Date: September 30, 2010
Source: The Telegraph
Abstract: An elite Israeli military unit responsible for cyberwarfare has been accused of creating a virus that has crippled Iran's computer systems and stopped work at its newest nuclear power station.
Computer experts have discovered a biblical reference embedded in the code of the computer worm that has pointed to Israel as the origin of the cyber attack.
The code contains the word "myrtus", which is the Latin biological term for the myrtle tree. The Hebrew word for myrtle, Hadassah, was the birth name of Esther, the Jewish queen of Persia.
In the Bible, The Book of Esther tells how the queen pre-empted an attack on the country's Jewish population and then persuaded her husband to launch an attack before being attacked themselves.
Israel has threatened to launch a pre-emptive attack on Iran's facilities to ensure that the Islamic state does not gain the ability to threaten its existence.
Ralf Langner, a German researcher, claims that Unit 8200, the signals
intelligence arm of the Israeli defence forces, perpetrated the computer
virus attack by infiltrating the software into the Bushehr nuclear power
Mr Langer said: "If you read the Bible you can make a guess."
Computer experts have spent months tracing the origin of the Stuxnet worm, a sophisticated piece of malicious software, or malware, that has infected industrial operating systems made by the German firm Siemens across the globe.
Programmers following Stuxnet believe it was most likely introduced to Iran on a memory stick, possibly by one of the Russian firms helping to build Bushehr. The same firm has projects in Asia, including India and Indonesia which were also attacked. Iran is thought to have suffered 60 per cent of the attacks.
Mr Langner said: "It would be an absolute no-brainer to leave an infected USB stick near one of these guys and there would be more than a 50 per cent chance of him pick it up and infect his computer."
Cyber security experts said that Israel was the most likely perpetrator of the attack and had been targeting Iran but that it had not acknowledged a role to its allies.
"Nobody is willing to accept responsibility for this particular piece of malicious software which is a curious, complex and powerful weapon," said one Whitehall expert.
The Iranian authorities acknowledged the worm had struck Bushehr and a statement conceded that the plant would come into operation in January, two months later than planned.
Elizabeth Katina, a researcher at the Royal United Services Institute, said the possibility of a copycat attack on British or American electricity networks or water supplies had been elevated by the release of Stuxnet.
"Critical national infrastructure is at greater risk because this shows
groups on the outside of governments how to do it," she said. "It's
more likely now that the northeast of England power grid can be shut down
until someone decides to start it up again" (The Telegraph, 2011).
Title: With Stuxnet, Did The U.S. And Israel Create A New Cyberwar Era?
Date: January 16, 2011
Abstract: Remember the years-long controversy about whether the U.S. or the Israel would bomb Iran’s nuclear program? It appears they just did — virtually. And if they did, they also may have expanded our sense of how nations wage war in cyberspace.
For all the hype, “cyberwar” has been a bush-league affair so far. Websites get defaced or taken offline, or an adversary’s software gets logic-bombed into a malfunctioning mess. Analysts warn that future assaults could fry an electrical grid (if it’s networked too well) or cause a military to lose contact with a piece of its remotely-controlled hardware. But that’s about the extent of the damage. Only the Stuxnet worm may point to a huge innovation for cyberwar: the mass disablement of an enemy’s most important strategic programs.Stuxnet’s origin is unknown. Attributing credit for Stuxnet is rightly the subject of geopolitical intrigue. As our sister blog Threat Level has exhaustively reported, the worm eats away at a very specific kind of industrial control system: a configuration of the Siemens-manufactured Supervisory Control and Data Acquisition (SCADA) system that commands the centrifuges enriching uranium for Iran’s nuclear program, the key step for an Iranian bomb. But the Stuxnet whodunit may be solved: it appears to be a joint U.S.-Israeli collaboration — and a cyberwarfare milestone.
The New York Times doesn’t have definitive proof, but it has fascinating circumstantial evidence, and Threat Level’s Kim Zetter will publish more on Tuesday. In 2008, Siemens informed a major Energy Department laboratory of the weaknesses in its SCADA systems. Around that time, the heart of Israel’s nuclear-weapons complex, Dimona, began experimenting on an industrial-sabotage protocol based on a model of the Iranian enrichment program. The Obama administration embraced an initiative begun by the Bush administration to “bore into [Iranian] computers” and disable the nuclear effort. Motive, meet opportunity. By late 2009, Stuxnet was popping up globally, including in Iran.
