Brian4Liberty
10-26-2012, 01:26 PM
Panetta pounding the war drums...
Citing no hard evidence, U.S. government officials have been stoking fears that the Iranians are out to get us.
Make a Comment | Mathew J. Schwartz | October 26, 2012
Just in time for Halloween, there's a new bogeyman in town: the Iranian government-sponsored cyber attacker. As with other phantasms, related sightings are growing more numerous, though they remain unsubstantiated by hard evidence.
...
Cue Iran as the culprit again for the Shamoon malware attack against the network of Saudi Aramco, which is the world's largest exporter of crude oil. Defense Secretary Leon Panetta said earlier this month that the attacks against Saudi Aramco managed to "virtually destroy" 30,000 PCs. An internal Saudi Aramco investigation more recently revised that estimate to 50,000 PCs. According to an August blog post by Eugene Mayevski, CTO of security firm EldoS, Shamoon also included a copy of the company's commercial master boot record wiper, RawDisk, which he guessed had been stolen from one of the company's customers.
Many observers read Panetta's speech as a thinly veiled threat against Iran, made as a nuclear standoff with Iran becomes more likely. The U.S. government is also reportedly developing contingency plans for a strike against Iran -- not of the cyber variety -- as the country improves its uranium-enrichment capabilities.
...
But the case against Iran may not even be that, as digital forensic investigators this week also confirmed earlier reports that -- counter to U.S. government officials' assertions -- Shamoon was an amateurish, copycat Flame attack, carried out by a single individual. Thanks to the individual having incorrectly configured the malware, it not only did less damage than intended, but it helped investigators trace the infection back to a USB stick that had been plugged into the employee's PC while he was logged in. Saudi authorities, according to news reports, have arrested a suspect.
Panetta continued to insist this week that the Shamoon malware had been "a very sophisticated tool." To be charitable, that may have been true five years ago, but the state of the art in malware has rapidly advanced since then.
What's fueling those rapid advances? Start with Stuxnet, Duqu, Flame, MiniFlame, or any other government forays into cyber weapons. "This is where I get nervous: Oh, great, a massive training ground for criminals and other groups -- here's how you build a massive command-and-control center for criminal attacks," said Eric Byres, CTO of Belden's Tofino Security, in a recent phone interview.
In other words, tomorrow's crimeware update will likely incorporate tricks developed by our own country's cyber weapons program. Like so many Frankenstein monsters, what comes for us in the digital dead of night bears a startling resemblance to something of our own making.
https://www.informationweek.com/security/attacks/frankenstory-attack-of-the-iranian-cyber/240009731
Citing no hard evidence, U.S. government officials have been stoking fears that the Iranians are out to get us.
Make a Comment | Mathew J. Schwartz | October 26, 2012
Just in time for Halloween, there's a new bogeyman in town: the Iranian government-sponsored cyber attacker. As with other phantasms, related sightings are growing more numerous, though they remain unsubstantiated by hard evidence.
...
Cue Iran as the culprit again for the Shamoon malware attack against the network of Saudi Aramco, which is the world's largest exporter of crude oil. Defense Secretary Leon Panetta said earlier this month that the attacks against Saudi Aramco managed to "virtually destroy" 30,000 PCs. An internal Saudi Aramco investigation more recently revised that estimate to 50,000 PCs. According to an August blog post by Eugene Mayevski, CTO of security firm EldoS, Shamoon also included a copy of the company's commercial master boot record wiper, RawDisk, which he guessed had been stolen from one of the company's customers.
Many observers read Panetta's speech as a thinly veiled threat against Iran, made as a nuclear standoff with Iran becomes more likely. The U.S. government is also reportedly developing contingency plans for a strike against Iran -- not of the cyber variety -- as the country improves its uranium-enrichment capabilities.
...
But the case against Iran may not even be that, as digital forensic investigators this week also confirmed earlier reports that -- counter to U.S. government officials' assertions -- Shamoon was an amateurish, copycat Flame attack, carried out by a single individual. Thanks to the individual having incorrectly configured the malware, it not only did less damage than intended, but it helped investigators trace the infection back to a USB stick that had been plugged into the employee's PC while he was logged in. Saudi authorities, according to news reports, have arrested a suspect.
Panetta continued to insist this week that the Shamoon malware had been "a very sophisticated tool." To be charitable, that may have been true five years ago, but the state of the art in malware has rapidly advanced since then.
What's fueling those rapid advances? Start with Stuxnet, Duqu, Flame, MiniFlame, or any other government forays into cyber weapons. "This is where I get nervous: Oh, great, a massive training ground for criminals and other groups -- here's how you build a massive command-and-control center for criminal attacks," said Eric Byres, CTO of Belden's Tofino Security, in a recent phone interview.
In other words, tomorrow's crimeware update will likely incorporate tricks developed by our own country's cyber weapons program. Like so many Frankenstein monsters, what comes for us in the digital dead of night bears a startling resemblance to something of our own making.
https://www.informationweek.com/security/attacks/frankenstory-attack-of-the-iranian-cyber/240009731