Category Archives: Espionage

Watching your Internet Fingerprint

Leave a reply

The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently difficult: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus, unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.

The Active Authentication program seeks to address this problem by developing novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics. Biometrics is defined as the characteristics used to uniquely recognize humans based upon one or more intrinsic physical or behavioral traits. This program focuses on the computational behavioral traits that can be observed through how we interact with the world. Just as when you touch something with our finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a “cognitive fingerprint.”

This BAA addresses the first phase of this program. In the first phase of the program, the focus will be on researching biometrics that does not require the installation of additional hardware sensors. Rather, DARPA will look for research on biometrics that can be captured through the technology already in use in a standard DoD office environment, looking for aspects of the “cognitive fingerprint.” A heavy emphasis will be placed on validating any potential new biometrics with empirical tests to ensure they would be effective in large scale deployments.

The later planned phases of the program that are not addressed in this BAA will focus on developing a solution that integrates any available biometrics using a new authentication platform suitable for deployment on a standard Department of Defense desktop or laptop. The planned combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user’s normal computing experience. The authentication platform is planned to be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from any source.

The combined aspects of the individual that this program is attempting to uncover are the aspects that are the computational behavioral “fingerprint” of the person at the keyboard. This has also been referred to in existing research as the “cognitive fingerprint.” The proposed theory is that how individuals formulate their thoughts and actions are reflected through their behavior, and this behavior in turn can be captured as metrics in how the individual performs tasks using the computer.

Some examples of the computational behavior metrics of the cognitive fingerprint include:

− keystrokes

− eye scans

− how the user searches for information (verbs and predicates used)

− how the user selects information (verbs and predicates used)

− how the user reads the material selected

• eye tracking on the page

• speed with which the individual reads the content

− methods and structure of communication (exchange of email)

These examples are only provided for illustrative purposes and are not intended as a list of potential research topics. The examples above include potential biometrics that would not be supported through this BAA due to a requirement for the deployment of additional hardware based sensors (such as tracking eye scans).

Excerpt from, Broad Agency Announcement, Active Authentication, DARPA-BAA-12-06, January 12, 2012

On Feb. 12, 2013, two groups announced related projects. The first is an industry group calling itself the FIDO (Fast IDentity Online) Alliance. It consists of the computer-maker, Lenovo, the security firm, Nok Nok Labs, the online payment giant, PayPal, the biometrics experts, Agnito, and the authentication specialists, Validity. The second is the Defense Advanced Research Project Agency (DARPA), a research and development arm of the Defense Department.

Excerpt from DARPA, FIDO Alliance Join Race to Replace Passwords, CNET, Feb. 12, 2013

Just Hit See-Me: the new military satellites

Leave a reply

The Seeme Program from DARPA website:

DARPA’s SeeMe (Space Enabled Effects for Military Engagements) program aims to give mobile individual US warfighters access to on-demand, space-based tactical information in remote and beyond- line-of-sight conditions. If successful, SeeMe will provide small squads and individual teams the ability to receive timely imagery of their specific overseas location directly from a small satellite with the press of a button — something that’s currently not possible from military or commercial satellites.

The program seeks to develop a constellation of small “disposable” satellites, at a fraction of the cost of airborne systems, enabling deployed warfighters overseas to hit ‘see me’ on existing handheld devices to receive a satellite image of their precise location within 90 minutes. DARPA plans SeeMe to be an adjunct to unmanned aerial vehicle (UAV) technology, which provides local and regional very-high resolution coverage but cannot cover extended areas without frequent refueling. SeeMe aims to support warfighters in multiple deployed overseas locations simultaneously with no logistics or maintenance costs beyond the warfighters’ handheld devices.

The SeeMe constellation may consist of some two-dozen satellites, each lasting 60-90 days in a very low-earth orbit before de-orbiting and completely burning up, leaving no space debris and causing no re-entry hazard. The program may leverage DARPA’s Airborne Launch Assist Space Access (ALASA) program, which is developing an aircraft-based satellite launch platform for payloads on the order of 100 lbs. ALASA seeks to provide low-cost, rapid launch of small satellites into any required orbit, a capability not possible today from fixed ground launch sites.

