to Vienna, officials there realized that the number of centrifuges being removed far exceeded
what was normal.
Officially, the IAEA wont say how many centrifuges Iran replaced during this period. But
news reports quoting European diplomats put the number at 900 to 1,000. A former top IAEA
official, however, thinks the actual number was much higher. My educated guess is that 2,000
were damaged, says Olli Heinonen, who was deputy director of the Safeguards Division until he
resigned in October 2010.
Whatever the number, it was clear that something was wrong with the devices. Unfortunately,
Iran wasnt required to tell inspectors why they had replaced them, and, officially, the IAEA
inspectors had no right to ask. The agencys mandate was to monitor what happened to uranium
at the enrichment plant, not keep track of failed equipment.
What the inspectors didnt know was that the answer to their question was right beneath
their noses, buried in the bits and memory of the computers in Natanzs industrial control
room. Months earlier, in June 2009, someone had quietly unleashed a destructive digital
warhead on computers in Iran, where it had silently slithered its way into critical systems at
Natanz, all with a single goal in mindto sabotage Irans uranium enrichment program and
prevent President Mahmoud Ahmadinejad from building a nuclear bomb.
The answer was there at Natanz, but it would be nearly a year before the inspectors would
obtain it, and even then it would come only after more than a dozen computer security experts
around the world spent months deconstructing what would ultimately become known as one of
the most sophisticated viruses ever discovereda piece of software so unique it would make
history as the worlds first digital weapon and the first shot across the bow announcing the age of
digital warfare.
Reprinted from Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital
Weapon Copyright 2014 by Kim Zetter. Published by Crown Publishers, an imprint of
Random House LLC.