Open source reporting from 28 May through 5 June 2012 revealed Iran was attacked by another computer virus called the "flame" Israel hinted they conducted the attack, while other headlines stated the attack was a joint us / Israeli effort and both countries had admitted it.
Open source reporting from 28 May through 5 June 2012 revealed Iran was attacked by another computer virus called the "flame" Israel hinted they conducted the attack, while other headlines stated the attack was a joint us / Israeli effort and both countries had admitted it.
Open source reporting from 28 May through 5 June 2012 revealed Iran was attacked by another computer virus called the "flame" Israel hinted they conducted the attack, while other headlines stated the attack was a joint us / Israeli effort and both countries had admitted it.
Open source reporting from 28 May through 5 June 2012 revealed Iran was attacked by another computer virus called the "flame" Israel hinted they conducted the attack, while other headlines stated the attack was a joint us / Israeli effort and both countries had admitted it.
Websites incIuded in OSINT products are subject to monitoring by U.S.
and foreign government
agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
TitIe: ran Cyber Attack - Stuxnet and Flame AnaIyst: TS Ref#: 20120605-468 CP ICOD: 20120605 Country/Topic: ran, srael, US / Military, Political
AnaIyst Comment: A body of open source reporting from 28 May through 5 June 2012 revealed Iran was attacked by another computer virus called the "Flame," Israel hinted they conducted the attack, while other headlines stated US President Obama authorized the attack and transitioned to saying the attack was a joint US/Israeli effort and both countries had admitted it.
Open source reporting from 28 May revealed Iranian government computer systems were infected with the "Flame" virus as part of a cyber warfare attack. On 29 May, the New York Times highlighted Iran's Computer Emergency Response Team Coordination Center acknowledged damage from a virus on their website. This was followed by Israel's Deputy Prime Minister Moshe Ya'alon being quoted by the Jerusalem post saying, "whoever sees the Iranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them" and "these achievements of ours open up all kinds of possibilities for us," insinuating Israel conducted the attack.
On 30 May, Iran's Fars News declared they had produced an anti-virus program against the "Flame," and in a statement Iran's National Computer Emergency Response Team said, "It seems there is a close relation to the Stuxnet and Duqu targeted attacks" adding the malware's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu attacks.
On 01 June, The New York Times (NYT) posted an article indicating US President Obama authorized and sped up cyber attacks against Iran initiated by the Bush Administration. UAE's Gulf News reflected the general activity of the cyber attacks and quoted Western think tanks indicating the US should be prepared for cyber retaliation from Iran.
The Jerusalem Post reported Israeli Defense Force (IDF) acknowledged using cyberspace to gather intelligence, attack enemies, and conduct various military operations on its official website on 03 June. Open sources indicate this is the first official admission of the IDF using cyberspace to conduct offensive military operations. Another article highlighted this revelation coincided within a few days of the NYT article and may be intended to spook Iran. The NYT article is an adapted extract of the book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power" by David E. Sanger due for release on 05 June.
On 05 June, the Strategy Page headlined "Israel and U.S. Admit Joint Cyber War Effort" reporting American and Israeli officials confirmed Stuxnet, Duqu, and Flame used against Iran were joint U.S.- Israel operations. The article did not identify any US or Israeli officials, nor did it attribute the information to "officials wishing to remain unnamed." No articles were observed indicating any acknowledgement by any nation or its officials for the cyber attacks on Iran.
HeadIines in Summary:
Mystery Virus Sought To Steal 'Designs From ran': Russian Firm ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
srael And U.S. Admit Joint Cyber War Effort Mystery Virus Sought 'Designs From ran': Russian Firm Why Are srael And America Suddenly Speaking So Openly About Cyber Warfare? sraeli Army Stresses On Cyber Warfare Obama Ordered Cyber Attack On ran: NY Times "Flame" Malware Was Signed By Rogue Microsoft Certificate T Official: 30 Countries Ask ran For Help To Combat 'Flame' Microsoft ssues Update To Protect Businesses From Flame Malware Report: US, srael Using All Capabilities n Cyber War On ran Leader's Military Aide Warns US Of ran's Tough Response To Military Attack Legal Action Must Be Taken Against US Over Cyber Attacks: Analyst DF Admits To Using Cyber Space To Attack Enemies US Senator Accuses Obama ran Vows 'Proportionate' Response To Any Strike Cyber-Attacks "Bought Us Time" On ran - U.S. Sources Obama Govt. Leaked Details Of Anti-ran Operation: Mccain US, ran Dig n For Long Cyber War The Flame Cyber Attack: How One Worm Changed The Discourse On An ran Strike Obama Ordered Stuxnet Cyber Attack On ran: Report Obama Order Sped Up Wave Of Cyberattacks Against ran Cyber Attacks On ran Stuxnet And Flame US s Losing Regional Bases U.N. Agency Plans Major Warning On 'Flame' Virus Risk; srael On Alert Zionist Regime Hints t Created Flame Malware ran Successfully Combats Flame Spyware ran Slams Enemy Cyber Attack ran Shows Prompt Response To srael's Cyber War ran Under Cyber-Attack By Data-Mining Virus RGC: US, srael Losing Bases n Region PM: srael ncreasing ts Cyber-Defense Capabilities ran Confirms Attack By Virus That Collects nformation Ya'alon Hints At sraeli Role n 'Flame' Virus srael Admits To Waging Cyber War On ran srael, ran, Lebanon hit by "Flame" super-virus The 'Flame' Computer Virus Strikes ran, 'Worse Than Stuxnet'
Supporting Documentation:
05 Jun 12 AI Arabiya Mystery Virus Sought To SteaI 'Designs From Iran': Russian Firm ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U) This undated screen grab released by the Kaspersky Lab site shows a program of the computer virus known as Flame. (AFP, 05 Jun 12)
A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against ran sought to steal designs and PDF files from its victims, a Russian firm said.