Iran denies that Stuxnet did any major damage to its nuclear program. But last week, the outgoing chief of Israel’s Mossad spy agency publicly asserted that Iran wouldn’t be capable of making a bomb before 2015, adding four years to a fearsome nuclear schedule. It’s possible that’s just ass-covering spin: for years, both Israel and the U.S. have repeatedly pushed back their estimates of when Iran would go nuclear. But both countries also have long track records of covertly sabotaging Iranian nuke efforts, whether it’s getting scientists to defect or… other means. (Some scientists are getting killed in the streets by unknown assailants.) Stuxnet would be a new achievement for a long-running mission.
And what an achievement. The early stages of cyberwar have looked like a component effort in a broader campaign, as when Georgia’s government websites mysteriously went offline during its 2008 shooting war with Russia. The Navy’s information chief recently suggested that jamming capabilities will be increasingly important to Chinese military doctrine. The difference between that and Stuxnet is the difference between keying someone’s car and blowing up her city.
With Stuxnet, there’s no broader conventional assault, but an
adversary’s most important military asset gets compromised. The mission
of an aerial bombardment of Iran would be to set Iran’s nuclear program
back; to at least some degree, Stuxnet has done precisely that. Only
Stuxnet didn’t kill anyone, and it didn’t set off the destabilizing
effect in the region that a bombing campaign was likely to reap.
In other words, Stuxnet may represent the so-called “high end” of cyberwarfare: a stealthy, stand-alone capability to knock an opponent’s Queen off the board before more traditional military hostilities can kick in. It wouldn’t be taking out a particular ship’s radar system or even a command-and-control satellite. All of that could still happen. But this would be the first instance of cyberwarfare aimed at a truly strategic target.
That’s not to say we’re there yet, since we don’t really know how many years of a non-nuclear Iran Stuxnet provided. But it is to say that we may be getting there. North Korea’s uranium enrichment efforts have similar industrial control mechanisms, and if Stuxnet couldn’t take them down, a son-of-Stuxnet might. And just consider what kinds of other major cyberwar programs are out there — the ones really hidden in secrecy, not like the winks-and-nods that U.S. and Israeli officials have given to their possible authorship of Stuxnet.
All this has major implications for U.S. military doctrine. There isn’t any for cyberwarfare, for instance. The new U.S. Cyber Command describes its primary mission as protecting military networks from incoming assault, and says very little about what its offensive mission might be. Writing malicious code and transmitting it into enemy networks, up to and including nuclear controls, even in advance of conventional hostilities, could be CYBERCOM’s next big step. It would represent an update to the old Air Force dream of strategic bombing (.pdf), in which bombing an enemy’s critical infrastructure compels him to give up the fight.
That also points to the downside. Just as strategic bombing doesn’t have a good track record of success, Stuxnet hasn’t taken down the Iranian nuclear program. Doctrine-writers may be tempted to view cyberwar as an alternative to a shooting war, but the evidence to date doesn’t suggest anything of the sort. Stuxnet just indicates that high-level cyberwarfare really is possible; it doesn’t indicate that it’s sufficient for achieving national objectives.
The Times has an irresistible quote from Ralph Langner, a
German expert who decoded Stuxnet. Langner wrote that “Stuxnet is not
about sending a message or proving a concept. It is about destroying its
targets with utmost determination in military style.” Maybe so. But
that certainly does send a message. And if it doesn’t exactly prove a
concept, it points a way forward to just how powerful cyberwarfare can
become (Wired, 2011).
Title: Israel Government Unveils Counter-Cyberterrorism Unit
Date: April 3, 2011
Abstract: Israeli officials have said they are set to implement a new strategy aimed at foiling the growing wave of cyberterrorism and cybertheft attacks perpetrated against its government ministries, military agencies, and major banking and commercial entities.
Israel averages about 350 on-line hacking attacks per second every day, according to Assaf Keren, the former project director for Israel's e-Gov portal. The portal offers a wealth of services for the public at large, and is, among other major sites like the Bank of Israel, considered a prime hacker magnet by Israel's political foes and criminal elements.Hackers took down the site for two days in early 2008. While bank officials said the hackers "inserted propaganda material in Arabic," but they were unable to access financial data and information, which is stored on a separate system.
