences of ignoring this fearful hazard, said Kiriyenko, were unthinkable and would destroy the revolutionary Islamic regime in Tehran in their wake.
Kirienko began worrying when he heard the Iranian nuclear commission's spokesman Hamid Khadem-Qaemi claim on Jan. 17 that Bushehr had not been affected by Stuxnet.
Our Iranian sources report that, after seeing the Russian official off, Ahmadinejad ordered the reactor to stay shut down.

This week, Salehi, who is also Iran's foreign minister, hinted at the cause of the delay when he said: "The reactor has started its operation and the next step is to reach critical phase which will happen by the end of Bahman (February 20) in presence of Russians. We have said before that due to some tests, we may have to face delays but these delays are around a week or two." He added, "We aim at launching Bushehr nuclear reactor safely not to merely launch it."

In Jerusalem, Maj-Gen. Aviv Kohavi, the new head of IDF military intelligence - MI, who appeared before the Knesset Security and Foreign Affairs Committee for his first briefing on Jan. 25 said Bushehr could be quickly converted from producing electricity for civilian use to a military reactor and incorporated into Iran's weapons program.

The next day, Jan. 26, Moscow took the unusual step of demanding a NATO investigation into last year's computer attack on the Russian-built nuclear reactor in Iran.

Dmitry Rogozin, Russia's ambassador to the North Atlantic Treaty Organization, said: T"his virus, which is very toxic, very dangerous, could have very serious implications," he said, describing the virus's impact as being like "explosive mines".

"These 'mines' could lead to a new Chernobyl," he said.

Just How Did Stuxnet Bring Iran's Nuclear Dream Nearly To a Halt?

This is a fascinating article from DigitalTrends that delves into the specifics of just how the Stuxnet worm/virus was used to attack the Iranian machinery involved in their nuclear program - and this media source certainly isn't a political one...so what we get are just some real good insights into the specifics and anatomy of an attack.

Some of my favorite parts of the article:

In a rare moment of openness from Iran, the nation has confirmed that the Stuxnet malware (the name stems from keywords buried in the code) that was originally discovered in July, has damaged the country’s nuclear ambitions. Although Iran is downplaying the incident, some reports suggest that the worm was so effective, it may have set back the Iranian nuclear program by several years.

In a nuclear enrichment program, a centrifuge is a fundamental tool needed to refine the uranium. Each centrifuge built follows the same basic mechanics, but the German manufacturer Siemens offers what many consider to be the best in the industry. Stuxnet sought out the Siemens controllers and took command of the way the centrifuge spins. But rather than simply forcing the machines to spin until they destroyed themselves—which the worm was more than capable of doing—Stuxnet made subtle, and far more devious changes to the machines.

When a uranium sample was inserted into a Stuxnet-infected centrifuge for refinement, the virus would command the machine to spin faster than it was designed for, then suddenly stop. The results were thousands of machines that wore out years ahead of schedule, and more importantly, ruined samples. But the real trick of the virus was that while it was sabotaging the machinery, it would falsify the readings and make it appear as if everything was operating within the expected parameters.

After months of this, the centrifuges began to wear down and break, but as the readings still appeared to be within the norms, the scientists associated with the project began to second guess themselves. Iranian security agents began to investigate the failures, and the staff at the nuclear facilities lived under a cloud of fear and suspicion. This went on for over a year. If the virus had managed to completely avoid detection, it eventually would have deleted itself entirely and left the Iranians wondering what they were doing wrong.

Now, science and computer technology are not my forte' nor my interest so this article goes a bit over my head but I did find it fascinating just how this thing worked and works. In that last paragraph we see how unfortunate it was that Stuxnet was discovered...if it hadn't been, it would have been masterful in the full effect.

I'd like to add that whoever birthed Stuxnet, is probably already onto Stuxnet's little brother and sister worm and hopefully, the Iranians will feel the full brunt within the next year. Bombing the nukes out of Iran may have become impractical or may yield limited success due to the precautions taken by the Iranians, but let's not forget that old phrase...."there's more than one way to skin a cat."

Bits before bombs: How Stuxnet crippled Iran’s nuclear dreams


When the Stuxnet computer worm first surfaced back in June, it seemed like a sophisticated piece of malware that was ineffective, but dangerous. A few months later, it appears that the worm may have crippled Iran’s nuclear plans, leading to some analysts to describe it’s coming “like the arrival of an F35 into WWI battlefield.”

The future of warfare may have just begun, but rather than being heralded by an explosion, it began without a sound or a single casualty.