Kaspersky Lab, one of the world's biggest producers of anti-virus software, announced last month the discovery of the Flame virus, which it described as the biggest and most sophisticated malware ever seen.
n the latest update on Kaspersky's analysis of the virus, released late Monday, the firm's chief security expert, Alexander Gostev, said the malware's creators had focused on file formats such as PDF and AutoCAD, a software for computer design and drawing.
"The attackers seem to have a high interest in AutoCAD drawings, Gostev said in a statement.
The malware also "goes through PDF and text files and other documents and makes short text summaries, he added.
"t also hunts for e-mails and many different kinds of other 'interesting' (high-value) files that are specified in the malware configuration.
He confirmed that ran was by far the biggest target with a count of 185 infections, followed by 95 in srael and the Palestinian Territories, 32 in Sudan and 29 in Syria.
The discovery of Flame immediately sparked speculation that it had been created by U.S. and sraeli security services to steal information about ran's controversial nuclear drive.
ntriguingly, Kaspersky said that hours after the existence of the virus was first announced on May ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
28, "The Flame command-and-control infrastructure, which had been operating for years, went dark.
t gave no further information over the possible perpetrators of the mystery attack, though it identified about 80 domains that appear to belong to the Flame infrastructure, in locations from Hong Kong to Switzerland.
Kaspersky said it had used a procedure known as sinkholing -- which allows nternet security experts to gain control of a malicious server -- to analyze the operation.
During the sinkholing it found that on three computers in Lebanon, raq and ran the Flame versions changed, suggesting Flame upgraded itself in the process.
The New York Times reported last week that President Barack Obama has accelerated cyberattacks on ran's nuclear program in an operation codenamed "Olympic Games that uses a malicious code developed with srael. Flame exploits Windows bug
Meanwhile, Microsoft Corp warned that a bug in Windows allowed PCs across the Middle East to become infected with Flame and released a software fix to fight the espionage tool that surfaced last week.
Security experts said they were both surprised and impressed by the approach that the attackers had used, which was to disguise Flame as a legitimate program built by Microsoft.
Experts described the method as "elegant and they believed it had likely been used to deliver other cyber weapons yet to be identified.
"t would be logical to assume that they would have used it somewhere else at the same time, Mikko Hypponen, chief research officer for security software maker F-Secure, said.
f other types of cyber weapons were indeed delivered to victim PCs using the same approach as Flame, then they will likely be exposed very quickly now that Microsoft has identified the problem, said Adam Meyers, director of intelligence for security firm CrowdStrike.
Cyber weapons that bear the fake Microsoft code will either stop working or lose some of their camouflage, said Ryan Smith, chief research scientist with security firm Accuvant.
A spokeswoman for Microsoft declined to comment on whether other viruses had exploited the same flaw in Windows or if the company's security team was looking for similar bugs in the operating system.
News of the Flame virus, which surfaced a week ago, generated headlines around the world as researchers said that technical evidence suggests it was built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked ran's nuclear program in 2010. Researchers are still gathering information about the virus.
05 Jun 12 Strategy Page IsraeI And U.S. Admit Joint Cyber War Effort ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
American and sraeli officials have finally confirmed that the industrial grade Cyber War weapons (Stuxnet, Duqu and Flame) used against ran in the last few years were indeed joint U.S.-srael operations. No other details were released, although many more rumors are now circulating. The U.S. and srael were long suspected of being responsible for these "weapons grade" computer worms. Both nations had the motive to use, means to build and opportunity to unleash these powerful Cyber War weapons against ran and other that support terrorism.
