In the last wave, Yourikan has taken down 106 Iranian sites, defacing them with a message against the Nuclear Strategy of Iran.
He also claims to have deleted the backend databases.
This is only the latest occurrence of the mutual attacks between the two cyber factions. My sixth sense and one half tells me that more are to come…
After the jump you find the complete list (at the time of writing, in many cases the defaced pages have already been removed).
Approximately a couple of weeks ago, an Israeli hacker called You-r!-k@n, one of the early contenders of the Middle East Cyber War, had defaced the Iran Energy Water Website. The attack was claimed as a form of cyber protest (and cyber retaliation) against Iranian institutions executed by the same author.
Yesterday, two weeks later, with the same motivations, the same hacker has targeted and defaced 91 Iranian sites, including several government and education sites together with several important companies.
All the affected sites (at the time of writing the ones listed below are still defaced) show the same message against the “terror” and the nuclear strategy of Iran together with an Israeli flag.
According to the author, the list of the victims include:
- The Tehran’s urban development (http://ashayer.gov.ir) and other web sites with domain gov.ir
- A large number of sites faculties and institutions, for example one of the largest universities in Iran: (http://sama-saveh.ac.ir/info1-28.htm);
- The websites of several large electronic companies (http://gaamelectric.ir/info1-28.htm);
- The websites of one of the largest gas and oil company (http://satrap.ir/info1-28.htm);
According to the original statement of You-r!-k@n:
This is an attack against Iran than support terrorism and developing nuclear weapons to destroy Israel.
The situation between the two hot countries of the Middle East continues to be tense, and cyberspace is not an exception.
You-r!-k@n keeps on his personal battle against Iran.
The latest target is the official website of Iran Energy Water (tw.org.ir), which has been defaced, showing, in several sections, of the main page, a message against the Iran Nuclear Program and against the recent event in Bulgaria where five Israeli tourists (and their local driver) were killed in a terrorist attack in the Black Sea city of Burgas. At the time of writing the web site is unavailable, showing the well-familiar IIS7 Splash Screen (in spite of the embargo and the alleged Iranian Cyber Autarchy).
As you know, Israel blamed Iran for the latter event (backed by American Officials), and hence, easily predictable, the dispute between the two states has (once again) crossed the boundaries of the cyber world (but a defacement is quite a simple question in comparison with Stuxnet and The Flame).
The time of the Middle East Cyber War is well behind, nevertheless cyber events targeting both countries, whether state-sponsored or carried on by lone rangers, continue to happen at a constant rate.
After several months of silence, a new resounding dump in Middle East.
I have just received an email message from you-r!-k@n, one of the early pro-Israeli contenders of the Middle East Cyber War, advising me of a new huge dump against an Iranian Server (irimo.ir, Iranian Meteorological Organization), which is currently unavailable. He claims to have acquired administrator privileges for the domain (1500 computers and server, 400 users), and has posted some screenshot as evidence, and the list of 400 Active Directory Users.
Of course I have decided not to publish the list except a small sample (which appears to come from a Windows 2000 Server), but cannot help but notice that, after a couple of months of silence, this is the first new event that closely resembles the resounding dumps which characterized the very first stage of the Middle East Cyber War.
Will this be an isolated episode or a brand new precursor of a new wave of attacks in the Middle East?
Update: Irimo.ir is currently unavailable, however, I was given a screenshot of the site before it was taken down. Looking at the messages left on the devastated site (which announced the erase of the Active Directory), it is interesting to notice that the reference to the Nuclerar as to reaffirm that the standoff between Israel and Iran about the Nuclear Strategy of Tehran, is influencing also the Cyber Space.