Queen Esther Stuxnet

Wednesday night starts Purim, a Jewish holiday which celebrates the victory of Jewish people led by Queen Esther over an ancient Persian king’s grand vizier, Haman. If he were alive today, Hamen would have been a Democrat because he hated Jews and got permission from the king to kill all the Jews in the Persian Empire, but before he could complete his plan it was foiled by Queen Esther.  What people don’t know is despite the 2000+ year difference, that same Biblical Queen Esther who saved the Jews in the Purim Story, also protected the Jews when she sabotaged the nuclear bomb program of Iran, the modern Persia.

Nine years ago that same biblical queen delayed the Iranians quest for a nuclear weapon for about two years. The first time she defeated the evil in Persia, Esther used her beauty. The second time Esther used a computer worm named Stuxnet.

Stuxnet was a malicious computer worm that, when it got into Iran’s computer systems, destroyed the rogue nation’s nuclear centrifuges. The job of the centrifuge is to enrich uranium so it could be used for reactors and/or weapons. This is done by spinning the impurities out of the uranium. The computer worm Stuxnet “took control” of the centrifuges and spun them of control, until they burned out. This cyber-attack slowed down Iran’s march toward a nuclear weapon. The worm was so successful that in 2011 both the United States and Israel pushed back their timelines, and reported that Iran was a few years away from achieving nuclear weapons

While no country ever took credit for Stuxnet when it was first revealed,  there was evidence that Israel (and Queen Esther) was behind the computer worm—evidence of biblical proportions.
Computer scientists who analyzed the Stuxnet virus found an essential directory in the program that referred to the Biblical Queen Esther.

The first directory inside the virus is named “Myrtus.” The person/people who developed the virus may have been merely amateur horticulturists, using the word Myrtus because the myrtle plant is indigenous to — and prevalent in — various Mediterranean, Middle Eastern and North African areas.

But more likely it was a mind game for the modern day Persians, the rogue Iranian regime.

The Hebrew word for myrtle is Hadas which is the root of the name Hadassah. Hadassah was Queen Esther’s original name. According to the Purim story, Hadassah changed her name to Esther to hide her Jewish faith from the king before he picked her to be Queen. Given the constant Iranian threats against Israel, the use of Myrtus indicated a desire to send a message to Iran that couldn’t be proven, that there was Jewish or Israeli involvement in Stuxnet.

Remember Iran is the modern day Persia and the computer virus was meant to stop the destruction of millions of Jews in Israel, Myrtus was probably placed to remind Iran of the Purim story and make the paranoid Iranians even more nervous. Many security experts saw the reference to Myrtus as a signature allusion to Esther, and an apparent “flipping of the bird”  in what was a technological and psychological battle as Israel tried breach Tehran’s most heavily guarded project.

In 2010 when Stuxnet was in the news the  New York Times reported about the “Myrtus” issue, and one former intelligence official who worked on the Iran desk said:

The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed. Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.

The reference to Queen Esther is not the only Jewish connection to the Stuxnet virus. According to a paper on the computer worm by the software company Symantec, the program also refers to an Iranian Jewish leader who was executed by the Islamist regime.

“Export 16 [the program’s main installer] first checks that the configuration data is valid. After that,  it checks the value ‘NTVDM TRACE’ in the following registry key. If this value is equal to 1979050  the threat will exit” the paper continues. “This is thought to be an infection marker or a ‘do not in­fect’ marker. If this is set correctly infection will not occur. The value appears refer to the date  May 9, 1979[1979-05-09]. That is a significant date in Iranian Jewish history. On May 9, 1979, Iranian Jew Habib Elghanian was executed by a firing squad in Tehran sending shock waves through the tightly knit Jewish community. He was the first Jew and one of the first civilians to be executed by the new Islamist government.”

At first, there was no way to definitively prove whether the virus came from the US, Israel, or maybe some crazy hacker living in his mother’s basement, But in 2013  Edward Snowden told German news magazine, Der Spiegel, that the NSA and Israel co-wrote Stuxnet.

Eventually, it was leaked that it was the US/Israel cooperation in creating the Stuxnet program was put in motion by President Bush. Yes, liberals this time you can say it, Bush did it!

The New York Times reported that President Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran’s major enrichment center. And that evolved into Stuxnet.  They also reported that (to his credit )President Obama was first briefed on the program even before taking office. He liked the program and sped it up, according to officials familiar with the administration’s Iran strategy (sadly that was the last time Obama “stood up” to Iran’s nuke program).

The use of the word Myrtus should remind us that the virus slowing down Iran’s quest for nuclear weapons no matter what country it came from was replicating the events of the Purim Holiday Jews celebrate beginning next Wednesday night.  Stuxnet delayed the evil coming out of Persia, but a few years later Barack Obama created a deal that gave them free rein.

Queen Esther whose real name was referred to in the Stuxnet virus was doing the work of God, and so was whoever designed the Stuxnet computer worm.

 

Queen Esther Stuxnet