The U.S. Department of Defense had long asked for permission to go on the offensive using Cyber War weapons. But the U.S. government regularly and publicly declined to retaliate against constant attack from China, mainly because there were fears that there could be legal repercussions and that weapons used might get out of control and cause lots of damage to innocent parties.
ran turned out to be another matter. Although not a serious Cyber War threat to the United States, ran was trying to build nuclear weapons and apparently srael had already been looking into using a Cyber War weapon to interfere with that. Given the nature of these weapons, which work best if the enemy doesn't even know they exist, don't expect many details to be released about this Cyber War program. What is known is that the Cyber War weapons unleashed on ran were designed to concentrate only on very specific targets. So far, only three weapons that we know of have been used. One (Stuxnet) was designed to do damage to one specific facility, the plant where ran produced nuclear fuel for power plants, and atomic weapons. That one worked. The other two (Duqu and Flame) were intelligence collection programs. They also apparently succeeded, remaining hidden for years and having lots of opportunity to collect enormous quantities of valuable data.
t was only in the last month that the latest of these Cyber War "super weapons" was uncovered. The new one is called Flame, and was designed to stay hidden and collect information from computers it got into. t apparently did both, for up to five years (or more), in ran, Lebanon, the Palestinian West Bank, and, to a lesser extent, other Moslem countries in the region. Like the earlier Stuxnet (2009) and Duqu (2011), Flame has all the signs of being designed and created by professional programmers and software engineers. Most malware (hacker software) is created by talented and often undisciplined amateurs and often displays a lack of discipline and organization. Professional programmers create more capable and reliable software. That describes Stuxnet, Duqu, and Flame. The U.S. and srael spent big bucks to craft these Cyber War weapons and get them to their targets. Both nations have access to the best programming talent on the planet, and already have organizations that can recruit and supervise highly secret software development.
As researchers continue studying these three software packages, they find ever more surprising features. Until the appearance of Flame, the most formidable Cyber War weapon encountered was Stuxnet, a computer worm (a computer program that constantly tries to copy itself to other computers) that showed up two years ago. t was designed as a weapons grade cyber weapon and was designed to damage ran's nuclear weapons manufacturing facilities. t succeeded. A year after Stuxnet was discovered (in 2010), security experts uncovered Duqu. Like Flame, Duqu was collecting information on large computer networks and apparently preparing for an even broader attack on industrial targets.
t appeared that Stuxnet and Duqu were but two of five or more Cyber War weapons developed (up to five years ago) from the same platform. Flame was not apparently related to Stuxnet and Duqu. The basic Flame platform appears to have been built to accept numerous additional software modules, giving each variant different capabilities. Some of the modules made use of specific computer features, like a microphone, wireless communication, or the camera. Flame appears to be a very different design from ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Stuxnet and Duqu but also spreads via a USB memory stick or the nternet.
Some infected PCs were found to contain a large number of Flame modules, amounting to up to 20 megabytes of code and data. Flame hides its presence very well and has a very effective self-destruct feature that erases all evidence of its presence. n the at least five years Flame has been around, it has gotten into a few thousand PCs and collected large quantities of data.
n contrast, Duqu was being used to probe industrial computer systems and send information back about how these systems are built and operate. When Duqu was first discovered, the server it was sending its data to was eventually found in ndia and disabled. Duqu appeared to shut down last December. No one knows if this is because Duqu had finished its work or was feeling cramped by all the attention. Flame is still operating.
For over two years now, hundreds of capable programmers have been taking Stuxnet and Duqu apart and openly discussing the results. While these programs are "government property", once they are turned loose they belong to everyone. The public discussion on the nternet has provided a bonanza of useful criticism of how the programs were put together, often describing in detail how flaws could be fixed or features improved. But even when such details were not provided, the programmers picking apart these programs usually mentioned what tools or techniques were needed to make the code more effective.
On the down side, this public autopsy of this stuff makes the inner workings of the software, and all the improvements, available to anyone. Then again, security professionals now have a much clearer idea of how this kind of weapon works and this can make future attempts to use similar weapons more difficult.
Flame is much larger and more complex than Stuxnet or Duqu and will keep researchers busy for years. But now that three of these professionally crafted Cyber War weapons have appeared in the last three years, it seems likely that more will show up.
Weapons like Stuxnet and Duqu are nothing new; for nearly a decade Cyber War and criminal hackers have planted programs ("malware") in computer networks belonging to corporations or government agencies. These programs (called "Trojan horses" or "zombies") are under the control of the people who plant them and can later be used to steal, modify, destroy data, or shut down the computer systems the zombies are on. You infect new PCs and turn them into zombies by using freshly discovered and exploitable defects in software that runs on the nternet. These flaws enable a hacker to get into other people's networks. Called "Zero Day Exploits" (ZDEs), in the right hands these flaws can enable criminals to pull off a large online heist or simply maintain secret control over someone's computer. Flame was apparently using high-quality (and very expensive) ZDEs and possibly receiving new ones as well.