Raytheon Company was awarded a $1.5 million Defense Advanced Research Projects Agency (DARPA) contract for phase one of the agency’s Space Enabled Effects for Military Engagements (SeeMe) program. During the next nine months, the company will complete the design for small satellites to enhance warfighter situational awareness in the battlespace.  Raython News Release, Dec. 13, 2012

How to Command the Deep Sea: deep sea capsules of DARPA

Leave a reply

Distributed systems to hibernate in deep-sea capsules for years, wake up when commanded, and deploy to surface providing operational support and situational awareness.

Today, cost and complexity limit the Navy to fewer weapons systems and platforms, so resources are strained to operate over vast maritime areas. Unmanned systems and sensors are commonly envisioned to fill coverage gaps and deliver action at a distance. However, for all of the advances in sensing, autonomy, and unmanned platforms in recent years, the usefulness of such technology becomes academic when faced with the question, “How do you get the systems there?” DARPA’s Upward Falling Payloads program seeks to address that challenge.

The UFP concept centers on developing deployable, unmanned, distributed systems that lie on the deep-ocean floor in special containers for years at a time. These deep-sea nodes would then be woken up remotely when needed and recalled to the surface. In other words, they “fall upward.”

“The goal is to support the Navy with distributed technologies anywhere, anytime over large maritime areas. If we can do this rapidly, we can get close to the areas we need to affect, or become widely distributed without delay,” said Andy Coon, DARPA program manager. “To make this work, we need to address technical challenges like extended survival of nodes under extreme ocean pressure, communications to wake-up the nodes after years of sleep, and efficient launch of payloads to the surface.”

Source DARPA, Jan. 11, 2013

DARPA will host a Proposers’ Day Conference for the Upward Falling Payload (UFP) program on Friday, January 25, 2012 in Arlington, VA at the DARPA Conference Center, in support of the Broad Agency Announcement (BAA) DARPA-BAA-13-17

Cost and complexity limit the number of ships and weapon systems the Navy can support in forward operating areas. This concentration of force structure is magnified as areas of contested environments grow. A natural response is to develop lower-cost unmanned and distributed systems that can deliver effects and situation awareness at a distance. However, power and logistics to deliver these systems over vast ocean areas limit their utility. The Upward Falling Payload (UFP) program intends to overcome these barriers. The objective of the UFP program is to realize a new approach for enabling forward deployed unmanned distributed systems that can provide non-lethal effects or situation awareness over large maritime areas. The approach centers on pre-deploying deep-ocean nodes years in advance in forward areas which can be commanded from standoff to launch to the surface. The UFP system is envisioned to consist of three key subsystems: (1) The ‘payload’ which executes waterborne or airborne applications after being deployed to the surface, (2) The UFP ‘riser’ which provides pressure tolerant encapsulation and launch (ascent) of the payload, and (3) The UFP communications which triggers the UFP riser to launch. A multi-phase effort is envisioned to design, develop, and demonstrate UFP systems.

Source: Federal Business Opportunities

Inside the CIA: the Scorpions

Leave a reply

The rapid collapse of a U.S. diplomatic compound in Libya exposed the vulnerabilities of State Department facilities overseas. But the CIA’s ability to fend off a second attack that same night provided a glimpse of a key element in the agency’s defensive arsenal: a secret security force created after the Sept. 11, 2001, attacks.  Two of the Americans killed in Benghazi were members of the CIA’s Global Response Staff, an innocuously named organization that has recruited hundreds of former U.S. Special Forces operatives to serve as armed guards for the agency’s spies.   The GRS, as it is known, is designed to stay in the shadows, training teams to work undercover and provide an unobtrusive layer of security for CIA officers in high-risk outposts.  But a series of deadly scrapes over the past four years has illuminated the GRS’s expanding role, as well as its emerging status as one of the CIA’s most dangerous assignments.

Of the 14 CIA employees killed since 2009, five worked for the GRS, all as contractors. They include two killed at Benghazi, as well as three others who were within the blast radius on Dec. 31, 2009, when a Jordanian double agent detonated a suicide bomb at a CIA compound in Khost, Afghanistan.  GRS contractors have also been involved in shootouts in which only foreign nationals were killed, including one that triggered a diplomatic crisis. While working for the CIA, Raymond Davis was jailed for weeks in Pakistan last year after killing two men in what he said was an armed robbery attempt in Lahore. (pdf from cryptome.org)

The increasingly conspicuous role of the GRS is part of a broader expansion of the CIA’s paramilitary capabilities over the past 10 years. Beyond hiring former U.S. military commandos, the agency has collaborated with U.S. Special Operations teams on missions including the raid that killed Osama bin Laden and has killed thousands of Islamist militants and civilians with its fleet of armed drones.

CIA veterans said that GRS teams have become a critical component of conventional espionage, providing protection for case officers whose counterterrorism assignments carry a level of risk that rarely accompanied the cloak-and-dagger encounters of the Cold War.  Spywork used to require slipping solo through cities in Eastern Europe. Now, “clandestine human intelligence involves showing up in a Land Cruiser with some [former] Deltas or SEALs, picking up an asset and then dumping him back there when you are through,” said a former CIA officer who worked closely with the security group overseas.  Bodyguard details have become so essential to espionage that the CIA has overhauled its training program at the Farm — its case officer academy in southern Virginia — to teach spies the basics of working with GRS teams.

The security apparatus relies heavily on contractors who are drawn by relatively high pay and flexible schedules that give them several months off each year. In turn, they agree to high-risk assignments in places such as Benghazi and are largely left on their own to take basic precautions, such as finding health and life insurance.

Current and former U.S. intelligence officials said the GRS has about 125 employees working abroad at any given time, with at least that many rotating through cycles of training and off-time in the United States.  At least half are contractors, who often earn $140,000 or more a year and typically serve 90- or 120-day assignments abroad. Full-time GRS staff officers — those who are permanent CIA employees — earn slightly less but collect benefits and are typically put in supervisory roles.  The work is lucrative enough that recruiting is done largely by word of mouth, said one former U.S. intelligence official. Candidates tend to be members of U.S. Special Forces units who have recently retired, or veterans of police department SWAT teams.  Most GRS recruits arrive with skills in handling the weapons they will carry, including Glock handguns and M4 rifles. But they undergo additional training so they do not call attention to the presence or movements of the CIA officers they are in position to protect.

Although the agency created the GRS to protect officers in war zones such as Iraq and Afghanistan, it has been expanded to protect secret drone bases as well as CIA facilities and officers in locations including Yemen, Lebanon and Djibouti.  In some cases, elite GRS units provide security for personnel from other agencies, including National Security Agency teams deploying sensors or eavesdropping equipment in conflict zones, a former special operator said. The most skilled security operators are informally known as “scorpions.”  “They don’t learn languages, they’re not meeting foreign nationals and they’re not writing up intelligence reports,” a former U.S. intelligence official said. Their main tasks are to map escape routes from meeting places, pat down informants and provide an “envelope” of security, the former official said, all while knowing that “if push comes to shove, you’re going to have to shoot.”

The consequences in such cases can be severe. Former CIA officials who worked with the GRS still wince at the fallout from Davis’s inability to avoid capture as well as his decision to open fire in the middle of a busy street in Pakistan. The former security contractor, who did not respond to requests for comment, said he was doing basic “area familiarization” work, meaning learning his surroundings and possibly mapping routes of escape, when he was confronted by two Pakistanis traveling by motorcycle.  Davis became trapped at the scene, and his arrest provoked a diplomatic standoff between two tense allies in the fight against terrorism.  The CIA took heavy criticism for the clumsiness of the Davis episode, temporarily suspending the drone campaign in Pakistan before U.S. payments to the families of the men Davis had killed helped secure his release.

Excerpt, Greg Miller and Julie Tate, CIA’s Global Response Staff emerging from shadows after incidents in Libya and Pakistan, Washington Post. Dec. 26, 2012

Ship Breaking – Greens against workers

Leave a reply

At its height in 2008 Bangladesh’s ship-breaking industry accounted for half of all ships scrapped in the world, according to IHS, a consultancy. Today the country accounts for around a fifth. In these years Bangladeshi ship breakers found themselves at the forefront of criticism as NGOs and pressure groups exposed some of the worst practices causing environmental and human harm. These included high health risks due to injuries, noxious fumes and the handling of asbestos. Critics say one way in which Bangladesh competes on cost is that poor workers are unlikely to file claims for accidents or bad health. Another advantage is (or was) the use of child labour.

