Print 14 comment(s) - last by MechanicalTech.. on Oct 17 at 7:01 PM

It appears Iran may have reverse engineered U.S.-made malware and turn it back on the U.S. and its ally

When it comes to cyberaggression against the U.S., the typical culprit is China.  But growing evidence suggests that a recent round of malware cyberattacks on the U.S. and its Middle Eastern ally Saudi Arabia may have been the work of Iran.  Further, the evidence hints that the Iranians may have cleverly turned malware that the U.S. used on it in cybersabotage attempts back on the attackers.

I. Def. Secretary Implies Iran is Behind New Malware Attacks

The attacks in question revolved around a piece of malware dubbed Shamoon or Disttrack by security researchers.  This particular malware -- which resembles the sophisticated Flame package the U.S. used to spy on Iran and, allegedly, to attack its oil industry -- hit the Saudi Arabian Oil Comp. (Aramco), the world's largest oil producer and privately held company.

Security consultants quoted by The New York Times acknowledge that there has been no formal announcement from Defense Secretary Leon E. Panetta that the attacks originated in Iran, but they say the evidence points to Tehran.  One unnamed consultant is quoted as saying, "What the Iranians want to do now is make it clear they can disrupt our economy, just as we are disrupting theirs. And they are quite serious about it."

In a recent speech Sec. Panetta did seem to implicate Iran in a roundabout way, stating, "Iran... [has] undertaken a concerted effort to use cyberspace to its advantage."

Leon Panetta
DoD Secretary Leon Panetta implied that Iran was behind the latest cyberattacks.
[Image Source: The New York Times]

James A. Lewis, a senior fellow at the Center for Strategic and International Studies, comments in an analysis post, "His speech laid the dots alongside each other without connecting them.  Iran has discovered a new way to harass much sooner than expected, and the United States is ill-prepared to deal with it."

In addition to causing maintenance headaches for Aramco, the malware attack also lashed out at top U.S. financial institutions, creating difficulties -- in some cases -- for customers accessing accounts.  Experts say this is possibly the first time Iran has used malware against its foes; Iran's past cyberwar efforts have focused on crude brute-force methods, such as distributed denial of service (DDoS) strikes.

II. Iran -- More Feisty Than Expected

The attacks show that Iran is proving a more savvy foe technologically than the U.S. anticipated.  Much like Iran's clever spoofing effort to down a U.S. spy drone in early Dec. 2011, the new attacks show Iran's so-called Passive Defense Organization (PDO) indeed acting in a reactionary manner as its name implies.

In both cases, the U.S. appears to have initiated the first strike, but Iran proved savvy enough to offer a substantial response.  That's a big victory for Gholamreza Jalali, a veteran of Iran's Revolutionary Guard, who now leads Irans PDO, who vowed to "to fight [Iran's] enemies" in "cyberspace and Internet warfare".

Gibson Neuromancer
Iran has vowed to defend itself against U.S. cyberagression.
[Image Source: Interplay (cover art for Neuromancer game)]

For the U.S. it represents the entrance into a shadowy and uncertain world in which the playing field is somewhat leveled between the strong and the weak in terms of traditional military.  Long outlined by science fiction visionaries like William Gibson, this war is quite different from conventional warfare in that its most powerful weapons may be used without the general public ever knowing.

III. U.S. Sees Its Own Weapons Turned Against it

U.S. Department of Defense officials reportedly disagreed recently on whether we should announced our cyber-weapons as a deterrent, similar to how America flaunts its nuclear arsenal.  However, the prevailing sentiment is that cyberweapons are best kept secret, as there's no tactical gain to mentioning them.  Comments one defense official speaking to The NYT, "The countries who need to know we have [cyber-weapons] already know."

Sec. Panetta in his comments suggests that the U.S. needs to up its counter-offensive capabilities in cyberspace to protect itself and its allies.  He opines, "We won’t succeed in preventing a cyber attack through improved defenses alone.  If we detect an imminent threat of attack that will cause significant, physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us to defend this nation when directed by the president. For these kinds of scenarios, the department has developed that capability to conduct effective operations to counter threats to our national interests in cyberspace."

Some have said that increased cooperating between the government and private sector firms (e.g. in this case, the bank industry) in order to protect the market.  But such efforts bring thorny issues of privacy and market meddling.

The idea of pre-emptive cyberstrikes is also controversial.  That appears to be what the U.S. did against Iran, and it's now apparent that there may have been some reprecussions, when the foe proved less weak and susceptible than expected.  The U.S. did set back Tehran's economy and nuclear ambitions.  But now, as they say, the worm has turned, and it's seeing its own weapons reverse-engineered and turned back at it and its allies.

Computer worm
The U.S. has seen its own cyber-weapons turned against it. [Image Source: TechTear]
Of course such a phenomena isn't unique to the cyber realm, it's important to remember -- after all the U.S. funneled conventional weapons to Saddam Hussein and the Taliban only to see the weapons later turned against it in the hands of terrorists, insurgents, and hostile regimes.