Stuxnet contained four ZDEs, two of them unknown, indicating that whoever built Stuxnet had considerable resources. ZDEs are difficult to find and can be sold on the black market for over $250,000. The fact that Stuxnet was built to sabotage an industrial facility spotlights another growing problem - the vulnerability of industrial facilities. The developers of systems control software have been warned about the increased attempts to penetrate their defenses. n addition to terrorists, there is the threat of criminals trying to extort money from utilities or factories with compromised systems, or simply sniff around and sell data on vulnerabilities to Cyber War organizations. But in the case of Stuxnet, the target was ran's nuclear weapons operation, although some hackers dissecting Stuxnet could now build software for use in blackmail schemes.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Stuxnet was designed to shut down a key part of ran's nuclear weapons program, by damaging the gas centrifuges used to enrich uranium to weapons grade material. ran eventually admitted that this damage occurred and recent Western estimates of how soon ran would have a nuclear weapon have been extended by several years. So, one can presume that Stuxnet was a success.
Duqu appears to be exploiting the success of Stuxnet in spreading to so many industrial sites and is designed to sniff out details of places it ends up in and send the data to whoever is planning on building Stuxnet 2.0. Several different versions of Duqu have been found so far, and all of them have been programmed to erase themselves after they have been in a computer for 36 days.
Stuxnet was believed to have been released in late 2009, and thousands of computers were infected as the worm sought out its ranian target. nitial dissection of Stuxnet indicated that it was designed to interrupt the operation of the control software used in various types of industrial and utility (power, water, sanitation) plants. Eventually, further analysis revealed that Stuxnet was programmed to subtly disrupt the operation of gas centrifuges.
The Stuxnet "malware" was designed to hide itself in the control software of an industrial plant, making it very difficult to be sure you have cleaned all the malware out. This is the scariest aspect of Stuxnet and is making ranian officials nervous about other Stuxnet-type attacks having been made on them. Although ran eventually admitted that Stuxnet did damage, they would not reveal details of when Stuxnet got to the centrifuges nor how long the malware was doing its thing before it was discovered and removed. But all this accounts for the unexplained slowdown in ran getting new centrifuges working. Whoever created Stuxnet probably knows the extent of the damage because Stuxnet also had a "call home" capability.
The U.S. and srael have been successful with "software attacks" in the past. This stuff doesn't get reported much in the general media, partly because it's so geeky and because there are no visuals. t is computer code and arcane geekery that gets it to its target. The earlier attacks, especially Stuxnet, Duqu and Flame, spread in a very controlled fashion, sometimes via agents who got an infected USB memory stick into an enemy facility. Even if some copies of these programs get out onto nternet connected PCs, they do not spread far. Worms and viruses designed to spread can go worldwide and infest millions of PCs within hours.
Despite all the secrecy this stuff is very real, and the pros are impressed by Stuxnet, Duqu, and Flame, even if the rest of us have not got much of a clue. The demonstrated capabilities of these Cyber War weapons usher in a new age in nternet based warfare. Amateur hour is over and the big dogs are in play. Actually, the Cyber War offensive by the U.S. and srael appears to have been underway for years, using their stealth to remain hidden. There are probably more than three of these stealthy Cyber War applications in use, and most of us will never hear about it until, and if, other such programs are discovered and their presence made public.
05 Jun 12 Hurriyet Mystery Virus Sought 'Designs From Iran': Russian Firm A mystery computer virus discovered last month and deployed in a massive cyberattack chiefly against ran sought to steal designs and PDF files from its victims, a Russian firm said. Kaspersky Lab, one of the world's biggest producers of anti-virus software, announced last month the discovery of the Flame virus, which it described as the biggest and most sophisticated malware ever ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
seen. n the latest update on Kaspersky's analysis of the virus, released late Monday, the firm's chief security expert, Alexander Gostev, said the malware's creators had focussed on file formats such as PDF and AutoCAD, a software for computer design and drawing. "The attackers seem to have a high interest in AutoCAD drawings," Gostev said in a statement. The malware also "goes through PDF and text files and other documents and makes short text summaries," he added. "t also hunts for e-mails and many different kinds of other 'interesting' (high-value) files that are specified in the malware configuration." He confirmed that ran was by far the biggest target with a count of 185 infections, followed by 95 in srael and the Palestinian Territories, 32 in Sudan and 29 in Syria. The discovery of Flame immediately sparked speculation that it had been created by US and sraeli security services to steal information about ran's controversial nuclear drive. ntriguingly, Kaspersky said that hours after the existence of the virus was first announced on May 28, "The Flame command-and-control infrastructure, which had been operating for years, went dark." t gave no further information over the possible perpetrators of the mystery attack, though it identified about 80 domains that appear to belong to the Flame infrastructure, in locations from Hong Kong to Switzerland. Kaspersky said it had used a procedure known as sinkholing -- which allows nternet security experts to gain control of a malicious server -- to analyse the operation. During the sinkholing it found that on three computers in Lebanon, raq and ran the Flame versions changed, suggesting Flame upgraded itself in the process. The New York Times reported last week that President Barack Obama has accelerated cyberattacks on ran's nuclear programme in an operation codenamed "Olympic Games" that uses a malicious code developed with srael.
