The infosec chronicle has offered many interesting events in this first part of October. Upon all, the massive leak against top 100 universities by the infamous Team GhostShell, the Skype worm, and, last but not least, the U.S. congressional report accusing China’s leading telecom equipment makers, Huawei and ZTE, of being a potential security risk.
Inevitably these events are obfuscating what’s going on in Middle East where Iran, on one hand, is facing the latest wave of Cyber Attacks against its internal assets, and on the other hand, claims to have infiltrated the “most sensitive enemy cyber data”.
This hot autumn for the Middle East has begun on September 30 (approximately one week after Iran connected all its government agencies to its secure autarchic domestic internet service). In that circumstance Iranian Rear Admiral Ali Fadavi announced a clamorous cyber strike of his navy’s cyber corps, being able to “infiltrate the enemy’s most sensitive information” and successfully promote “cyberwar code,” i.e. decrypt highly classified data.
Ali Fadavi did not specify the name of any particular enemy, but simply referred to “imperialistic domination,” a clear reference to Iran’s “enmity with America.”
Maybe is a coincidence, or maybe not, but on October 3 Iran has suffered a massive outage of its Internet infrastructure, at least according to what Mehdi Akhavan Behabadi, secretary of the High Council of Cyberspace, has declared to the Iranian Labour News Agency. An outage that the Iranian official has attributed to a heavy organized attack against the country’s nuclear, oil, and information networks, which forced to limit the usage of the Internet.
The latest (?) episode a couple of days ago, on October 8, when Mohammad Reza Golshani, head of information technology for the Iranian Offshore Oil Company, told Iran’s Mehr news agency that an unsuccessful (i.e. repelled by Iranian Experts) cyber attack had targeted the company platforms’ information networks in the past few weeks. I wonder if we are in front of a new Flame. In any case, according to Mr. Golshani there were few doubts about the authors of the attack.
“This attack was planned by the regime occupying Jerusalem (Israel) and a few other countries”.
Few hours later Iran has officially blamed Israel and China for planning and operating the attack.
It is not a mystery that the Stuxnet attack forced Iran to tighten its cyber security, a strategy culminating on the creation of a domestic Internet separated from the outer world (a way to control the access to the Web according to many observers).
For sure it is not a coincidence that the same network separation is the main reason why Iran was able to repel the latest attacks.
My sixth sense (and half) tells me that other occasions to test the cyber security of the Iranian domestic Internet will come soon!
Fate, it seems, is not without a sense of irony. And this rule worths also for the Infosec Matrix…
Yesterday, while a five-hour outage, due to an alleged DDoS cyber attack initially claimed by the Anonymous, left GoDaddy unable to serve millions of websites (panicking millions of Internet Users), a digital publishing company named BlueToad came forward to take responsibility for the leak of a million iOS unique device identifiers (UDIDs). For sure you will remember that the same infamous collective claimed to have stolen the UDIDs from an FBI laptop few days ago.
Probably the FBI had really nothing to deal with the hack, since yesterday BlueToad admitted (and apologized) to have been breached and that the UDIDs were stolen just in that circumstance.
And as if that was not enough, hour after hour even the alleged cyber attack to GoDaddy has taken a paradoxical turn: after the initial claims, the Anonymous have denied the responsibility for the action (at first marked as the latest form of protest against GoDaddy’s support to SOPA), and have also mocked @AnonymousOwn3r, the alleged author of the attack, who self-proclaimed (sic) “security leader of Anonymous because I’m behind many things such like irc, ops, attacks, and many“.
Now the latest coup de théâtre: there’s no IRC bot behind GoDaddy’s outage (as claimed by the alleged author), but a much less romantic series of (unspecified) internal network events that corrupted data tables, apparently “simple” (for those famliar with networking) routing issues.
And they are two… In the same day, two alleged cyber attack initially claimed by the Anonymous, and then proven to be false. And even if it is not so common to discover two in the same day, fake cyber attacks are becoming quite frequent (think for instance to the alleged hack to Philips, old data leaked in February according to the Dutch Giant, and to Sony). Of course the point are not the Anonymous, the point is that claiming hacks and leaks (made by others, or worst totally false) is becoming too simple… Nowadays with Twitter and Pastebin you can (claim to) hack whatever you want (as an example I often find on pastebin dumps repeated several times and claimed by different authors).
Maybe it is time to take with caution and skepticism the news of massive leaks.