Wednesday, January 09, 2013

Iran Strikes Back

Last spring, the computer security company Kaspersky Lab announced its discovery of the Flame malware--an extremely sophisticated cyber weapon infecting computers in the Middle East but apparently directed specifically at Iran. Flame followed Duqu and its predecessor, an extraordinarily complex worm from 2010 called Stuxnet. The target? Industrial systems running control software designed by the German company Siemens--particularly those controlling centrifuges in Iranian nuclear processing plants.

The target of the Stuxnet malware alone strongly hinted that the U.S. government was behind the cyber attack (perhaps in cooperation with Israel), but last June David Sanger reported more definitively in the New York Times that Stuxnet was part of a U.S. program called Olympic Games designed to disrupt the Iranian nuclear weapons program. Sanger, noting that Iran had announced the creation of a cyber force within its military in 2011, added that "there has been scant evidence that it has begun to strike back."

Abundant evidence of retaliatory strikes is now at hand. The New York Times is reporting today that cyber security experts believe Iran is behind a series of denial of service attacks against U.S. banks over the past several weeks. Unlike previous distributed denial of service (DDoS) attacks, the recent efforts to crash bank websites have used clouds of networked computers rather than networks of individually infected computers forming a botnet. This has allowed for larger and more sophisticated DDoS attacks than in previous cases; it has also made tracing the attacks more difficult. The malware being employed is called "Itsoknoproblembro" and the technique of using cloud-based systems to attack websites has prompted cyber security experts to coin the term "bRobot" to refer to a compromised network.

A group called Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for the attacks, but the Times says that, according to U.S. intelligence officials, the group is a front for the Iranian government.

It is difficult to say what precisely qualifies as a cyberwar and, furthermore, would be very dubious to assert that this is the first one. Regardless, it seems clear that, at a minimum, the U.S. and Iran are now skirmishing in cyberspace.