04 Jun 12 Haaretz Why Are IsraeI And America SuddenIy Speaking So OpenIy About Cyber Warfare? The DF Spokesman's website is not usually in the business of breaking stories, so Sunday's report on the Operations Department instructions defining the roles of cyber warfare in the DF's operational doctrine was unexpected and intriguing. According to the report:
Cyber space is to be handled similarly to other battlefields on ground, at sea, in the air and in space. The DF has been engaged in cyber activity consistently and relentlessly, gathering intelligence and defending its own cyber space. Additionally if necessary the cyber space will be used to execute attacks and intelligence operations.
There are many, diverse, operational cyber warfare goals, including thwarting and disrupting enemy projects that attempt to limit operational freedom of both the DF and the State of srael, as well as incorporating cyber warfare activity in completing objectives at all fronts and in every kind of conflict. Moreover, it will be used to maintain srael's quality and advantage over its enemies and prevent their growth and military capabilities, while limiting their operation in this field.
Additional goals defined by the document published by the Operations Department include creation of operational conditions that will assist in fulfilling DF capabilities in combat as well as influence public opinion and raise awareness by advocating in the cyber space.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Overall cyber space will be used to improve the operational effectiveness of the DF, both during war and peace time. This will be done through clandestine activity, while maintaining confidentiality and expertise.
There are no actual operational details here, but the fact that the DF has for the first time officially admitted that it is using cyberspace for offensive purposes is significant.
t is unthinkable that such a report could have been issued (both on the Hebrew and English DF websites) without authorization from the highest military and perhaps also political levels.
n previous on-record briefings and interviews, officers and officials have been prepared only to acknowledge work being done to protect vital computer and communications infrastructure and networks from cyber attacks, never to specify attempts to use those same weapons to disrupt the enemies infrastructure and to collect intelligence.
The timing is especially interesting, as it comes just a week after Flame, the mega-computer worm spying on ranian and other Middle Eastern computer users was revealed. And it comes hot on the heels of the interview last week in which Strategic Affairs Minister Moshe Ya'alon, said (regarding such cyber attacks) that "anyone who sees the ranian threat as a significant threat - it's reasonable that he will take various steps, including these, to harm it and that "srael is blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us.
Ya'alon a few hours later attempted to scale down his remarks tweeting that "plenty of advanced Western countries, with apparent cyber-warfare capabilities, view ran and especially its nuclear program as real threat, but the message got through.
This uncharacteristic sraeli openness coincides with a similar development across the Atlantic, where American officials have also revealed for the first time the level of cooperation with srael in developing and deploying cyber weapons against ran's nuclear program.
Few of the sources in the lengthy New York Times report are named, but for the first time we have reliable details on the way the computer virus known as Stuxnet, was developed and used in a joint U.S.- sraeli operation to sabotage ran's uranium enrichment project. The cooperation between the American National Security Agency and the DF's Military ntelligence Unit 8200, waging electronic war together on ran, is probably the closest the two nations have ever come together in the history of their strategic relations.
The timing of the report by David E. Sanger could be coincidental. After all it is an adapted extract from his book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, which will be published tomorrow in the U.S.
But the confluence of all these events, the emergence of Flame - which has been lurking in ranian computers, unconcealed, for a few years now and may have been revealed intentionally to spook the ranians, Ya'alon's unguarded comments, the DF's report on its cyber warfare doctrine, and now the detailed statements from senior U.S. officials to Sanger, can hardly be a coincidence. t raises a number of key questions:
First, were these revelations part of a coordinated decision between Washington and Jerusalem to momentarily lift the cloak of darkness over their joint cyber efforts? Or are organizations and individuals in ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
either country just trying to grab some of the credit for their own purposes?
Second, if the openness is intentional, who is all this information aimed at? s their purpose to create more pressure on ran, where researchers, officers and ordinary citizens are afraid to use their computers and the leaders have to take into account that further attempts to hide nuclear development are bound to fail? Or is this the Obama Administration trying to convince public opinion in the U.S and srael and of course the Netanyahu government that the intelligence and electronic war on ran is sufficient, and that there is no need for military strikes? And are certain elements in srael's security and political establishment helping the Americans do this?
Third, is this just an aberration or are we going to see in the near future an acceptance by governments that cyber warfare is an accepted extension of diplomacy by other means? And how will ran and other countries targeted in this way respond?
04 Jun 12 Economic Times - India IsraeIi Army Stresses On Cyber Warfare sraeli army has conceded that it is using cyber-warfare to defend the country, an admission which comes close on the heels of an unprecedented "cyber espionage worm" attack on ran's nuclear installations.
