Iran Promises Knuckle Sandwich if US Cyberattacks Persist
"They have our weapon in their hands now and can use it against us," said Hord Tipton, executive director of (ISC)2 and former CIO of the U.S. Department of the Interior. "We handed them a nice weapon." The so-called Thunderstruck worm "can be turned around and used to attack our critical infrastructure, but hopefully it will be attacking systems that have already been patched."
Jul 25, 2012 4:27 PM PT
Iran has reportedly threatened the United States with a "teeth-breaking" response if cyberattacks against it continue.
Last month, Iran claimed to have discovered and foiled plans by the U.S., Israel and the UK to launch what it claimed was a massive cyberstrike against its nuclear facilities, the Israeli newspaper Haaretz reported.
Further, the Stuxnet worm, which is reportedly the most malefic piece of malware ever created, and its kin, Duqu, as well as the Flame malware, were reportedly created by Israel and the U.S. to attack Iran's nuclear facilities.
Iran was hit last week by another worm that shut down two Iranian facilities -- at Natanz and Fordo. It played the AC/DC song "Thunderstruck," F-Secure reported.
"In the information space, 'teeth' just grow back," T.K. Keanini, chief technology officer at nCircle, told TechNewsWorld. "While Iran might be able to attack some of our physical teeth, it's hard to imagine them striking a fatal blow to U.S. cybersecurity."
The Sound of Music
News of the latest attack, which involved AC/DC's music, emerged when an Iranian nuclear scientist emailed Mikko Hypponen, F-Secure's chief research officer, over the weekend.
Iranian cyberexperts believe the Metasploit tool was used, the scientist said. The hackers had access to the virtual private networks of the nuclear stations that were hit.
The attack reportedly shut down the automation network and Siemens hardware used in the affected locations. It also played AC/DC's "Thunderstruck" on some workstations with the volume cranked up to the max.
Hypponen was unavailable for comment because he is at the Black Hat hacker conference being held in Las Vegas, F-Secure representative Melanie Lombardi told TechNewsWorld.
Siemens, SCADA and Stuxnet
Siemens supervisory control and data acquisition, or SCADA, systems are configured to control and monitor specific industrial processes, and are employed in Iran's nuclear plants. It's likely the latest malware hit them.
The Stuxnet worm also targeted the Siemens SCADA systems at Iran's nuclear plants.
However, "one of the key goals of Thunderstruck was to be noticed," which is "very different from the objectives of both Flame and Stuxnet," nCircle's Keanini said. The latter two "were meticulously crafted to avoid discovery" and it's therefore unwise to draw inferences about the similarities between the attacks.
Coming Home With a Vengeance
Siemens SCADA systems are also used in U.S. critical infrastructure, and that could expose it to danger from the latest malware to strike at Iran.
"Indeed, they have our weapon in their hands now and can use it against us," Hord Tipton, executive director of (ISC)2 and former CIO of the U.S. Department of the Interior, told TechNewsWorld. "We handed them a nice weapon."
The so-called Thunderstruck worm "can be turned around and used to attack our critical infrastructure, but hopefully it will be attacking systems that have already been patched," Tipton said.
"We assume that the government is bolstered against these types of attacks, but 90 percent of our critical infrastructure is still in the hands of [the private sector], so we can't be sure," he explained. "There is no real way of knowing how many systems out there have not already been patched."
Is the US Safe?
Although the Obama administration has made cybersecurity one of its top priorities, the U.S. may still not be adequately protected.
Meanwhile, Congress is battling over a cybersecurity bill; Sen. Joe Lieberman and other sponsors say they're being forced to water it down and reintroduce it.
"We are still very vulnerable [to cyberattacks], though it's likely an attack would need a weapon that has been designed to go after our systems, much like this [Thunderstruck] attack appears to have been designed to attack Iran uniquely," Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld.
"Given the high probability of an attack that could shut down much of the U.S. infrastructure, systems likely should be more aggressively segregated and then upgraded with monitoring software and platforms, so that attacks are both more difficult, and attempts and trends are better monitored," he suggested.
"This isn't a one-time event," said Enderle. "We are effectively at war in cyberspace."