What was Israel’s connection to the AQ Khan nuclear network?

The New York Times reports that the Stuxnet worm which was designed to attack Iran’s nuclear enrichment program was a joint US-Israeli operation. One of the crucial elements in developing the plan was being able to test the malware’s ability to disable P-1 centrifuges — the type that Iran employs in cascades of thousands of centrifuges in it Natanz enrichment facility. Israel has row upon row of this type of centrifuge at its clandestine nuclear weapons production facility in Dimona.

The question is: how did Israel come to possess so many P-1 centrifuges? Did Israel obtain the centrifuges from AQ Khan?

The CIA was tracking the AQ Khan network for decades before it eventually shut it down in 2003. Douglas Frantz, co-author of Fallout: The True Story of the CIA’s Secret War on Nuclear Trafficking, told NPR: “By the time they finally acted in 2003, an enormous amount of the world’s most dangerous technology had been sold to the world’s most dangerous regimes. And that, in our view, was a policy failure, a policy failure of enormous proportions, really.”

Perhaps the most secretive part of the Stuxnet story centers on how the theory of cyberdestruction was tested on enrichment machines to make sure the malicious software did its intended job.

The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan.

The resulting machine, known as the P-1, for Pakistan’s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1’s to Iran, Libya, and North Korea.

The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs.

How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges.

“They’ve long been an important part of the complex,” said Avner Cohen, author of “The Worst-Kept Secret” (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program.

Print Friendly, PDF & Email

5 thoughts on “What was Israel’s connection to the AQ Khan nuclear network?

  1. Norman

    Perhaps a better question might be; how many bombs are already introduced to the whole of the middle east? Far fetched? Ace in the hole. Mad men know no bounds.

  2. rick

    Cyber-Pathology: Security Ecology in the Stuxnet Era

    Much can, cannot, and should not be said about offensive malware
    like Stuxnet, and about cyber-vulnerabilities in “Critical Infrastructure”,
    upon which the vast majority are increasingly dependent for survival —
    particularly those living in cities — more than 50% of world population.

    Advanced Malware Proliferation — e.g, Stuxnet — is at least as important
    an issue as nuclear proliferation. For essential CONTEXT about
    cyberwar/cybercrime, note: (1) In cyberspace, the terrain
    inherently favors the Offense; and (2) The U.S. is the nation
    most vulnerable to Offensive cyberwar and cybercrime.

    (1) http://www.theregister.co.uk/2010/07/29/internet_warfare_keynote/
    (2) http://www.nytimes.com/2010/04/27/books/27book.html?_r=5&pagewanted=all

    Assuming the U.S. greenlighted (and, more probably, aided) the Stuxnet
    operation, I question the wisdom of slowing Nuclear Proliferation,
    via actions that accelerate Malware Proliferation!

    (More on this topic, mostly after the digression below …)

    Re the side-issue — origin of Israel’s P-1 testbed — the NYT article claims,
    “[The U.S.] obtained a cache of P-1’s after Libya gave up its nuclear program in late 2003.” So Israel might have obtained another cache directly from Libya’s brokers, or via the U.S., or …

    Re the question of links between Israel and Khan … links are developed
    anytime an intel agency infiltrates a racket — whether it’s drugs,
    conventional arms, nuclear arms, or malware.

    It’s particularly important to note how networks restructure
    after their center is crushed (or their “head is decapitated”):

    A DANGEROUS DIASPORA of “bad expertise” occurs naturally — SUPPLY.
    And those who have a DEMAND for such expertise understand that —
    if they don’t bid early, bid often, and bid high in this new market —
    their opponents will get ahead in the Race for Arms, Drugs, or Malware.

    ## Hence our NSA announcing its entry into the illicit global Malware market.
    ## Message — We’re the NSA, and we’re Open For Business:

    The 1950’s public belatedly witnessed one scramble for “dangerous expertise”, after the Nazi rocket scientists were safely ensconced in the USA and USSR.

    We saw it again, with the breakup of the Soviet Union, and overt U.S.
    programs for multi-million $$ incentives to transform various Soviet
    nuclear weapons labs into peaceful, economically-viable ploughshares.

    Similar dynamics occurred after the peaceful revolution in South Africa.
    A thriving nuclear weapons complex — with longstanding ties to Israel —
    suddenly was available as new SUPPLY on the global arms market.

    Re the 2004 status of “South Africa’s Nuclear Underground”, see:
    http://www.centerforinvestigativereporting.org/node/3608 .
    Among the “after-market” parts and replacements they manufactured,
    I would expect P-1 legacy support to be very profitable.