"Cyber space is to be handled similarly to other battlefields on ground, at sea, in the air and in space. The DF ( srael Defence Forces) has been engaged in cyber activity consistently and relentlessly, gathering intelligence and defending its own cyber space.
"Additionally if necessary the cyber space will be used to execute attacks and intelligence operations", a statement by the sraeli army released on its website said.
DF Operations Department is said to have recently defined the essence of DF cyber warfare, putting together instructions that define the military's operational methods in cyber space and clarifies its goals in facing potential enemies. "There are many, diverse, operational cyber warfare goals, including thwarting and disrupting enemy projects that attempt to limit operational freedom of both the DF and the State of srael, as well as incorporating cyber warfare activity in completing objectives at all fronts and in every kind of conflict.
"Moreover, it will be used to maintain srael's quality and advantage over its enemies and prevent their growth and military capabilities, while limiting their operation in this field", the report stressed.
Additional goals defined by the document include creation of operational conditions that will assist in fulfilling DF capabilities in combat as well as influence public opinion and raise awareness by advocating in the cyber space.
"Overall cyber space will be used to improve the operational effectiveness of the DF, both during war and peace time. This will be done through clandestine activity, while maintaining confidentiality and expertise", it added.
ranian authorities last week admitted that the malicious software dubbed "Flame" has attacked it computer systems and instructed to run an urgent inspection of all cyber systems in the country. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
ranian experts said that Flame was able to overcome 43 different anti-virus programmes.
nternational media reports had attributed srael as responsible for the stuxnet attack on ran's nuclear cyber infrastructure.
The Jewish state has dubbed Tehran's nuclear programme an existential threat, vowing to foil the same by "all options on the table".
04 Jun 12 Mehr News / Tehran Times Obama Ordered Cyber Attack On Iran: NY Times A cyber attack against ran's nuclear program was the work of U.S. and sraeli experts and proceeded under the secret orders of President Barack Obama, say current and former U.S. officials
The origins of the cyber weapon have long been debated, with most experts concluding that the United States and srael probably collaborated. The current and former U.S. officials confirmed that long- standing suspicion Friday, after a New York Times report.
The officials, speaking on the condition of anonymity to describe the classified effort code-named Olympic Games, said it was first developed during the George W. Bush administration and was geared toward damaging ran's nuclear capability gradually while sowing confusion among ranian scientists about the cause of mishaps at a nuclear plant.
The use of the cyberweapon -- malware designed to infiltrate and damage systems run by computers - - was supposed to make the ranians think that their engineers were incapable of running an enrichment facility.
"The idea was to string it out as long as possible," said one participant in the operation. "f you had wholesale destruction right away, then they generally can figure out what happened, and it doesn't look like incompetence."
Even after software security companies discovered Stuxnet loose on the nternet in 2010, causing concern among U.S. officials, Obama secretly ordered the operation continued and authorized the use of several variations of the computer virus.
The National Security Agency developed the cyber weapon with the help of srael.
As a signatory to the nuclear Non-Proliferation Treaty, ran has legal right to develop nuclear technology for peaceful purposes.
ran has described the cyber-attacks as part of a "terrorist" campaign backed by srael and the United States.
White House spokesman Josh Earnest declined comment on the substance of the New York Times article, but denied "in the strongest possible terms" that it was an authorized leak of classified information.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
04 Jun 12 Ars Technica "FIame" MaIware Was Signed By Rogue Microsoft Certificate Emergency Windows update nukes credentials minted by Terminal Services bug.
Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in ran and other Middle Eastern Countries.
(U) Microsoft has pushed out a new patch for Windows. (Ars Technica, 04 Jun 12)
The compromise exploited weaknesses in Terminal Server, a service many enterprises use to provide remote access to end-user computers. By targeting an undisclosed encryption algorithm Microsoft used to issue licenses for the service, attackers were able to create rogue intermediate certificate authorities that contained the imprimatur of Microsoft's own root authority certificatean extremely sensitive cryptographic seal. Rogue intermediate certificate authorities that contained the stamp were then able to trick administrators and end users into trusting various Flame components by falsely certifying they were produced by Microsoft.
"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft," Microsoft Security Response Center Senior Director Mike Reavey wrote in a blog post published Sunday night. "We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft."
The exploit, which abused a series of intermediate authorities that were ultimately signed by Microsoft's ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
root authority, is the latest coup for Flame, a highly sophisticated piece of espionage malware that came to light last Monday. Flame's 20-megabyte size, it's extensive menu of sophisticated spying capabilities, and its focus on computers in ran have led researchers from Kaspersky Lab, Symantec, and other security firms to conclude it was sponsored by a wealthy nation-state. Microsoft's disclosure follows Friday's revelation that the George W. Bush and Obama administrations developed and deployed Stuxnet, the highly advanced software used to set back the ranian nuclear program by sabotaging uranium centrifuges at ran's Natanz refining facility.
