A new documentary blows the lid off the attack, and how Israel took up where the US left off

Originally Appeared at ZDNet. Translated from the German by Kay Olms

The Stuxnet worm was initially provided by the U.S. military for a large cyber attack, targeted against Iran. This is related by insiders in the documentary "Zero Days", which had premiere in Berlin on 17th February and which Buzzfeed was able to see in advance. The name of the operation was "Nitro Zeus". It was aimed against civilian, as well as military infrastructure.

Sources are at least five informants from the U.S. military and intelligence services, who have actually been replaced in the film by avatars. According to these informants, the operation was planned in the "Remote Operations Center" of the NSA, in Fort Meade (Maryland). The operation should have crippled power plants, also transport infrastructure and air defenses.

The attack ultimately did not take place, since representatives of the Ministry of Foreign Affairs, as well as from the NSA, had doubts about the legality and moral justifiability. After all, civilians would have been affected, too.

Subsequently, it was Israel who modified the Stuxnet malware to attack nuclear facilities in Iran. Israel made the program more aggressive and smuggled it without U.S. support into the facility at Natanz. Additionally, knowledge of the British GCHQ was utilized. As is generally known, Stuxnet destroyed about a fifth of the centrifuges of the nuclear research program in Iran. The worm later spread in an uncontrolled manner and caused a lot of damage also to the U.S. economy.

Director of "Zero Days" is Oscar-winner Alex Gibney. According to him, Nitro Zeus was probably the largest and most complex cyberwar plan the US has ever created. His sources give reference to hundreds of employees and hundreds of millions of dollars spent on the disruption of the infrastructure of Iran; to corrode and destroy it, leaving the the attacker undetectable.

It wasn't just a theoretical concept. Intelligence employees had already gained access to relevant systems and had verified live connections almost nightly, so that it was possible to strike at any time. The film focuses on the justification of such a cyber attack – but his informants also speak about a lack of control. Some intelligence colleagues have had no idea what consequences would have followed from the attacks. It was quite conceivable, for example, that the entire electrical grid of Iran would have gone offline. According to Edward Snowden, the USA had accidentally caused a nearly complete Internet blackout in Syria in 2012.

Former Director of both the CIA and NSA, Michael Hayden, is interviewed in the film about the legitimacy of an operation such as Nitro Zeus. His view which is reproduced by Buzzfeed is that there are no applicable international standards. He doesn't have any detailed knowledge, but in principle, any action implemented by the United States worldwide is regarded as the new standard - so whatever the US does in practice is what is to be allowed. Hayden criticizes the overly strict secrecy surrounding such projects, which preventings "mature public discussion".

The fact that Stuxnet can be traced back to the intelligence services of the US and Israel was researched in 2012 by the New York Times. Confirmation for this came from Edward Snowden's publications which contained, among other things, evidence of the preparation of a cyber war. And Kaspersky Lab published a report in 2015 about the operations of the "Equation Group". This group is apparently either identical with the Stuxnet authors, or it has worked closely together with them. It is referred to as the "most advanced hacker group in the world."