Date: April 18, 2005
Abstract: The U.S. military has assembled the world's most formidable hacker posse: a super-secret, multimillion-dollar weapons program that may be ready to launch bloodless cyberwar against enemy networks -- from electric grids to telephone nets.
The group's existence was revealed during a U.S. Senate Armed Services Committee hearing last month. Military leaders from U.S. Strategic Command, or Stratcom, disclosed the existence of a unit called the Joint Functional Component Command for Network Warfare, or JFCCNW.
In simple terms and sans any military jargon, the unit could best be described as the world's most formidable hacker posse. Ever.
The JFCCNW is charged with defending all Department of Defense networks. The unit is also responsible for the highly classified, evolving mission of Computer Network Attack, or as some military personnel refer to it, CNA.
But aside from that, little else is known. One expert on cyber warfare said considering the unit is a "joint command," it is most likely made up of personnel from the CIA, National Security Agency, FBI, the four military branches, a smattering of civilians and even military representatives from allied nations.
"They are a difficult nut to crack," said Dan Verton, a former U.S. Marine intelligence officer. "They're very reluctant to talk about operations." Verton is author of the book Black Ice, which investigates the threats cyber terrorism and vandalism could have on military and financial networks.
Verton said the Defense Department talks often about the millions it spends on defending its networks, which were targeted last year nearly 75,000 times with intrusion attempts. But the department has never admitted to launching a cyber attack -- frying a network or sabotaging radar -- against an enemy, he said.
Verton said the unit's capabilities are highly classified, but he believes they can destroy networks and penetrate enemy computers to steal or manipulate data. He said they may also be able to set loose a worm to take down command-and-control systems so the enemy is unable to communicate and direct ground forces, or fire surface-to-air missiles, for example.
Some of the U.S. military's most significant unified commands, such as Stratcom, are undergoing a considerable reorganization. Stratcom, based at the massive Offutt Air Force base in eastern Nebraska and responsible for much of the nation's nuclear arsenal, has been ordered by the Defense Department to take over the JFCCNW.
To better understand the secret program, several questions about the unit were submitted to Stratcom.
Capt. Damien Pickart, a Stratcom spokesman, issued a short statement in response: "The DOD is capable of mounting offensive CNA. For security and classification reasons, we cannot discuss any specifics. However, given the increasing dependence on computer networks, any offensive or defensive computer capability is highly desirable."
Nevertheless, Verton says military personnel have told him numerous "black programs" involving CNA capabilities are ongoing, while new polices and rules of engagement are now on the books.
The ground was prepared in the summer of 2002, when President Bush signed National Security Presidential Directive 16, which ordered the government to prepare national-level guidance on U.S. policies for launching cyber attacks against enemies.
"I've got to tell you we spend more time on the computer network attack business than we do on computer network defense because so many people at very high levels are interested," said former CNA commander, Air Force Maj. Gen. John Bradley, during a speech at a 2002 Association of Old Crows conference. The group is the leading think tank on information and electronic warfare (Wired, 2005).
Title: Israeli Cyber Unit Responsible For Iran Computer Worm
Date: September 30, 2010
Source: The Telegraph
Abstract: An elite Israeli military unit responsible for cyberwarfare has been accused of creating a virus that has crippled Iran's computer systems and stopped work at its newest nuclear power station.
Computer experts have discovered a biblical reference embedded in the code of the computer worm that has pointed to Israel as the origin of the cyber attack.
The code contains the word "myrtus", which is the Latin biological term for the myrtle tree. The Hebrew word for myrtle, Hadassah, was the birth name of Esther, the Jewish queen of Persia.
In the Bible, The Book of Esther tells how the queen pre-empted an attack on the country's Jewish population and then persuaded her husband to launch an attack before being attacked themselves.
Israel has threatened to launch a pre-emptive attack on Iran's facilities to ensure that the Islamic state does not gain the ability to threaten its existence.
Ralf Langner, a German researcher, claims that Unit 8200, the signals intelligence arm of the Israeli defence forces, perpetrated the computer virus attack by infiltrating the software into the Bushehr nuclear power station.
Mr Langer said: "If you read the Bible you can make a guess."
Computer experts have spent months tracing the origin of the Stuxnet worm, a sophisticated piece of malicious software, or malware, that has infected industrial operating systems made by the German firm Siemens across the globe.
Programmers following Stuxnet believe it was most likely introduced to Iran on a memory stick, possibly by one of the Russian firms helping to build Bushehr. The same firm has projects in Asia, including India and Indonesia which were also attacked. Iran is thought to have suffered 60 per cent of the attacks.
Mr Langner said: "It would be an absolute no-brainer to leave an infected USB stick near one of these guys and there would be more than a 50 per cent chance of him pick it up and infect his computer."
Cyber security experts said that Israel was the most likely perpetrator of the attack and had been targeting Iran but that it had not acknowledged a role to its allies.
"Nobody is willing to accept responsibility for this particular piece of malicious software which is a curious, complex and powerful weapon," said one Whitehall expert.