The emergency update released by Microsoft blacklists three intermediate certificate authorities tied to Microsoft's root authority. All versions of Windows that have not applied the new patch can be tricked by the Flame attackers into displaying cryptographically generated assurances that the malicious wares were produced by Microsoft.
Microsoft engineers have also stopped issuing certificates that can be used for code signing with the Terminal Services activation and licensing process. The ability of the licensing mechanism to sign untrusted code that linked Microsoft's root authority is a mistake of breathtaking proportions. None of Microsoft's Sunday night blog posts explained why such design was ever allowed to be put in place. A description of the Terminal Services License Server Activation refers to a "limited-use digital certificate that validates server ownership and identity." Based on Microsoft's description of the attack, it would appear the capabilities of these certificates weren't as limited as company engineers had intended.
"This is a pretty big goof," Marsh Ray, a software developer for two-factor authentication company PhoneFactor, told Ars. " don't think anyone realized that this enabled the sub CA that was present on the licensing server to have the full authority of the trusted root CA itself."
Microsoft's mention of an older cryptography algorithm that could be exploited and used to sign code as if it originated from Microsoft evoked memories of an attack from 2008 to mint a rogue certificate authority that could be trusted by all major browsers. The attack in part relied on weaknesses in the MD5 cryptographic hash function that made it susceptible to "collisions," in which two or more different plaintext messages generated the same cryptographic hash. By unleashing 200 PlayStation 3 game consoles to essentially find a collision, the attackers could become a certificate authority that could spawn SSL (secure sockets layer) credentials trusted by major browsers and operating systems.
Based on the language in Microsoft's blog posts, it's impossible to rule out the possibility that at least one of the certificates revoked in the update was also created using MD5 weaknesses. ndeed, two of the underlying credentials used MD5, while the third used the more advanced SHA-1 algorithm. n a Frequently Asked Questions section of Microsoft Security Advisory (2718704), Microsoft's security team also said: "During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers." The advisory didn't elaborate.
t's also unclear if those with control of one of the rogue Microsoft certificates could sign Windows software updates. Such a feat would allow attackers with control over a victim network to hijack Microsoft's update mechanism by using the credentials to pass off their malicious wares as official patches. Microsoft representatives didn't respond to an e-mail seeking comment on that possibility. This article will be updated if an answer arrives later.
Two of the rogue certificates were chained to a Microsoft Enforced Licensing ntermediate PCA. A third was chained to a Microsoft Enforced Licensing Registration Authority CA, and ultimately to the company's ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
root authority. n addition to potential exploits from the actors behind Flame, unrelated attackers could also use the certificates to apply Microsoft's signature to malicious pieces of software.
A third Microsoft advisory pointed out that Flame so far has been found only on the machines of highly targeted victims, so the "vast majority of customers are not at risk."
"That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks," Jonathan Ness, of Microsoft's Security Response Center, continued. "Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers."
04 Jun 12 Trend Az IT OfficiaI: 30 Countries Ask Iran For HeIp To Combat 'FIame' ran says 30 countries have asked it for help in fighting Flame, a computer programme designed to steal data.
Australia, the Netherlands, ndia and Malaysia are among the countries that have contacted ran's Maher Centre to ask for the anti-virus programme that detects and destroys Flame, Fars news agency reports.
The Maher Centre (Maher means 'expert' in Persian) is part of the nformation Technology Company (TC).
The TC discovered Flame over a month ago and has been working on an anti-virus programme since then said Esmail Radkani the organisation's deputy director.
"Detecting and writing a programme to wipe out Flame was especially complex," said Mr. Radkani.
Flame is the third programme to have targeted ran for the purpose of gathering information, or attacking a specific system.
n 2010, ran's industrial and nuclear computer systems were attacked by the Stuxnet worm. The worm was a malware designed to infect computers using Siemens Supervisory Control and Data Acquisition (SCADA), a control system favoured by industries that manage water supplies, oil rigs and power plants.
Stuxnet was followed by Duqu, a virus designed to gather data for future cyber-attacks. ran announced the discovery of Duqu in November 2011.
Flame seems to have been created with the express purpose of gathering information. Experts believe it could have been running for as long as five years before it was discovered.
04 Jun 12 IT Business Microsoft Issues Update To Protect Businesses From FIame MaIware The software giant is advising businesses to install the update so they won't be infected with the Flame ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
malware that targeted computers in Iran.
Microsoft issues update to protect businesses from Flame malware Businesses should install a Microsoft security update to avoid being duped by exploited certificates that were used as part of the Flame malware attack against targeted ranian computer networks. The update fixes a vulnerability in Microsoft's Terminal Server Licensing Service that allowed signing of software with certificates as if it were code originating from Microsoft, the company said in a blog post.
The post, written by Mike Reavey, the senior director of Microsoft Trustworthy Computing, says an older cryptography algorithm proved exploitable and could be used to sign malicious code to certify that it came from Microsoft.
