A Defense Technology Blog
See All Posts
  • Look Out, Cyber Bombers Overhead
    Posted by David A. Fulghum 11:32 AM on Sep 29, 2010

    Do not bet that the U.S. or Israel infected Iran’s automated industrial processes with a cyber worm – at least directly.

    Attacks without fingerprints are a skill being honed by specialized, international cyber-warriors trying to show they can “be the best at designing tools that can attack specific systems that are in their national interest,” said Army Gen. Keith Alexander, chief of U.S. Cyber command.

    That leaves the door open to free-lancers to show what they can do, cyber guns-for-hire and surrogate warriors from places like Turkey and Eastern Europe where recruiting and developing criminal and combat cyber-tech is a high-value enterprise.

    A possible example is someone’s “Stuxnet” cyber-worm that appears to have taken down computers employed in the Iranian nuclear program. It is known that Iran’s uranium enrichment program has been running into more than its share of technical problems during the last few years.

    Mahmud Liai of Iran’s Ministry of Industries and Mines said that 30,000 computers have been invaded and the event is being considered as an electronic war against the country.  Speculation by the press and some analysts points to U.S. or Israeli authorship of a cyber-delay of what may be an Iranian nuclear weapons program. Alexander says that the technology to do so is widely spread among both powerful and not-so powerful nations. Israeli officials have discussed their interest in stopping the program.

    “The question is whether Israel will one day try to stop the [Iranian nuclear weapon] project by its own means?” Maj. Gen. Giora Eiland (ret.) former head of Israel’s National Security Council told Aviation Week. “Can we do it? That depends. Can you count on tacit cooperation of others in the region [and America]. What is the physical damage you will cause? The most important question is how much delay in the program do you cause – a few months or years? Months are useless, decades may do. This is a decision the Israeli government will have to make.”

    Or perhaps the decision has already made and acted upon by the U.S., Israel or some third party. Of course, if you are going to launch cyber-attacks, you must be able to defend against them.

    Department of Homeland Security teams have been assessing vulnerabilities in industrial control systems since the Aurora Test, say DHS officials. They also plan to increase the number of investigative teams from four to ten by 2011.

    The U.S. military and defense industries are developing cyber-weapons that can be tailored for specific targets and also are looking at how to put such weapons on aircraft for airborne electronic attack.

    One of the devices seen by Aviation Week is a software framework for locating digital weaknesses. It combines cyber sleuthing, technology analysis and tracking of information flow. It then suggests to the operator how best to mount and attack and, later, reports on success of the effort. The heart of the attack device is it ability to tap into satellite communications, voice over internet protocol, Scada proprietary networks – virtually any wireless network.

    “If you think about the explosion of capability in commercial electronics, it’s obvious that for not-too-much money, anybody can set up a fairly robust WiFi capability and just ride the backbone of the Internet,” says a U.S.-based, network attack researcher.  Stuxnet seems to differ from this concept in that it apparently works autonomously, without direction, and relentlessly searches for pre-loaded targets.

    In the unclassified arena there are algorithms such as Mad WiFi, Air Crack and Beach. Industry teams have their own toolbox of proprietary, cyber-exploitation algorithms. But the unclassified tools give a sense of what can be done. In fact they resemble some of the characteristics attributed to Stuxnet.

    Air Crack, for example, is used to decipher the encryption key for a wireless network. Some are quick but require injecting a lot of data into the network which makes the attack noisy and easy-to-trace. Others are passive and slow. It takes days or even months, but no one is aware of the intrusion as was the case with Stuxnet.

    Crypto-attack uses sophisticated techniques to attack passwords. It runs fast and gives good results but the operator has to take an active role, capture different types of data and send the right information to get a proper response.

    A de-authorization capability can kick all the nodes off a network temporarily so that the attack system can watch them reconnect, which provides information for quickly penetrating the system.

    Tags: ar99, cyber, iran

  • Recommend
  • Report Abuse

Comments on Blog Post