The Iranian authorities acknowledged the worm had struck Bushehr and a statement conceded that the plant would come into operation in January, two months later than planned.
Elizabeth Katina, a researcher at the Royal United Services Institute, said the possibility of a copycat attack on British or American electricity networks or water supplies had been elevated by the release of Stuxnet.
"Critical national infrastructure is at greater risk because this shows groups on the outside of governments how to do it," she said. "It's more likely now that the northeast of England power grid can be shut down until someone decides to start it up again" (The Telegraph, 2011).
Title: With Stuxnet, Did The U.S. And Israel Create A New Cyberwar Era?
Date: January 16, 2011
Abstract: Remember the years-long controversy about whether the U.S. or the Israel would bomb Iran’s nuclear program? It appears they just did — virtually. And if they did, they also may have expanded our sense of how nations wage war in cyberspace.
For all the hype, “cyberwar” has been a bush-league affair so far. Websites get defaced or taken offline, or an adversary’s software gets logic-bombed into a malfunctioning mess. Analysts warn that future assaults could fry an electrical grid (if it’s networked too well) or cause a military to lose contact with a piece of its remotely-controlled hardware. But that’s about the extent of the damage. Only the Stuxnet worm may point to a huge innovation for cyberwar: the mass disablement of an enemy’s most important strategic programs.
Stuxnet’s origin is unknown. Attributing credit for Stuxnet is rightly the subject of geopolitical intrigue. As our sister blog Threat Level has exhaustively reported, the worm eats away at a very specific kind of industrial control system: a configuration of the Siemens-manufactured Supervisory Control and Data Acquisition (SCADA) system that commands the centrifuges enriching uranium for Iran’s nuclear program, the key step for an Iranian bomb. But the Stuxnet whodunit may be solved: it appears to be a joint U.S.-Israeli collaboration — and a cyberwarfare milestone.
The New York Times doesn’t have definitive proof, but it has fascinating circumstantial evidence, and Threat Level’s Kim Zetter will publish more on Tuesday. In 2008, Siemens informed a major Energy Department laboratory of the weaknesses in its SCADA systems. Around that time, the heart of Israel’s nuclear-weapons complex, Dimona, began experimenting on an industrial-sabotage protocol based on a model of the Iranian enrichment program. The Obama administration embraced an initiative begun by the Bush administration to “bore into [Iranian] computers” and disable the nuclear effort. Motive, meet opportunity. By late 2009, Stuxnet was popping up globally, including in Iran.
Iran denies that Stuxnet did any major damage to its nuclear program. But last week, the outgoing chief of Israel’s Mossad spy agency publicly asserted that Iran wouldn’t be capable of making a bomb before 2015, adding four years to a fearsome nuclear schedule. It’s possible that’s just ass-covering spin: for years, both Israel and the U.S. have repeatedly pushed back their estimates of when Iran would go nuclear. But both countries also have long track records of covertly sabotaging Iranian nuke efforts, whether it’s getting scientists to defect or… other means. (Some scientists are getting killed in the streets by unknown assailants.) Stuxnet would be a new achievement for a long-running mission.
And what an achievement. The early stages of cyberwar have looked like a component effort in a broader campaign, as when Georgia’s government websites mysteriously went offline during its 2008 shooting war with Russia. The Navy’s information chief recently suggested that jamming capabilities will be increasingly important to Chinese military doctrine. The difference between that and Stuxnet is the difference between keying someone’s car and blowing up her city.
With Stuxnet, there’s no broader conventional assault, but an adversary’s most important military asset gets compromised. The mission of an aerial bombardment of Iran would be to set Iran’s nuclear program back; to at least some degree, Stuxnet has done precisely that. Only Stuxnet didn’t kill anyone, and it didn’t set off the destabilizing effect in the region that a bombing campaign was likely to reap.
In other words, Stuxnet may represent the so-called “high end” of cyberwarfare: a stealthy, stand-alone capability to knock an opponent’s Queen off the board before more traditional military hostilities can kick in. It wouldn’t be taking out a particular ship’s radar system or even a command-and-control satellite. All of that could still happen. But this would be the first instance of cyberwarfare aimed at a truly strategic target.
That’s not to say we’re there yet, since we don’t really know how many years of a non-nuclear Iran Stuxnet provided. But it is to say that we may be getting there. North Korea’s uranium enrichment efforts have similar industrial control mechanisms, and if Stuxnet couldn’t take them down, a son-of-Stuxnet might. And just consider what kinds of other major cyberwar programs are out there — the ones really hidden in secrecy, not like the winks-and-nods that U.S. and Israeli officials have given to their possible authorship of Stuxnet.
All this has major implications for U.S. military doctrine. There isn’t any for cyberwarfare, for instance. The new U.S. Cyber Command describes its primary mission as protecting military networks from incoming assault, and says very little about what its offensive mission might be. Writing malicious code and transmitting it into enemy networks, up to and including nuclear controls, even in advance of conventional hostilities, could be CYBERCOM’s next big step. It would represent an update to the old Air Force dream of strategic bombing (.pdf), in which bombing an enemy’s critical infrastructure compels him to give up the fight.
