A review of Stuxnet, history’s first act of cyber warfare

On January 8, 2024, Dutch newspaper De Volkskrant published an in-depth look at operation “Olympic Games”, considered the first act of cyber warfare in history. Executed by the CIA and Mossad (US and Israeli intelligence agencies), it targeted Iran’s nuclear program. In 2008, a worm designed by US intelligence, Stuxnet, thus infected more than 45,000 computer systems, including 30,000 in Iran.

De Volkskrant reveals that Erik van Sabban, a Dutch engineer specialized in energy systems, and also a Dutch intelligence officer, led the hack. He worked for a United Arab Emirates company, regularly installing spare parts in the Iranian oil and gas infrastructure.

In 2008, he took advantage of a mission in Natanz, city where Tehran set up its nuclear program, to inject Stuxnet into a sensitive computer system, while installing a connected water pump. According to De Volkskrant, France, Germany and the Netherlands supported the operation, even though Dutch intelligence seemed to be unaware of its agent’s dealings in Iran.

Stuxnet allowed the CIA and Mossad to spy on critical Iranian computer systems for two years. At the end of 2009, the malware was used to sabotage the centrifuges of Iran’s nuclear program, by hijacking industrial control systems. Erik van Sabban had previously passed away in a motorcycle accident in January 2009. According to the investigation, there was no evidence of foul play.