While the Mossad, Israel Security Agency (Shin Bet), military and other entities have their own departments dealing with on-line warfare, and last week Israeli Prime Minister Benjamin Netanyahu averred that Israel was preparing a top-level response to such attacks.
Leading the digital charge is Major General Isaac Ben-Israel, who headed up the Defense Ministry's Administration for the Development of Weapons and Technological Infrastructure, local daily Ha'aretz daily reported on Sunday.
Late last year, Ben-Israel and senior Israeli and international security experts gathered at an Israeli think tank to share know- how about battling cyber-crime, cyber-terrorism and cyber-warfare. Talks at the International Institute for Counter-Terrorism (ICT) at the Herzliya-based Interdisciplinary Center (IDC) focused on efforts to slay, or at least rein in the multi-headed digital hydra.
Many of the experts at the program said again and again that
substantially raising basic governmental, public and private awareness
of the need to defend against on-line threats, from simple measures like
not opening unknown email attachments, all the way up to tightly
guarding national infrastructure, was crucial (Xinhua, 2011).
Date: August 11, 2011
Source: Press TV
Abstract: Iran's Minister of Communications and Information Technology Reza Taqipour says Israel ranks first in planning cyber terrorism against other nations in the globe.
Taqipour told reporters on Wednesday that the Israeli regime ranks at the top of governments that sponsor various forms of state terrorism, including cyber terror, Mehr news agency reported.
He said that the Tel Aviv regime was the symbol of state terrorism, adding that the regime takes the lead in spreading malwares across cyber space.
He added, however, that Iran has taken appropriate counter measures, including the establishment of a cyber command, to control and foil cyber attacks targeting the country.
The minister's comments came in response to reports that Israeli military is plotting to wage a major cyber war against Iran by setting up a military cyber command.
The new cyber command, which has been designated as central to 'defense capability' of the Israeli regime, would directly report to Israeli Prime Minister Benjamin Netanyahu.
The new command center, supported by the military, has already conducted a series of "soft" espionage missions, including hacking into Iran's version of Facebook and other social networking sites, the report says.
A source with close knowledge of the cyber war preparations said that Israel has two principal targets in Iran's cyberspace, which are stopping Tehran's nuclear program and its civil infrastructure.
Iran says it fully monitors cyberspace in order to counter soft warfare against the country (Press TV, 2011).
Title: U.S. & Israel Launch New Phase Of Cyber Warfare
Date: October 20, 2011
Abstract: The re-emergence of the Stuxnet virus in a virtually identical form to its previous incarnation heralds a “new round of cyber war,” and given the fact that the last version was created by the U.S. and Israel, it’s obvious where the finger of blame should be pointing once again.
“Analysts at US firms McAfee and Symantec agreed that a sophisticated virus dubbed “Duqu” has been unleashed on an apparent mission to gather intelligence for future attacks on industrial control systems,” reports AFP.
“This seems to be the reconnaissance phase of something much larger,” McAfee senior research analyst Adam Wosotowsky told AFP about the virus, named for the “DQ” prefix on files it creates.
The new incarnation of the virus is primarily aimed at the Middle East and is designed to “mount a future attack on an industrial control facility” by capturing password data and infiltrating networks undetected.
“McAfee and Symantec said that, based on snippets of the virus they were given to study, portions of the encrypted Duqu code matched identically scrambled portions of Stuxnet,” states the report.
After last year’s Stuxnet worm attack targeted Iranian nuclear plants, the New York Times reported, months after we had first identified “Israel and the United States….as the prime suspects behind the Stuxnet worm attack,” that the virus was indeed created by the U.S. and Israel.
“The covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British,” reported the NY Times on January 15.
Even after it was all but admitted that the United States and Israel created Stuxnet to target Iran’s nuclear facilities, the establishment media’s coverage of the new incarnation of the worm is completely absent that fact.
Perhaps we can expect to be labeled “conspiracy theorists” once again for stating the blindingly obvious – that while US cybersecurity officials concentrate power and funding in the name of defending against cyber attacks, they are the ones launching them. The US and Israel is once again behind the attack and it will primarily be aimed at disrupting Iran’s nuclear enrichment program.