In 2009 the Bangladesh Environmental Lawyers Association (BELA), a public-advocacy group, convinced the Supreme Court to ban all ship recycling not meeting certain environmental standards. The court’s decision meant that by 2010 the ship-breaking industry had come to a halt. Zahirul Islam of PHP, a local manufacturer with a big ship-breaking division (the industry prefers to call it ship recycling), says that for 14 months the company was unable to import a single vessel for breaking.  Knock-on effects hurt the wider economy. A World Bank study estimated that ship breaking employed over 200,000 in Bangladesh. Many of the jobs were subsequently lost. And domestic steel prices rose sharply. Half of all Bangladesh’s steel comes from breaking ships.  Under pressure from the ship breakers, Bangladesh’s prime minister, Sheikh Hasina, has since relaxed the regulations. Hefzatur Rahman, president of the Bangladesh Ship Breakers Association, believes this has saved the industry. From just a score of vessels scrapped in the main part of Chittagong two years ago, about 150 were broken up in 2011.

Greens are not happy and want the ban reimposed. Delphine Reuter of the Shipbreaking Platform, an NGO in Brussels, describes ship recycling as “close to slavery”. It and BELA are leading the call for more regulation. That bothers international shipping firms and ship brokers, which argue that Bangladeshi ship breakers have cleaned up their act.

At the International Maritime Organisation, the UN agency responsible for curbing shipping pollution and ensuring safety, the head of pollution prevention, Nikos Mikelis, says environmentalists present Bangladesh with a false choice. “They say they are happy to have the industry, but not on the beaches. Where do they want it? In the mountains?”

Ship breaking in Bangladesh: Hard to break up, Economist, Oct. 27, 2012, at 44

The Swiss Nuke Smugglers, CIA and Libya

Leave a reply

Three Swiss engineers are set to escape jail for nuclear smuggling, in part because they helped the CIA bust a global ring that was supplying Libya’s atomic weapons program.  Urs Tinner, his brother Marco, and their father Friedrich are accused of aiding the smuggling network of Pakistani nuclear scientist Abdul Qadeer Khan.  But according to Swiss prosecution documents released Tuesday setting out a plea bargain deal, the three also cooperated with U.S. authorities who were able to seize a shipment of nuclear equipment destined for Libya in 2003.  The CIA operation ultimately destroyed the Khan network and Libya gave up its efforts to acquire nuclear weapons.

Prosecutors say their work was hampered by the Swiss government’s decision to destroy key evidence in the case.  The plea bargain will be put before a Swiss court for approval next week.

Swiss nuke smugglers who helped CIA to escape jail, Associated Press, Sept. 18, 2012

Cyberwar: Attacking the Pipelines

Leave a reply

The vast U.S. network of natural gas and hazardous liquid pipelines is integral to U.S. energy supply and has vital links to other critical infrastructure. While an efficient and fundamentally safe means of transport, this network is vulnerable to cyber attacks. In particular, cyberinfiltration of supervisory control and data acquisition (SCADA) systems could allow successful “hackers” to disrupt pipeline service and cause spills, explosions, or fires—all from remote locations.

In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. These intrusions have heightened congressional concern about cybersecurity in the U.S. pipelines sector. The Transportation Security Administration (TSA) is authorized by federal statute to promulgate pipeline physical security and cybersecurity regulations, if necessary, but the agency has not issued such regulations. TSA officials assert that security regulations could be counterproductive because they could establish a general standard below the level of security already in place for many pipelines…. While the pipelines sector has many cybersecurity issues in common with other critical infrastructure sectors, it is somewhat distinct in several ways:

• Pipelines in the United States have been the target of several confirmed terrorist plots and attempted physical attacks since September 11, 2001.

• Changes to pipeline computer networks over the past 20 years, more sophisticated hackers, and the emergence of specialized malicious software have made pipeline SCADA operations increasingly vulnerable to cyber attacks.

• There recently has been a coordinated series of cyber intrusions specifically targeting U.S. pipeline computer systems.

• TSA already has statutory authority to issue cybersecurity regulations for pipelines if the agency chooses to do so, but it may not have the resources to develop, implement, and enforce such regulations if they are mandated….

In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. The incidents drew new attention to an Al Qaeda video obtained in 2011 by the Federal Bureau of Investigation (FBI) reportedly calling for “electronic jihad” against U.S. critical infrastructure.  These cybersecurity events coupled with serious consequences from recent pipeline accidents have heightened congressional concern about cybersecurity measures in the U.S. pipelines sector.

