Thursday, May 31, 2012

Flames over Iran

There are two obvious strategies available for the use of so called cyber war. The first is to infiltrate a hidden tool that actually causes direct damage, Stuxnet is possibly the best example of that and the damage caused was serious and similar to a direct hit with a real bomb. In the end, the target loses time and that is as good as it might get.

The second strategy is to fill the environment with live threats causing internal security to become a straitjacket. This is what the Flame appears to be doing. Now your computer is watching you and sending the data back to your enemies.

All this consumes scarce personnel and naturally interferes with other priorities. On top of that the publicity induces societal resources to be spent in hunting down these threats and their clones. There will be other ones out there right now that have yet to be identified.

In the meantime it is pretty clear that the USA and Israel and possibly others are fully engaged in an effort to change the government of Iran somewhat short of a full shooting war. However, it is also clear that the gloves are off and a major effort is under way. Expect more curious stories out of here.

Iran Threatens U.S. as New Cyber Super-Weapon Strikes

Posted by Ryan Mauro Bio ↓ on May 30th, 2012

Iran is threatening to attack U.S. bases in the region with its missiles if it is attacked, but the reality is that the regime is already under attack. The latest all-but-certain covert operation is the deployment of sophisticated malware that is being called “The Flame.” Its purpose appears to be the mass cultivation of intelligence and it is assessed to be 20 times more complex than Stuxnet, the original “cyber super-weapon” that ravaged Iran’s nuclear program.

The Flame has been discovered in seven Middle Eastern countries, though the number of infections found in Iran is more than the rest combined with 189 instances. There have been 98 infections detected in Israel and the Palestinian territories. Sudan was hit with 32 infections, a country whose regime is increasingly Islamist and friendly towards Hamas. There have been 30 infections found in Syria, 18 in Lebanon, 10 in Saudi Arabia and 5 in Egypt.

It is not believed at this time that the Flame targeted a specific industry or program like Stuxnet did. Instead, it is meant to act as the “the ultimate spy,” copying hard drive data, logging instant messages and other online communications, recording keystrokes, taking screenshots and even secretly turning on computer microphones to record nearby conversations. There is also the potential for sabotage because it can potentially delete information and change settings on computer systems, opening up doors for attack.

Some cyber experts think it was deployed in February or March 2010, while others think it has been active as far back as five years ago. It is unknown who authored the Flame, but suspicion immediately fell on Israel, possibly with U.S. assistance. Israeli Minister of Strategic Affairs encouraged such suspicion during an interview, saying, “Whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them.” He hinted at his country’s involvement, saying, “Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us.”

The latest known cyber attack on Iran happened in late April. Iran announced that its oil industry was being targeted by foreign hackers, specifically its Oil Ministry and its Kharg Island terminal where the majority of Iran’s oil is exported from. “Data related to some of the users have been compromised,” the Iranian regime said, though it denied that there was any serious damage.

In October 2011, “Duqu,” also called “Son of Stuxnet,” was found in Iran and it is believed to have been infecting computers since late 2010. The powerful weapon is similar to Flame in that it records keystrokes and could potentially hijack a computer and allow an outside country to operate it. Duqu, however, was not used for that purpose. It opened up back doors in systems for 36 days and then left. Symantec determined, “The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.” Amazingly, those behind Duqu continued to improve it, enabling future infections even though it was already discovered.

Meanwhile, the Iranian regime is reacting to the failure to reach an agreement over its nuclear program during the meetings in Iraq on May 23 with bravado and threats. A Revolutionary Guards website said it would fire missiles at all “enemy bases” in the region if the country is attacked.

This isn’t a new threat. Iran has long threatened to respond to any military strike against it, by Israel or the U.S., with missile and “martyrdom” attacks on American military bases. In December, a regime-controlled website wrote a detailed assessment of U.S. bases in the Middle East and how they could be struck with missiles. The article specifically mentioned bases in Turkey, Saudi Arabia, Qatar, Kuwait, Afghanistan, the United Arab Emirates, Oman, Pakistan, Kyrgyzstan and Bahrain, where the U.S. Fifth Fleet is stationed. The author argued that the base in Bahrain is an extremely vulnerable target because Iran’s anti-ship missiles can hit American vessels shortly after they leave the base.

On November 15, a Basiji commander said at a convention that Iran could use proxies to attack U.S. forces in Bahrain, Qatar and Kuwait. The bases “are entirely surrounded by holy fighters of the Islamic ummah who are counting the minutes in anticipation of the command to wipe out the U.S.”

The next month, a regime-tied website carried an article that said that Hezbollah has determined targets for retaliation in the event of an attack and would launch “martyrdom operations” in each of the 112 countries where U.S. forces are based. The author used anti-war sentiment in the U.S. as proof of America’s weakness. “America needs to know that while American youth shout the slogan, ‘Stop the War,’ for fear of dying, the children of Ruhollah [Khomeini] never flee from war and always pray, ‘Allah, give us martyrdom for your sake.’”

The European Union’s oil embargo becomes officially enacted on July 1. Iran can ill-afford further losses to its economy and has threatened Saudi Arabia and other Arab countries that are encouraging the embargo by increasing their oil output. On January 27, a member of Iran’s Assembly of Experts warned that Iran could intercept tankers departing Saudi Arabia and the United Arab Emirates for Europe.

The dispute with Iran is coming to a head. The West must hope for the success of the sanctions and covert operations like “The Flame.” Should they fail to halt Iran’s nuclear program, Israel will be left with the decision to strike or accept a nuclear-armed Iran. By all indications, Israel believes that final decision will have to be made this year.

No comments: