How a water pump was used to disable Iran's Nukes!

A two-year-long investigation by the Dutch newspaper De Volkskrant has uncovered a startling operation where a Dutch engineer was recruited by the Netherlands’ intelligence agency, the AIVD, to deploy malware at an Iranian nuclear facility using a seemingly harmless water pump.

The then 36-year-old Dutch civil engineer, Erik van Sabben, played a ‘crucial role’ in a 2007 mission backed by the US and Israel to sabotage an Iranian nuclear complex, releasing a highly advanced software virus called Stuxnet, bringing the Iranian nuclear program to a halt.

The malware was planted on a water pump installed in the Natanz-based Iranian nuclear complex after Van Sabben infiltrated it. His family claims he panicked before the attack. He died in a motorbike crash in Dubai two years after this incident.

Reportedly, Van Sabben worked at Dubai-based heavy transport firm, TTS International, where he could easily transport Western equipment to Iran. He was willing to take risks as he and his employer had connections in Iran. 

He used his position as a cover to infiltrate the facility and deliver the Stuxnet payload. The cover-and-stricken operation, involving the American CIA and Israeli Mossad, destroyed nearly a thousand ultracentrifuges for uranium enrichment, causing Iran’s nuclear weapons program to be delayed for a few years.

Van Sabben was recruited in 2005 for this job because he seemed the ideal candidate as he had a sound technical background, did business in Iran, and was married to an Iranian woman, Volkskrant journalist Huib Modderkolk wrote in their detailed investigative report. 

In 2012, The New York Times reported that former US Presidents George Bush Jr. and Barack Obama had personally granted permission to deploy Stuxnet in Iran, aiming to break centrifuges without Iran’s knowledge of the source of the sabotage. However, the Dutch agency did not inform its then government led by the CDA’s Jan Pieter Balkenende and the parliamentary committee about this mission.

De Volkskrant’s investigation reveals that Stuxnet cost between $1 and $2 billion. However, cybersecurity experts like WithSecure’s chief research officer Mikko Hypponen, have expressed doubts about the actual cost. Raiu also noted that the Stuxnet version Van Sabben installed back then could be Stuxnet 0.5, which wasn’t as impactful as its subsequent variants.

In 2019, the paper claimed that while the Netherlands played a significant role in the Stuxnet sabotage campaign, initially it was believed that the virus was installed by an Iranian engineer. MPs have called for an investigation into the claims, and the operation is also the subject of an NPO 2 documentary series.