WASHINGTON (Reuters) - The United States under former President George W. Bush began building a complex cyber-weapon to try to prevent Tehran from completing suspected nuclear weapons work without resorting to risky military strikes against Iranian facilities, current and former U.S. officials familiar with the program said.
Barack Obama accelerated the efforts after succeeding Bush in 2009, according to the sources who spoke on condition of anonymity because of the classified nature of the effort. The weapon, called Stuxnet, was eventually used against Iran’s main uranium enrichment facilities.
The effort was intended to bridge the time of uncertainty between U.S. administrations after the 2008 presidential election in which Obama was elected, and allow more time for sanctions and diplomacy to avert Iranian nuclear weapon development, according to the current and former officials.
The sources gave rare insight into the U.S. development of its cyber-warfare capabilities and the intent behind it.
One source familiar with the Bush administration’s initial work on Stuxnet said it had stalled Iran’s nuclear program by about five years.
“It bought us time. First, it was to get across from one administration to the next without having the issue blow up. And then it was to give Obama a little more time to come up with alternatives, through the sanctions, et cetera,” said the source.
Only in recent months have U.S. officials become more open about the work of the United States and Israel on Stuxnet, the sophisticated cyber-weapon directed against Iran’s Natanz nuclear enrichment facility that was first detected in 2010.
The cyber-attacks provided the United States with an avenue to try to stop Iran from producing a suspected weapon without turning to military strikes against Iranian facilities - all at a time when U.S. forces already were fighting wars in Iraq and Afghanistan, the sources said.
In the end, senior U.S. officials agreed the benefit of stalling Iran’s nuclear program was greater than the risks of the virus being harnessed by other countries or terrorist groups to attack U.S. facilities, one source said.
Two sources with direct knowledge of the U.S. program said it cost hundreds of millions of dollars to carry out.
The United States for years has been developing - and using - offensive cyber-capabilities to interfere with the computers of adversaries, including during the Battle of Falluja in Iraq in 2004 and in finding Osama bin Laden and other al Qaeda figures, the sources said.
Last year, the United States also explicitly stated for the first time that it reserved the right to retaliate with military force against a cyber-attack.
The New York Times reported on Friday that from his first months in office, Obama secretly ordered attacks of growing sophistication on the computer systems running the main Iranian nuclear enrichment facilities, greatly widening the first sustained U.S. use of cyber-weapons. The Times said the attacks were code-named Olympic Games.
White House spokesman Josh Earnest declined comment on the substance of the New York Times article, but denied “in the strongest possible terms” that it was an authorized leak of classified information. Obama is seeking re-election on November 6 in part on the strength of his foreign policy achievements.
Reuters reported on May 29 that the United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the Flame computer virus that was recently discovered in Iran and other parts of the Middle East.
Stuxnet is one of many weapons in the U.S. cyber-arsenal, which some experts say also includes a data-gathering tool known as Duqu that was deployed to cull information about Iran’s weapons programs.
Iranian officials have described the cyber-attacks as part of a “terrorist” campaign backed by Israel and the United States.
Some current and former U.S. officials, who asked not to be named, criticized the Obama administration for talking too freely to the media about classified operations.
Representative Peter King, the Republican chairman of the House of Representatives Committee on Homeland Security, said, “I believe that no one, including the White House, should be discussing cyber-attacks.”
“The U.S. will now be blamed for any sophisticated, malicious software, even if it was the Chinese or just criminals,” added Jason Healey, who has worked on cyber-security for the Air Force, White House and Goldman Sachs, and is now with the Atlantic Council research group.
Additional reporting by Jim Finkle in Boston and Mark Hosenball in Washington; Editing by Warren Strobel and Will Dunham