Dutch Engineer Sneaks Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility via Water Pump
A Dutch engineer, recruited by the intelligence services of the Netherlands, reportedly employed a water pump to deploy the infamous Stuxnet malware within an Iranian nuclear facility, according to a comprehensive two-year investigation conducted by Dutch newspaper De Volkskrant.
Stuxnet, widely attributed to the collaborative efforts of the United States and Israel, aimed to disrupt Iran’s nuclear program by compromising industrial control systems associated with nuclear centrifuges.
The malware, known for its worm capabilities, purportedly infected numerous devices and caused tangible damage to hundreds of machines.
Recruitment and Infiltration
De Volkskrant’s investigation, based on interviews with numerous sources, revealed that the AIVD, the Dutch intelligence and security service, recruited Erik van Sabben, a 36-year-old Dutch national working in Dubai, in 2005.
This recruitment reportedly followed requests for assistance from American and Israeli intelligence agencies. Notably, the Dutch agency allegedly did not fully disclose the operation’s details to the government.
The Ideal Operative
Van Sabben, possessing a technical background and engaged in business in Iran, was considered an ideal candidate for the task. The investigation suggests that he planted the Stuxnet malware on a water pump within the Natanz nuclear complex, a facility he had managed to infiltrate.
Although the extent of his awareness of the operation remains unclear, his family indicated signs of distress around the time of the Stuxnet attack.
Tragically, Van Sabben passed away in the United Arab Emirates two weeks after the Stuxnet attack in a motorcycle accident.
While former CIA Chief Michael Hayden acknowledged the estimated development cost of Stuxnet to be between $1 and $2 billion in an interview with De Volkskrant, some cybersecurity experts, including Costin Raiu and Mikko Hypponen, have expressed skepticism regarding this figure.