As we documented, before the New York Times reported that the U.S. and Israel were behind the attack last year, numerous talking heads claimed there was no evidence to suggest this, blaming Russia or China instead, and demonizing those who pointed the finger at the obvious culprits for circulating “ridiculous” theories.
It really scales the heights of hypocrisy to hear the arguments of US cybersecurity officials about the need to hand them the power to control the Internet in the name of protecting against cyber warfare, when the U.S. government itself is behind almost every act of cyber warfare.
Earlier this week it also emerged that the Obama administration considered opening its assault on Libya by launching a cyber attack to “disable the Qaddafi government’s air-defense system”.
To Wage E-Warfare Against Iran
Date: November 19, 2011
Source: Press TV
Abstract: A report says Israel intends to use electronic warfare to shut down Iranian civilian infrastructure in the event of a strike against the Islamic Republic's nuclear facilities.
The Daily Beast reported on Thursday that a possible Israeli attack would go as far as targeting Iran's Internet and cell phone networks, its electrical grid as well as emergency frequencies for the country's police and fire departments.
The news website quoted "current and former US intelligence officials" and that the electronic warfare would be carried out by remote-controlled Israeli Air Force drones, which can fly for 20 hours non-stop before they come back to points of take-off. There are even some unmanned Israeli aerial vehicles that can fly overhead for 45 hours non-stop.
The Daily Beast said that Israel has developed weapons that could imitate a maintenance cell phone signal that commands a cell network to go inactive, "effectively stopping transmissions."
It also claimed that two years ago US security officials allegedly located several power grids inside Iran that were connected to the Internet, and were susceptible to cyber attacks such as the Stutnex virus.
The US, Israel, and some of their allies accuse Tehran of pursuing military objectives in its nuclear program.
Iran has refuted the allegations, saying that as a signatory to the nuclear Non-Proliferation Treaty and a member of the IAEA, it has the right to develop and acquire nuclear technology for peaceful purposes.
In addition, the IAEA has conducted numerous inspections of Iranian nuclear facilities but has never found any evidence indicating that Iran's civilian nuclear program has been diverted towards nuclear weapons production (Press TV, 2011).
Title: Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms – Iran IT Head
Date: October 8, 2012
Abstract: Iran’s offshore oil and gas platforms were the targets of the cyber attacks aimed at crippling the country. All threats were repelled and Israel was behind them, according to head of IT at the Iranian Offshore Oil Company, Mohammad Reza Golshani.
Golshani told Reuters that the attack happened over the past couple of weeks, was routed through China, and affected only the communications systems of the network.
It is almost two weeks since the managing director of the National Iranian Offshore Oil Company Mahmoud Zirakchianzadeh announced his company’s negotiations over deals worth US$14 billion.
Iran is currently under pressure from the international sanctions, mainly in oil exports, imposed by the UN Security council, the US, and the EU.
On Saturday, the EU threatened to ban Iran’s natural gas export to put pressure on the country’s nuclear program. Iran’s now exporting to Turkey and has swap deals with Armenia and Azerbaijan.
The possible ban was described by a spokesman of the oil ministry Alireza Nikzad-Rahbar as a "propaganda campaign" because “right now no EU member imports Iranian gas supply.”
The UN Security Council imposed four rounds of sanctions in efforts to pressure Tehran to give up its nuclear program, which the West fears is aimed at creating a nuclear weapon. Iran insists its nuclear ambitions are peaceful. The sanctions targeted Iran’s oil exports and cut off access to international banking networks.
Tehran is being pressured not only with sanctions: the country has been variously attacked by Flame, Stuxnet and Gauss, three viruses that gathered information on sensitive Iranian equipment and slowed down its nuclear centrifuges. They were tacitly confirmed to have been launched by the US and Israel, as a way of slowing down the country’s atomic program, which the West says is aimed at eventually producing nuclear weapons. A claim Iran emphatically denies.
Iran has reported several computer attacks in recent months and a Revolutionary Guard commander said last month the country would defend itself in case of a "cyber war".Tehran is seeking to developing a national Internet system, which it says would improve cyber security. But many Iranians say the plan is the latest way to control their access to the Web, which is already highly censored (RT, 2012).