Diplomats: IAEA fears Iran hackers after facilities tour
VIENNA -- The U.N. nuclear agency is investigating reports from its experts that their cellphones and laptops may have been hacked into by Iranian officials looking for confidential information while the equipment was left unattended during inspection tours in the Islamic Republic, diplomats said.
One of the diplomats said the International Atomic Energy Agency is examining "a range of events, ranging from those where it is certain something has happened to suppositions," all in the first quarter of this year. He said the Vienna-based nuclear watchdog agency was alerted by inspectors reporting "unusual events," suggesting that outsiders had tampered with their electronic equipment.
Two other diplomats in senior positions confirmed the essence of the report but said they had no further information. All three envoys come from member nations of the International Atomic Energy Agency and spoke on condition of anonymity because their information was privileged.
Agency spokeswoman Gill Tudor said the IAEA had no comment on the issue. IAEA inspectors are in Iran touring various facilities every other week.
An agency official, who also spoke on condition that he not be identified, said strict security measures included inspectors' placing their cellphones into seamless paper envelopes, then sealing these and writing across the seal and the envelope to spot any unauthorized opening while they were away.
He said inspectors are not allowed to take their cellphones with them while touring Iran's uranium enrichment facilities and other venues. Laptops, he said, are either locked in bags or sealed the same way as cellphones when they are left temporarily unattended by inspectors. The computers also are sometimes left unattended in hotel rooms at the end of a work day, he said.
But the diplomat who spoke at greatest length about the reported breach said the Iranians had found ways to overcome the security measures. He said he had no further details.
Iran has been under IAEA inspections for nearly a decade after revelations that it was running a secret uranium enrichment program and has been hit with four rounds of U.N. Security Council sanctions over its refusal to halt the activity.
Tehran insists it wants only to provide peaceful nuclear energy for its rising population and notes that the Nuclear Nonproliferation Treaty allows for enrichment as a source of fuel.
But international concerns have grown. The uranium enrichment program could also make fissile warhead material. Also, Iran refuses to cooperate with U.N. investigations of suspicions that it ran alleged experiments related to making nuclear weapons.
Low-enriched uranium can be used to fuel a reactor to generate electricity, which Iran says is the intention of its program. But if uranium is further enriched to around 90 percent purity, it can be used to develop a nuclear warhead.
Olli Heinonen, who stepped down last year as the IAEA's deputy director general in charge of investigating Iran's nuclear program, said information on the laptops is encrypted -- and therefore difficult to decipher. Anybody gaining access to information on cellphones would find little sensitive material, he said.
Heinonen speculated that any attempt to access such equipment might have been meant to plant spyware designed to infect the IAEA computer network once the cellphones or laptops are connected and siphon off information.
"It's possible if there is tampering that something is planted in the computer and when you work with sensitive data it transmits it or it contaminates other computers with sensitive information -- like Stuxnet," he said.
IAEA officials attribute a temporary breakdown of Iran's enrichment program late last year to the Stuxnet computer worm, and Tehran has acknowledged that Stuxnet affected a limited number of centrifuges -- a key component in uranium enrichment -- at its main uranium enrichment facility in the central city of Natanz. Tehran blames the United States and Israel for creating and planting the malware.