GCHQ intel used to develop Stuxnet, claims new documentary
US peppered Iran with thousands of cyberwar weapons
The super worm known as Stuxnet was but a cog in an active US war program in which hundreds of thousands of network implants and backdoors in Iran networks were actively maintained to facilitate a devastating barrage of hacking attacks, a documentary claims.
Zero Days, due to screen at the Berlin Film Festival today, claims that Stuxnet was just one part of an operation called "Olympic Games" that is itself part of a wider effort dubbed "Nitro Zeus" that involves hundreds of US defence personnel.
Nitro Zeus may also involve Israel, the film alleges.
Reports from those who've seen or been briefed on the film suggest it alleges that Stuxnet's authors attempted to keep the program covert by restricting the malware to infect only Iranian machines.
Forte Mead hackers worked furiously to mop-up infected computers after a leak became apparent.
Israeli counterparts reportedly screwed the pooch when they later unleashed a more aggressive and noisier version of Stuxnet that infected thousands of computers across more than 115 countries.
The worm was soon discovered in 2010 and promptly analysed - and gaped at askance - by the security industry and media.
The film asserts that Stuxnet contained four zero day vulnerabilities and was precision-designed for the Natanz facility using intelligence supplied by Britain's GCHQ.
It is not stated in the documentary whether the GCHQ had knowledge of Nitro Zeus, a fact that could breach national laws regarding use of intelligence material in that country.
US State Department and National Security Agency officials expressed concern over the likelihood that Nitro Zeus would devastate civilian infrastructure.
One unnamed source said Nitro Zeus planners had "no f**king clue" regarding the potential impacts of the attacks.
Former CIA and NSA director Michael Hayden says while he had no knowledge of Nitro Zeus the program has prematurely legitimised state-backed network centric warfare before rules of engagement could be agreed. ®
Sponsored: 2016 Cyberthreat defense report