Sources: The New York Times, Foreign Policy [blog]

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Is it 1984 yet?
By croc on 10/16/2012 8:40:25 AM , Rating: 3
Ignorance is Strength! (check)
War is Peace! (check)
Freedom is Slavery! (double-check)

Sleep tight, all.... Big Brother is keeping you safe tonight.

RE: Is it 1984 yet?
By Ristogod on 10/16/2012 9:13:01 AM , Rating: 2
Yes, don't fret. We should be thankful the Ministry of Truth has enlightened us with this valuable newspeak.

RE: Is it 1984 yet?
By Motoman on 10/16/2012 12:16:13 PM , Rating: 2
Forget Big Brother. Little Sister is who you should be scared of.

RE: Is it 1984 yet?
By Samus on 10/17/2012 2:11:47 AM , Rating: 3
Iran is a joke and could hack through a tree branch with a hatchet.

Their nuclear program is based on a 40+ year old russian design, they have no uranium, nobody will sell them uranium, they didn't hack into our UAV but they did a great job taping it back together after it crashed into the ground. I love how they put these pro-elegant twists on everything to make it out in their favor.

UAV crashed, let's say WE HACKED IT

USA got hacked into, let's say WE DID IT

World thinks we got advanced nuclear program, LET'S AGREE AND MAKE THEM SCARED.

The current regieme is a joke. I have Iranian friends who fled in the 70's when their government collapsed and they know more than anybody that the current regieme is a joke.

Keep an eye on them, that's all thats neccessary. War, fear, neurological sparks, all completely unneccessary.

deja vu?
By tamalero on 10/16/2012 10:37:21 AM , Rating: 2
Dont know guys; but getting huge&big Iraq deja vus.
Its the whole "omg.. he's the baddest bad dude ever... look at X evidence!" media brainwash before the real war...
just like what happened with Iraq before.

RE: deja vu?
By geddarkstorm on 10/16/2012 12:15:17 PM , Rating: 2
Only with Iraq, the guy was insane and had used chemical WMD to genocide his own people, and had already attempted to invade a peaceful neighbor nation for its resources (as well as warred against Iran more than once).

With Iran, this attempt to paint them as the BIG BAD is a lot sketchier, so the public isn't buying it. Not that Iran's leaders aren't crazy, or haven't done terrible things, but all pedestrian compared to Saddam Hussein.

RE: deja vu?
By theapparition on 10/17/2012 11:20:13 AM , Rating: 2
That insane guy also held the region together. Without him, we see how every little faction is coming out of the woodwork to be the next control freak.

RE: deja vu?
By MechanicalTechie on 10/17/2012 7:01:38 PM , Rating: 3
Imagine how stupid a country must of been to give him those chemical weapons in the first place... Hmmm now which short sighted, warmongering country would that be?? Would it be the same that trained and armed the taliban?

First paragraph correction
By Tunrip on 10/16/2012 5:01:34 AM , Rating: 2
Hello, the opening paragraph says, "It appears China may have reverse engineered U.S.-made malware and turn it back on the U.S. and its ally" - I think this should have been Iran rather than China?

And kudos for the pic from Neuromancer the game... One of my favourite ever games :D

By inperfectdarkness on 10/16/2012 5:04:53 AM , Rating: 2
1. False-Flag operations are the hallmark of any sophisticated cyberwarfare

2. If we believe it is Iran, then there exists the possibility that it is not Iran, just someone (likely China) planting the flag on Iran, as they make a convincing, convenient guilty-party.

3. By publicly naming Iran, it could be that we are intentionally "taking the bait" from someone who wants us to believe that Iran was responsible--and we're attempting to keep up appearances in order not to divulge the true depth of our cyber capabilities.

4. Good luck finding them....they're behind 5 proxies.

By unplug on 10/16/2012 11:22:30 AM , Rating: 2
Miss Johnson! ...Iran is throwing worms at us again.

Stop throwing worms Iran!

By integr8d on 10/16/2012 2:43:22 PM , Rating: 2
"If we detect an imminent threat of attack... we need to have the option to take action against those who would attack us..."

How can they possibly detect an imminent threat, before some guy presses the Enter key? My understanding is that an electronic attack is either [launched] or [not launched]. There is no opening of the missile tubes or 'fueling the birds'... IMO, this whole preemptive warfare concept is nothing more than justification for attacking anyone, anywhere and for any reason.

"Some have said that increased cooperating between the government and private sector firms (e.g. in this case, the bank industry) in order to protect the market."

I can't imagine a perfect a more perfect example of inbred cousins than government and banking.


Picture caption
By FITCamaro on 10/16/2012 7:35:13 AM , Rating: 1
What you expect me to know what I'm doing? Fugetta bout it.


Hey Obama
By Ammohunt on 10/16/2012 10:56:46 AM , Rating: 1
Transparency is not telling the world about all of our secret operations; let them guess and speculate behind closed doors. This administration is so amateurish; i can't wait to get adults back in the white house.

"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki