A new spate of cyber-attacks have been rocking Iran this month. As with most things cyberwar-related, it’s difficult to know exactly what’s going on. AllThingsD has a pretty good rundown of what is clear so far:
The ongoing cyber war in Iran appears to have taken another turn in recent days as the state media in that country is airing reports of a new attack against industrial computers in the southern area of Hormuzgan Province.The thing is, Iranian media, all state-controlled, can’t seem to get their story quite straight on how the government has responded. First there were reports — citing local civil defense officials — that “skilled hackers” helped the country repel and ultimately foil the attack. Later, local reports tracked by Agence France-Press walked back from that version of events.Whatever the response, the description of the attack describes a new “Stuxnet-like” Trojan, without going into further detail about its capabilities or behavior.
Earlier this month, AllThingsD notes, Iran was being plagued by a simplistic virus which wiped hard drives on certain specified dates. The virus, called BatchWiper, was so simple, security experts say, that it appears to have been the work of “script kiddies”—unsophisticated hackers out to cause indiscriminate damage with no greater agenda behind their actions.An Israeli security expert, however, warned against jumping to conclusions:
“This is Iran, after all, which is in the cyber-gunsights of many groups and governments,” said Tamar, who works for a major database firm in Jerusalem. “Sometimes ‘simple’ attacks like this are a smokescreen, masking something else going on in a system that is doing a lot more damage.”Case in point: It was a very similar Trojan, called Wiper, that drew attention to a file that was added to Iranian computers that were eventually found to be suffering from Stuxnet. Although analysts thought that Wiper was also a simple virus, it turned out to be much more, and its connection to Stuxnet is still being analyzed. “In the virus world, anything is possible, and everyone is a potential suspect,” said Tamar.
Is Iran about to be mauled by Son of Stuxnet?