That also points to the downside. Just as strategic bombing doesn’t have a good track record of success, Stuxnet hasn’t taken down the Iranian nuclear program. Doctrine-writers may be tempted to view cyberwar as an alternative to a shooting war, but the evidence to date doesn’t suggest anything of the sort. Stuxnet just indicates that high-level cyberwarfare really is possible; it doesn’t indicate that it’s sufficient for achieving national objectives.
The Times has an irresistible quote from Ralph Langner, a German expert who decoded Stuxnet. Langner wrote that “Stuxnet is not about sending a message or proving a concept. It is about destroying its targets with utmost determination in military style.” Maybe so. But that certainly does send a message. And if it doesn’t exactly prove a concept, it points a way forward to just how powerful cyberwarfare can become (Wired, 2011).
Title: Israel Government Unveils Counter-Cyberterrorism Unit
Date: April 3, 2011
Abstract: Israeli officials have said they are set to implement a new strategy aimed at foiling the growing wave of cyberterrorism and cybertheft attacks perpetrated against its government ministries, military agencies, and major banking and commercial entities.
Israel averages about 350 on-line hacking attacks per second every day, according to Assaf Keren, the former project director for Israel's e-Gov portal. The portal offers a wealth of services for the public at large, and is, among other major sites like the Bank of Israel, considered a prime hacker magnet by Israel's political foes and criminal elements.
Hackers took down the site for two days in early 2008. While bank officials said the hackers "inserted propaganda material in Arabic," but they were unable to access financial data and information, which is stored on a separate system.
While the Mossad, Israel Security Agency (Shin Bet), military and other entities have their own departments dealing with on-line warfare, and last week Israeli Prime Minister Benjamin Netanyahu averred that Israel was preparing a top-level response to such attacks.
Leading the digital charge is Major General Isaac Ben-Israel, who headed up the Defense Ministry's Administration for the Development of Weapons and Technological Infrastructure, local daily Ha'aretz daily reported on Sunday.
Late last year, Ben-Israel and senior Israeli and international security experts gathered at an Israeli think tank to share know- how about battling cyber-crime, cyber-terrorism and cyber-warfare. Talks at the International Institute for Counter-Terrorism (ICT) at the Herzliya-based Interdisciplinary Center (IDC) focused on efforts to slay, or at least rein in the multi-headed digital hydra.
Many of the experts at the program said again and again that substantially raising basic governmental, public and private awareness of the need to defend against on-line threats, from simple measures like not opening unknown email attachments, all the way up to tightly guarding national infrastructure, was crucial (Xinhua, 2011).
Date: August 11, 2011
Source: Press TV
Abstract: Iran's Minister of Communications and Information Technology Reza Taqipour says Israel ranks first in planning cyber terrorism against other nations in the globe.
Taqipour told reporters on Wednesday that the Israeli regime ranks at the top of governments that sponsor various forms of state terrorism, including cyber terror, Mehr news agency reported.
He said that the Tel Aviv regime was the symbol of state terrorism, adding that the regime takes the lead in spreading malwares across cyber space.
He added, however, that Iran has taken appropriate counter measures, including the establishment of a cyber command, to control and foil cyber attacks targeting the country.
The minister's comments came in response to reports that Israeli military is plotting to wage a major cyber war against Iran by setting up a military cyber command.
The new cyber command, which has been designated as central to 'defense capability' of the Israeli regime, would directly report to Israeli Prime Minister Benjamin Netanyahu.
The new command center, supported by the military, has already conducted a series of "soft" espionage missions, including hacking into Iran's version of Facebook and other social networking sites, the report says.
A source with close knowledge of the cyber war preparations said that Israel has two principal targets in Iran's cyberspace, which are stopping Tehran's nuclear program and its civil infrastructure.
Iran says it fully monitors cyberspace in order to counter soft warfare against the country (Press TV, 2011).
Date: October 19, 2011
Source: Fox News
Abstract: If the Stuxnet virus was the atom bomb of cyberwarfare, then the discovery this week of the "Duqu" virus is the hydrogen bomb, security experts are warning.
It is the second major weaponized virus to turn computers into lethal weapons with devastating destructive power.
The new program, discovered by Symantec on Tuesday with the help of an unnamed research lab, uses much of the same code as the 2010 Stuxnet virus did. But instead of destroying the systems it infects, Duqu secretly penetrates them and, according to some experts, creates “back door” vulnerabilities that can be exploited to destroy the networks at any time its creators may choose.
The original Stuxnet malware was the culmination of a vast technical and espionage effort that had only one target in mind: the Iranian nuclear program. And is widely believed to be the work of the United States and Israel. Experts who looked at the program were amazed at its ability to penetrate Iran’s secure, highly protected security system and destroy it without being detected.
Its success set back the Iranian nuclear program for years.