It is the first of its kind, and could be a signal of the ways all wars are fought from now on. It is a cyber weapon so precise that it can destroy a target more effectively than a conventional explosive, and then simply delete itself, leaving the victims left to blame themselves. It is a weapon that is so terrible that it could conceivably do more than just damage physical objects, it could kill ideas. It is the Stuxnet worm, dubbed by many as the world first real weapon of cyberwarfare, and its first target was Iran.
The dawn of cyberwarfare

Stuxnet is almost like something out of a Tom Clancy novel. Rather than sending in missiles to destroy a nuclear plant that threatens the entire region and the world, and is overseen by a president who has claimed that he would like to see an entire race of people “wiped off the map,” a simple computer virus can be introduced that will do the job far more effectively. To attack a structure with missiles can lead to war, and besides, buildings can be rebuilt. But to infect a system so completely that the people using it begin to doubt their faith in their own abilities will have far more devastating long-term effects.

In a rare moment of openness from Iran, the nation has confirmed that the Stuxnet malware (the name stems from keywords buried in the code) that was originally discovered in July, has damaged the country’s nuclear ambitions. Although Iran is downplaying the incident, some reports suggest that the worm was so effective, it may have set back the Iranian nuclear program by several years.

Rather than simply infect a system and destroy everything it touches, Stuxnet is far more sophisticated than that, and far more effective as well.

The worm is smart and adaptable. When it enters a new system, it remains dormant and learns the security system of the computer. Once it can operate without raising alarm, it then seeks out very specific targets and begins to attack certain systems. Rather than simply destroy its targets, it does something far more effective—it misleads them.

In a nuclear enrichment program, a centrifuge is a fundamental tool needed to refine the uranium. Each centrifuge built follows the same basic mechanics, but the German manufacturer Siemens offers what many consider to be the best in the industry. Stuxnet sought out the Siemens controllers and took command of the way the centrifuge spins. But rather than simply forcing the machines to spin until they destroyed themselves—which the worm was more than capable of doing—Stuxnet made subtle, and far more devious changes to the machines.

When a uranium sample was inserted into a Stuxnet-infected centrifuge for refinement, the virus would command the machine to spin faster than it was designed for, then suddenly stop. The results were thousands of machines that wore out years ahead of schedule, and more importantly, ruined samples. But the real trick of the virus was that while it was sabotaging the machinery, it would falsify the readings and make it appear as if everything was operating within the expected parameters.

After months of this, the centrifuges began to wear down and break, but as the readings still appeared to be within the norms, the scientists associated with the project began to second guess themselves. Iranian security agents began to investigate the failures, and the staff at the nuclear facilities lived under a cloud of fear and suspicion. This went on for over a year. If the virus had managed to completely avoid detection, it eventually would have deleted itself entirely and left the Iranians wondering what they were doing wrong.

For 17 months, the virus managed to quietly work its way into the Iranian systems, slowly destroying vital samples and damaging necessary equipment. Perhaps more than the damage to the machinery and the samples was the chaos the program was thrown into.
The Iranians grudgingly admit some of the damage

Iranian President Mahmoud Ahmadinejad has claimed that Stuxnet “managed to create problems for a limited number of our centrifuges,” which is a change from Iran’s earlier assertion that the worm had infected 30,000 computers, but had not affected the nuclear facilities. Some reports suggest at the Natanz facility, which houses the Iranian enrichment programs, 5,084 out of 8,856 centrifuges in use at the Iranian nuclear facilities were taken offline, possibly due to damage, and the plant has been forced to shut down at least twice due to the effects of the virus.

Stuxnet also targeted the Russian-made steam turbine that powers the Bushehr facility, but it appears that the virus was discovered before any real damage could be done. If the virus had not been uncovered, it would eventually have run the RPMs of the turbines too high and caused irreparable damage to the entire power plant. Temperature and cooling systems have also been identified as targets, but the results of the worm on these systems isn’t clear.
The discovery of the worm

In June of this year, the Belarus-based antivirus specialists, VirusBlokAda found a previously unknown malware program on the computer of an Iranian customer. After researching it, the antivirus company discovered that it was specifically designed to target Siemens SCADA (supervisory control and data acquisition) management systems, which are devices used in large-scale manufacturing. The first clue that something was different about this worm was that once the alert had been raised, every company that tried to pass on the alert was subsequently attacked and forced to shut down for at least 24 hours. The methods and reasons for the attacks are still a mystery.

Once the virus had been discovered, companies like Symantec and Kaspersky, two of the largest antivirus companies in the world, as well as several intelligence agencies, began to research Stuxnet, and found results that quickly made it obvious that this was no ordinary malware.