Excerpt, Paul W. Parfomak, Pipeline Cybersecurity: Federal Policy, CRS Report for Congress, Aug. 16, 2012

US Cyberattacks against Enemies: Afghanistan

Leave a reply

The U.S. military has been launching cyberattacks against its opponents in Afghanistan, a senior officer says, making an unusually explicit acknowledgment of the oft-hidden world of electronic warfare.  Marine Lt. Gen. Richard P. Mills’ comments came last week at a conference in Baltimore during which he explained how U.S. commanders considered cyber weapons an important part of their arsenal.  “I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyber operations against my adversary with great impact,” Mills said. “I was able to get inside his nets, infect his command-and-control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.”

Mills, now a deputy commandant with the Marine Corps, was in charge of international forces in southwestern Afghanistan between 2010 and 2011, according to his official biography. He didn’t go into any further detail as to the nature or scope of his forces’ attacks, but experts said that such a public admission that they were being carried out was itself striking.  “This is news,” said James Lewis, a cyber-security analyst with the Washington-based Center for Strategic and International Studies. He said that while it was generally known in defense circles that cyberattacks had been carried out by U.S. forces in Afghanistan, he had never seen a senior officer take credit for them in such a way.  “It’s not secret,” Lewis said in a telephone interview, but he added: “I haven’t seen as explicit a statement on this as the one” Mills made.  The Pentagon did not immediately respond to an email seeking comment on Mills’ speech.

U.S. defense planners have spent the past few years wondering aloud about how and under what circumstances the Pentagon would launch a cyber attack against its enemies, but it’s only recently become apparent that a sophisticated program of U.S.-backed cyberattacks is already under way.  A book by The New York Times reporter David Sanger recently recounted how President Barack Obama ordered a wave of electronic incursions aimed at physically sabotaging Iran’s disputed atomic energy program. Subsequent reports have linked the program to a virus dubbed Flame, which prompted a temporary Internet blackout across Iran’s oil industry in April, and another virus called Gauss, which appeared to have been aimed at stealing information from customers of Lebanese banks. An earlier report alleged that U.S. forces in Iraq had hacked into a terrorist group’s computer there to lure its members into an ambush.

Herbert Lin, a cyber expert at the National Research Council, agreed that Mills’ comments were unusual in terms of the fact that they were made publicly. But Lin said that the United States was, little by little, opening up about the fact that its military was launching attacks across the Internet.  “The U.S. military is starting to talk more and more in terms of what it’s doing and how it’s doing it,” he said. “A couple of years ago it was hard to get them to acknowledge that they were doing offense at all — even as a matter of policy, let alone in specific theaters or specific operations.”

Mills’ brief comments about cyberattacks in Afghanistan were delivered to the TechNet Land Forces East conference in Baltimore on Aug. 15, but they did not appear to have attracted much attention at the time. Footage of the speech was only recently posted to the Internet by conference organizers

Marine General: We Launched Cyberattacks Against Afghanistan, CBS News, Aug. 24, 2012

Who is Trapwire? CIA’s surveillance machinery

Leave a reply

Trapwire is the name of a program revealed in the latest Wikileaks bonanza—it is the mother of all leaks, by the way….. “Former senior intelligence officials have created a detailed surveillance system more accurate than modern facial recognition technology—and have installed it across the U.S. under the radar of most Americans, according to emails hacked by Anonymous.  Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence. It’s part of a program called TrapWire and it’s the brainchild of the Abraxas, a Northern Virginia company (has been acquired by Cubic corporation) staffed with elite from America’s intelligence community.  The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation’s ties are assumed to go deeper than even documented. The details on Abraxas and, to an even greater extent TrapWire, are scarce, however, and not without reason. For a program touted as a tool to thwart terrorism and monitor activity meant to be under wraps, its understandable that Abraxas would want the program’s public presence to be relatively limited. But thanks to last year’s hack of the Strategic Forecasting intelligence agency, or Stratfor, all of that is quickly changing.”  So: those spooky new “circular” dark globe cameras installed in your neighborhood park, town, or city—they aren’t just passively monitoring. They’re plugged into Trapwire and they are potentially monitoring every single person via facial recognition.