    Re the diaspora of South African nuclear expertise, and the competitive
    recruiting activities by both Pakistan and Israel’s Dimona, see
    “Gideon’s Spies: the Secret History of the Mossad” — p. 534.
    I’ve not read the book, but I certainly find this description plausible:



    Back to the more important CONTEXT — the Malware-Nuke nexus —
    I do *not* find persuasive the Monday-morning quarterbacking
    by Douglas Frantz. Nuke proliferation was going to happen.
    It was a question of WHEN, not IF.

    Given that fact, it would pay to maintain deep infiltration of
    the only significant network that dominates the global market.
    (Rather than working to identify and then infiltrate numerous
    smaller players — that *you* created — after you “decapitated”
    Khan’s center, thus causing a new Dangerous Diaspora.)

    Why? So you have expertise on vulnerabilities, and opportunities
    to implant malware. We’ve been playing this game a long time folks.

    The first acknowledged incident of State-sponsored Malware sabotage
    was a 1982 attack — by the U.S. — against the USSR’s
    Trans-Siberian gas pipeline. The result?
    A 3-kiloton explosion — about 1/5 the magnitude of the Hiroshima blast:


    The U.S. is the nation most vulnerable to Cyberwar/Cybercrime/Cyberterrorism.
    Yet former Cyber-Security czar Richard Clarke is right: “The U.S.,
    almost single-handedly, is blocking Arms Control in Cyberspace.”
    Verification will be terribly problematic, but what’s the alternative?

    Bob Barr also notes that anti-Wikileaks retaliation highlights our need
    for *domestic* “Rules of Engagement” to control our internal Cyberwars:


    Our mindless rush toward shiny hi-tech toys has locked us into
    some very dangerous and degrading Infrastructure.

    As Thoreau warned, “Men have become the Tools of their Tools.”
    Smart Infrastructure breeds Dumb People.

  3. rick

    In my previous Comment, I should have extended point #2, and added
    important new point #3 about the Context of Stuxnet-era Security Ecology:

    (1) In cyberspace, the terrain inherently favors the Offense.

    (2) The U.S. is the nation most vulnerable to Offensive cyberwar,
    cybercrime, cyberterrorism, and new forms of Cyber-Power *Coercion*.
    (Americans need to understand the drive for power — via relentless
    Dark-side COIN innovation — by new forms of Non-State Actors
    like the Zeta Army.)

    (3) Stuxnet has ALREADY PROLIFERATED — wildly. The Stuxnet operation
    was tantamount to “proving the concept” of an Atomic Bomb by nuking Hiroshima … then posting both the blueprint and the manufacturing process for this Bomb to the internet, for any State or Non-State Actors to customize for their own purposes and targets.

    A U.S. National Cybersecurity Coordinator’s warning *WAS* correct:
    “We have about 90 days to fix this before some hacker begins using it.”
    Unfortunately, that time has long passed.

    Or as a colleague from the gray zone wrote presciently long ago:
    I worry Stuxnet becomes MIRV — Multiple Independent Re-targeting Vectored.
    I worry that, rather than cooperate in defense, cyber-warriors fight
    to control Stuxnet as offensive “asset”. I worry Stuxnet’s secondary
    Fog of InfoWar — its spreading cloak of “Plausible Deniability” — promotes
    and excuses ever more risky CyberWar proliferation, and HUMINT escalations.
    I worry the Worm-mongers didn’t worry enough — about “unknown unknowns”.

    The Stuxnet operation was sloppy, ill-considered, and — if it was
    greenlighted by the U.S. — constituted National Security Malpractice
    on the scale of our Iraq invasion. The U.S. Naval Institute blog says,
    “Stuxnet Exposing the Vulnerability of Entire Fleets to Worms”
    should be considered the #1 most important story of 2010 for the Navy.

    Instant blowback … the wonders of newfangled dual-use digital technology!

    (1) http://www.theregister.co.uk/2010/07/29/internet_warfare_keynote/
    (2) http://www.nytimes.com/2010/04/27/books/27book.html?_r=5&pagewanted=all
    (3A) http://www.nytimes.com/2010/09/27/technology/27virus.html
    (3B) http://blog.usni.org/2010/12/30/top-5-navy-stories-of-2010/

  4. Dieter Heymann

    Two small corrections: Khan did not steal the centrifuge secrets from the “Dutch” because he worked at the Germany-based enrichment plant. The development of the centrifuges had been a joint Dutch-German effort.

Comments are closed.