originally posted by: Springer
a reply to: UnmitigatedDisaster
I thought Stuxnet (what Iran should be really mad about) was credited to Israel in most (aware) people's minds?
Why would Iran be so mad at the U.S. from a cyber perspective? Obviously I get why they are "mad" at the U.S. in every other sense.
To be clear, I am honestly curious about your thoughts on this, not being snarky at all.
I'll start by stating I'm in no way a top-level manager or advisor, or anyone making big decisions or operating out of the NSA or anything. I am,
however, responsible for the security of a Federal office building and several smaller offices inside larger Federal buildings; so we get fairly
regular security updates and alerts, as well as having fairly regular discussions about it between the other Sys Admins and our head office.
So here's what I've been told, plus a few things that are my own thoughts which I'll try to make sure are distinct.
What I've been told: Iran views the U.S. in the same way we tend to view China - a cyber threat to their country with entire teams and/or divisions
dedicated to hacking Iranian infrastructure. The are well experienced with the U.S. meddling with their country, politically and militarily, and
believe we are constantly trying to undermine them due to their nuclear programs' "threat". Their buildup of anti-cyberterrorism, as well as their
development of dedicated cyber "assault" teams is, in the Iranian government mind, a response to protect themselves and take the offensive; and in our
minds a preemptive act to try to gain the upper hand in the cyberwar(s) to come.*
My own belief: They don't believe Israel capable of high-level cyber attacks or terrorism. They know how in bed the U.S. and Israel are, and assume
that at least some, if not all, of the core work for Stuxnet was developed by American specialists. Whether or not this is true (conspiracies abound,
right? lol) this means most of their development is pretty much "pre-venge" against the world. I think they probably have legitimate concerns, but
since they aren't proven they are basically being preemptive. In this I agree with what I've been told in general.
On general hacking and the increase in DDoS attacks:
What I've been told: Pockets of semi-organized groups of low-level hackers utilizing existing botnets to replicate the attacks of better organized
groups. The reason they tend to target games and other non-essential companies or infrastructure is because they lack the knowledge, coordination
and/or ability to obfuscate their attacks - meaning they know they would be caught easily if they did anything major against the government.
My own belief: Pretty much the same. It's a bunch of script kiddies and wannabe hactavists trolling people on innoccent things like games or popular
webforums because they don't have the skill to take on real targets; and most of them don't actually want to or have the guts to. Additionally many
of the DDoS attacks are the same because they are just copying what's already been done. Really well organized hactavist groups might call on the
poser masses to get them to help; but any real penetration and information extraction they are doing is much quieter and rarely involves DDoSing a
site, except maybe as decoys.
*The Cyber Wars: My own term, and one many of us use but it is in no way a "official" title or even some cool "secret project". It's just what a lot
of us jokingly call it. Really what's happening is Iran is building up a strong, and in many industry experts opinions, the most advanced
cyber-attack infrastructure yet. There are several security companies and spokespeople who've already warned that they've been in the "information
gathering" stage for at least two years and appear to be winding down that "phase" to lead to something new, but currently unknown.
Our marching orders: Do your normal thing. Administer your systems, watch your network, do your job. Regularly review firewall and
antivirus/malware logs for odd traffic or attempts at entry and report anything unusual. We've been told our biggest immediate threat is that we
don't know from what direction or intention an attack would come from. Most of the -real- threats against the U.S. (ie: not kiddy ddos attacks) have
spent long amounts of time quietly watching our networks, gathering our routing patterns and traffic points, trying to identify weakspots to attack or
create connections through, and generally to determine the most effective way to cause network failures.
Conclusion: Sorry guys, I know it wasn't anything exciting like leaked CIA reports - and a lot of this is stuff many of you know or conjectured for
yourself - but sadly reality isn't always that exciting. At least at my level. Maybe someday...
Edit: I will add that my firewall logs regularly show more suspicious/denied traffic from Chinese IP's than Iranian - but I think that's actually
more supportive of the worry about Iran. They aren't being overt and trying to actively probe; they are just watching and developing detailed
edit on 16-12-2014 by UnmitigatedDisaster because: (no reason given)