Excerpts, David Seaman, WIKILEAKS: Surveillance Cameras Around The Country Are Being Used In A Huge Spy Network, Businessinsider.com, Aug. 10, 2012

See also Top Secret America

Beyond GPS: All Source Positioning and Navigation

Leave a reply

DARPA’s All Source Positioning and Navigation (ASPN) program seeks to enable low cost, robust, and seamless navigation solutions for military users on any operational platform and in any environment, with or without GPS. In particular, ASPN will develop the architectures,  abstraction methods, and navigation filtering algorithms needed for rapid integration and reconfiguration of any combination of sensors. This will enable rapid adaptation to evolving missions as well as reduction of the system integration costs and time-to-market for navigation solutions in general.

The goal of Phase 2 of ASPEN is to address the issues of optimization and real-time operation, showing capabilities beyond basic plug-and-play flexibility. Solutions must be capable of adapting to a diverse set of sensor and IMU inputs and selectively choosing the subset of measurements that produces the best possible solution, ideally mirroring the result from a tuned filter solution for that same scenario….Phase 2 solutions will need to demonstrate real-time operation in representative field (non-laboratory) environments. Although adaptability is the main goal of the ASPN program, the possibility of ASPN accuracy being substantially better than current state of art should be considered, given accommodation by ASPN of larger and more diverse sensor suites, ease of optimizing ASPN to immediate applications, and potential synergistic benefits of an open architecture.

What is In-Q-Tel? Technology Branch of CIA

Leave a reply

Throughout its lifetime, the CIA has operated at the cutting edge of science and technology. From the U-2 spy plane to the CORONA satellite, CIA’s “wizards of Langley” earned a reputation for bold innovation and risk taking, working in advance of the private sector and other branches of government. Much of CIA’s technology success was a result of identifying gaps and opportunities.  By the late 1990s, the pace of commercial innovation had overtaken the ability of government agencies to develop and incorporate new technologies. Private industry represented technical insights and innovation far too important to ignore. Driven by private sector R&D investment, these commercial technologies addressed many of the same information technology, biotechnology, communications, and energy challenges that faced the Intelligence Community.

In 1998, CIA identified technology as a top strategic priority, and set out a radical plan to create a new venture that would help increase the CIA’s access to private sector innovation. In-Q-Tel was chartered in February 1999 by a group of private citizens at the request of the Director of Central Intelligence and with the support of the U.S. Congress. IQT was tasked with building a bridge between the Agency and a new set of technology innovators.

From the website IQT (2012)

United States, Iran and the Stuxnet Worm

Leave a reply

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.  Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.  At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.  “Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.  Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.  These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.

Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.

Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.

The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.

It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.

A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.

Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.

Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.  Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.

For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.

The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.  The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.

Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.  It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.  Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.  The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.

Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.  When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.

Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.

“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data…  Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”

In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.  The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.  The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. “This may have been the most brilliant part of the code,” one American official said.

Later, word circulated through the International Atomic Energy Agency, the Vienna-based nuclear watchdog, that the Iranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.  “The intent was that the failures should make them feel they were stupid, which is what happened,” the participant in the attacks said. When a few centrifuges failed, the Iranians would close down whole “stands” that linked 164 machines, looking for signs of sabotage in all of them. “They overreacted,” one official said. “We soon discovered they fired people.”

Imagery recovered by nuclear inspectors from cameras at Natanz — which the nuclear agency uses to keep track of what happens between visits — showed the results. There was some evidence of wreckage, but it was clear that the Iranians had also carted away centrifuges that had previously appeared to be working well.  But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush’s advice….

But the good luck did not last. In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

“I don’t think we have enough information,” Mr. Obama told the group that day, according to the officials. But in the meantime, he ordered that the cyberattacks continue. They were his best hope of disrupting the Iranian nuclear program unless economic sanctions began to bite harder and reduced Iran’s oil revenues.

American cyberattacks are not limited to Iran, but the focus of attention, as one administration official put it, “has been overwhelmingly on one country.” There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. “We’ve considered a lot more attacks than we have gone ahead with,” one former intelligence official said….

Mr. Obama has repeatedly told his aides that there are risks to using — and particularly to overusing — the weapon. In fact, no country’s infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. It is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against Iran.

DAVID E. SANGER,Obama Order Sped Up Wave of Cyberattacks Against Iran, New York Times, June 1, 2012