By the end of September, Symantec had discovered that nearly 60-percent of all the machines infected in the world were located in Iran. Once that had been discovered, it became more and more apparent that the virus was not designed simply to cause problems, as many pieces of malware are, but it had a very specific purpose and a target. The level of sophistication was also well above anything seen before, prompting Ralph Langner, the computer security expert who first discovered the virus, to declare that it was “like the arrival of an F-35 into a World War I battlefield”.

(see link above for rest of the article)

Stuxnet Virus Still Raising Hell With the Poor Iranians LOL

Those doggone Iranians...boy they are starting to get hopping mad, I bet. The Iranians, after first discovering a couple of months ago that the Stuxnet worm (virus) had infected their systems at the new nuclear facility, recently claimed that they had cleansed the little bugger from their environment and all was good to go. Well, not so fast. Look at this from DEBKA about what happened next:

Despite Iranian claims in October that their nuclear systems were cleansed of the Stuxnet virus, debkafile's intelligence and Iranian sources confirm that the invasive malworm is still making trouble. It shut down uranium enrichment at Natanz for a week from Nov. 16 to 22 over breakdowns caused by mysterious power fluctuations in the operation of the centrifuge machines enriching uranium at Natanz.
The shutdown was reported by the director of the International Atomic Energy Agency Yukiya Amano to the IAEA board in Vienna on Tuesday, Nov. 23.

Oh, and get this...good old Stuxnet isn't just attacking Iran's nuclear facilities and programs...it's taking a nosedive at their military as well. Read this and try not to laugh:

According to an exclusive report reaching debkafile, Stuxnet is also in the process of raiding Iran's military systems, sowing damage and disorder in its wake.

On Nov. 17, in the middle of a massive air defense exercise, Iranian military sources reported six foreign aircraft had intruded the airspace over the practice sites and were put to flight by Iranian fighters. The next day, a different set of military sources claimed a misunderstanding; there had been no intrusions. Iranian fighters had simulated an enemy raid which too had been repulsed.

Gee, I wonder who might have gotten this bug so entrenched in the Iranian infrastructure...hmmm....any guesses anyone? (wink wink) Well, I think the Iranians are just encountering the tip of the iceberg - the bottom line is that Stuxnet is probably invasive in much, much more and quite frankly, I'm loving every minute of it.

And what is even better, I'm guessing that Stuxnet 2 and Stuxnet 3 are on their way to the Iranians. It's all about stopping the development of Iran's nuclear weapons - and some of you thought that those who opposed Iran getting those weapons were going to bomb those facilities. As the old saying goes...."there's more than one way to skin a cat."

Stuxnet knocks Natanz out for a week, hits Iran's air defense exercise


Despite Iranian claims in October that their nuclear systems were cleansed of the Stuxnet virus, debkafile's intelligence and Iranian sources confirm that the invasive malworm is still making trouble. It shut down uranium enrichment at Natanz for a week from Nov. 16 to 22 over breakdowns caused by mysterious power fluctuations in the operation of the centrifuge machines enriching uranium at Natanz.
The shutdown was reported by the director of the International Atomic Energy Agency Yukiya Amano to the IAEA board in Vienna on Tuesday, Nov. 23.

Rapid changes in the spinning speed of the thousands of centrifuges enriching uranium to weapons-grade can cause them to blow apart suddenly without the monitors detecting any malfunction. The Iranian operators first tried replacing the P1 and P2 centrifuges used at Natanz with the more advanced IR1 type, but got the same effect. They finally decided to shut the plant down until computer security experts purged it of the malworm.

But then, when work was resumed Monday, about 5,000 of the 8,000 machines were found to be out of commission and the remaining 2,500-3,000 partially on the blink.

Tuesday, Ali Akbar Salehi, Director of Iran's Nuclear Energy Commission tried to put a good face on the disaster. "Fortunately the nuclear Stuxnet virus has faced a dead end," he said. However, the IAEA report and Western intelligence confirm that the virus has gathered itself for a fresh onslaught on Iran's vital facilities.

According to an exclusive report reaching debkafile, Stuxnet is also in the process of raiding Iran's military systems, sowing damage and disorder in its wake.

On Nov. 17, in the middle of a massive air defense exercise, Iranian military sources reported six foreign aircraft had intruded the airspace over the practice sites and were put to flight by Iranian fighters. The next day, a different set of military sources claimed a misunderstanding; there had been no intrusions. Iranian fighters had simulated an enemy raid which too had been repulsed.
debkafile's military sources disclose there was no "misunderstanding." The foreign intruders had shown up on the exercise's radar screens, but when the fighter jets scrambled to intercept them, they found empty sky, meaning the radar instruments had lied.

The military command accordingly decided to give up on using the exercise as a stage for unveiling new and highly sophisticated weaponry, including a homemade radar system, for fear that they too may have been infected by the ubiquitous Stuxnet worm.