Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Dutch engineer revealed as Stuxnet agent

New details have emerged of the alleged CIA and Mossad operation in Iran that saw damaging malware unleashed on computers worldwide.

user icon David Hollingworth
Thu, 11 Jan 2024
Dutch engineer revealed as Stuxnet agent
expand image

A Dutch newspaper has published the results of an in-depth investigation into the origins of the infamous Stuxnet virus, revealing for the first time that a Dutch engineer was responsible for implanting the virus at the Natanz Nuclear Facility in Iran in 2007.

The engineer – who was ostensibly working with the AIVD, or Dutch General Intelligence and Security Service – was Erik van Sabben, who at the time was working in Dubai and was married to an Iranian woman.

However, according to the publication de Volkskrant’s investigation, van Sabben and the AIVD were unaware of the specifics of the operation or of the nature of the Stuxnet virus that was being employed. They only knew that the operation would lead to Iran’s nuclear program being delayed.

============
============

The Dutch government of the time was also unaware of the details of the operation.

It also appears that the version of the Stuxnet virus that van Sabben managed to install – apparently via a water pump infiltrated into the facility – was an earlier one than the one that would go on to infect computers across Iran and around the world. Traditionally, the virus was thought to have been introduced to the Natanz facility via USB stick, though there were likely several different phases of infection.

The de Volkskrant investigation took two years, and the newspaper spoke to 43 people, including Dutch politicians, members of the Dutch intelligence services, and the former director of the Central Intelligence Agency (CIA), Michael Hayden.

When asked to confirm some details of the operation, Hayden did admit that he remembered it but could not say much else.

“I can’t say, sorry,” Hayden told the Dutch newspaper. “That’s still a secret.”

The engineer’s tale

Van Sabben’s story seems to be a rather sad one. According to de Volkskrant, van Sabben was a traveller and adventurer, and his position with a Dubai transport company made him an ideal recruit. He had connections in Iran, an Iranian wife, and knew the region.

The company van Sabben worked for, TTS International, also did business with Iran despite sanctions being in place.

“We did business in Iran at a time when it was officially no longer allowed,” Peter Knaap, director of TTS International, told de Volkskrant. Knaap was unaware of van Sabben’s status with the AIVD, but believes he was the right man for the job.

“But I am convinced that Erik could have done it,” Knaap said. “He wasn’t afraid to try things.”

According to the investigation, van Sabben spent some time in Iran in 2007, where he infiltrated the Natanz facility and installed water pumps that were carrying an early version of the Stuxnet virus. Then, in 2008, during an end-of-year visit to his wife’s family, van Sabben appears to have gotten nervous. A day into the trip, he wanted to leave the country.

Two weeks later, he died after crashing his motorcycle. The accident is not thought to have been suspicious, though some in the Dutch intelligence community said van Sabben “paid a high price” for his activity.

The virus van Sabben implanted was designed to sabotage vital centrifuges necessary to Iran’s nuclear weapons program, but after his death, the CIA and Mossad lost their access to the facility.

It’s this event that may have led to the virus being upgraded to spread itself, leading to Stuxnet being unleashed first throughout Iran and then to countries throughout the world, including the United States and Indonesia.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.