Follow Us

War on Error

Iran vs USA - the world's first cyber-war has started



It sometimes hides behind hacktivism. But 75Gbps peak DDoS on US banks is no amateur protest...

We can say with a growing sense  of certainty that the world’s first cyberwar is upon us, unfolding behind the scenes with a rising level of intensity, so far pretty much ignored by all but the need-to-knows.

On one side are the US and its European and Middle-Eastern allies, on the other Iran and perhaps its proxies in Syria, Lebanon and a handful of more isolated groups across the non-aligned Islamic world.

Is this really a cyberwar? Certainly, although it is not official and likely never will be. If you rank sustained state-to-state exchanges across the Internet as defining a digital campaign then this is surely the real McCoy even if everything looks normal from the outside.

History might eventually time ‘Cyberwar I’  as having kicked off around 2006 when the US hatched a series of over-lapping programmes to attack Iran’s nuclear industry using software sophisticated enough (i.e. free of identifying marks) to maintain an air of polite, plausible deniability.

The world unmasked these as Stuxnet, and a number of forensically-linked and increasingly enigmatic follow-ups including Duqu, Gauss, and a particularly complex piece dubbed Flame that was probably connected to Stuxnet despite only being discovered last year. There were almost certainly others cyber-weapons that have not yet been uncovered.

And it turns out that two can play this game.


Cyberattacks on US banks are nothing new but the series of large and disruptive attacks against the US financial sector starting around last September, claimed by the ‘Izz ad-Din al-Qassam Cyber Fighters’ - which wore the mantle of hacktivism to hide its state backing - appeared to mark the start of something more significant.

alqassambrigade.jpg

These have continued with small gaps ever since, ramping up to disruptive levels in December and continuing ever since.  One large cyber-attack every now and again might be expected, but an ongoing campaign at this level of intensity is starting to grab the full attention of interested commentators.

A rolling core of banks have been affected over several months, including Bank of America, JPMorgan Chase & Co and Citigroup and HSBC, prompting former  State and Commerce Department official, James A. Lewis to state quite categorically that “There is no doubt within the US government that Iran is behind these attacks” to the New York Times.

Amidst the daily noise of DDoS attacks, exactly where they come from has at times seemed almost irrelevant. Who launches them and why is rarely explicitly stated - they are just a fact of life.  

Lewis’s intervention suggests that the pattern of the anti-bank campaign has elevated these mysterious events into the political arena, at least behind closed doors.

“They are high volume and also very complicated,” says Scott Hammack, CEO of DDoS mitigation firm, Prolexic. As is customary for his industry he is reluctant to discuss where the attacks might originate but is willing to admit that “the US Government is in a good position to know who is doing it.”

Two weeks ago his firm saw a 75Gbps DDoS attack unfolding with a couple of 45Gbps events since then, both at the very large end of the traffic spectrum.

In 2011, Prolexic had seen perhaps one or two attacks of this size for the whole year; attacks peaking at 80Gbps were now a weekly occurrence. That makes these among the largest sustained DDoS attacks that have ever taken place in history.

“The frequency, size and complexity has ramped up to the extent you could call it a cyberwar,” he says. “It is definitely a dangerous precedent. It is bad right now but will get worse,” he predicts.

A distinctive feature of the recent attacks was that they used a ‘push’ DDoS model based on real-time, manual control rather than a static command and control network. That also made them harder to disrupt.

Why would Iran or any other country attack another using DDoS? It would be easier to say why it wouldn’t. If the US wields complex targeted software with deadly purpose, smaller nations can level the field by attacking its infrastructure with a weapon accessible enough that even small groups have successfully used it. Such is the simple allure of DDoS.

“The attackers are fairly sophisticated because of the combination of attack vectors,” comments Arbor Networks’ Darren Anstee, who works for another company that makes its money looking at and securing the Internet traffic few others pay attention to.

The attackers had deployed three main attacks tools - Brobot PHP injection (aka
“itsoknoproblembro’) KamiKaze and AMOS - capable of hitting the targets with conventional volumetric (UDP/ICMP) and TCP exhaustion DDoS, spiked with rightly feared HTTP, HTTPS and DNS application attacks.

Launched via compromised server proxies, the attackers had shown knowledge and planning in the way they had executed the attacks, working out which targets might share data centres with one another as a means of maximising their effect. If an attack showed signs of failing, they adjusted in real time.

“They are obviously monitoring the effectiveness of the attack vectors very quickly,” he said, a feature that underscored them out as out of the ordinary.

Anstee rejects the simplistic notion that DDoS is a ‘cheap’ weapon for those lacking anything better.

“DDoS has become an advanced threat,” although he believed the effectiveness of the current campaign might be waning as organisations learned to cope with them.

Where might the Iranians go after DDoS? Indeed, how far has the US already gone beyond Stuxnet and Flame?

Months after the DDoS attacks started, few will yet call it for what it is; an escalating cyberwar with no clear rules of engagement beyond an uncertain translation through the calculus of geo-political realpolitik.

Meanwhile, the Middle East was enveloped by a slow-burning digital war during 2012, with
Saudi Arabia finding its oil industry under destructive attack from malware such as 'Shamoon', designed to trash the hard drives of target PCs on a grand scale.

With packets flying back and forth, it looks as if the US v Iran will be a very 21st Century war. Where precisely it started has already been lost in history, and as long as the collateral damage is relatively small (consumers unable to log on to their bank accounts, say) few will pay it that much heed. It is just part of the contemporary world.

But if the conflict ever moves to being a hot war, the largely hidden exchanges of this cyberwar could turn out to be the telling factor.

 

Enhanced by Zemanta

Tags: denial-of-service attack, iran, james a. lewis, jpmorgan chase, middle east, new york times, united states, us government

RSSSubscribe to this blog

More from Techworld

More relevant IT news

Contact Us

For editorial queries:
Mike Simons Mike_Simons@idg.co.uk

For website issues:
Email webmaster@techworld.com

For commercial queries
Russell Kearney russell_kearney@idg.co.uk


For more contact details click here.


Email this to a friend

* indicates mandatory field





Techworld White Papers

Optimising data protection for virtual environments

VM environments require the same level of data protection as does the physical server environment. Companies may use data protection tools built for the physical environment in the virtual world, but this has serious disadvantages.

Download Whitepaper

PCI Compliance: Are UK businesses ready?

Exploring the results of a recent survey, including: ? Levels of understanding of the standard ? Current perceptions of actual compliance status ? Attitudes toward addressing compliance

Download Whitepaper

Mobility Management for Dummies

Your complete guide to managing and securing mobile devices such as laptops and smartphones.

Download Whitepaper

Magic Quadrant for midrange and high-end NAS solutions

It is difficult to find one midrange or high-end NAS product that can cater to all needs. File systems embedded in NAS are often designed to solve one major pain point, with additional features being added later to broaden use cases and benefits.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

Watch
COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map

Test