Terminal Services Licensing Service provided certificates that were permitted to sign code as if it came from Microsoft, the blog says. The certificates were intended to authorize Remote Desktop services securely.
The company issued a security advisory about how to correct the problem, and recommends that customers apply the update using update management software or Microsoft Update service.
"The update revokes the trust of the following intermediate [certificate authority] certificates: Microsoft Enforced Licensing ntermediate PCA (2 certificates), Microsoft Enforced Licensing Registration Authority CA (SHA1)," the advisory says.
An intermediate CA is a certificate authority that doesn't have the trust of the device it is connecting to, but it does have the trust of a root CA that the device does trust. Chains of intermediate CAs can lead back to a trusted root CA, and devices attempt to follow those chains to establish authenticity of certificates.
Weaknesses in this chain-of-trust system have were exploited repeatedly last year against SSL certificates used by browsers to authenticate websites. This led to repeated calls for a new authentication system.
04 Jun 12 Fars News Report: US, IsraeI Using AII CapabiIities In Cyber War On Iran Unclassified
The United States and srael have mobilized all their capabilities and best hi-tech centers in a cyber war ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
against ran, reports said.
The US is pursuing a wide-ranging, high-tech campaign against ran's nuclear program that includes the cybersabotage project known as Stuxnet, which was developed by the Central ntelligence Agency in conjunction with daho National Laboratory, the sraeli government, and other US agencies, according to people familiar with the efforts.
"t's part of a larger campaign," said a former US official familiar with the efforts. "t's a preferable alternative to airstrikes."
Through the administrations of President Barack Obama and his predecessor, George W. Bush, the US has pursued a cyber campaign, code-named "Olympic Games," to attack the ranian program, former US officials said.
The existence of Stuxnet and the presumption of US and sraeli involvement have been widely reported, even though US officials have never confirmed the government's role. The code name and scope of the project and other details of the effort were reported on Friday by the New York Times in an adaptation from a coming book.
n 2010, it was the United States who launched Stuxnet, a seek-and-destroy cyber missile against ran's nuclear infrastructure, according to the report. The virus was, in fact, created jointly by the United States and srael, it said.
n his first months in office, Obama covertly ordered sophisticated attacks on the computers that ran ran's nuclear facilities, upping US use of cyber weaponry in a sustained attack, the newspaper said.
But after a programming error, the worm whooshed around the world on the nternet.
The paper said the US continued using the worm although it knew that the malware would damage centers and facilities around the globe.
"Should we shut this thing down?" Obama asked members of his national security team who were in the room told the paper.
Only recently has the US government acknowledged developing cyber-weapons.
Now efforts are underway to decipher the origins of another malicious program experts believe is part of government-sponsored cyber warfare and intelligence gathering. Again, ran is the target, said the report.
As the Los Angeles Times' Sergei L. Loiko wrote earlier this week, computer virus experts at Russia's Kaspersky Lab came across this malware while searching for a villain dubbed the Wiper.
"We entered a dark room in search of something and came out with something else in our hands, something different, something huge and sinister," Vitaly Kamlyuk, a senior antivirus expert at Kaspersky Lab, said in an interview.
Flame, as it's called, can copy and steal data and audio files, turn on a computer microphone and record all the sounds nearby, take screen shots, read documents and emails, and capture passwords and logins. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
The program can communicate with other computers in its vicinity through the infected computer's Bluetooth and locate them even without an nternet connection, Kamlyuk said. "Many people still think that cyber warfare is a myth and a fantasy, but as we reassemble and study one by one the numerous components and modules of this unique program we see that it is a real weapon of this undeclared war that is already going on."
04 Jun 12 Fars News Leader's MiIitary Aide Warns US Of Iran's Tough Response To MiIitary Attack A top military advisor of the ranian Supreme Leader warned the US and srael to avoid military moves against ran, cautioning that any aggression against the country would be reciprocated with a crushing blow to vulnerable enemy targets.
Major General Yahya Rahim Safavi warned that in case of a military attack, ran would strike back at its enemies with equal force and with reciprocal levels of damage.
"We don't have direct access to the US territory, but Americans have a number of bases and interests in the region. Americans have more than 20 bases and 100,000 forces in the region, they can all be threatened by ran, and Americans know it very well," Rahim Safavi told FNA.
He further reiterated that the US forces in the Middle East "are very vulnerable".
Safavi, a former commander of ran's slamic Revolutionary Guards Corps (RGC), said that in the case of a military strike against ran by srael, ran's reprisal would be even harsher.
"We don't have any limitations...and our long-range missiles can confront srael effectively. There is no place in srael that is not within the range of our missiles," Safavi said.
He also said that if srael launched strikes against ran, in the first two weeks, 1 million Jews would flee from srael.
However, Major General Safavi said that he believed ran does not face a "significant military threat" in the current year. He said that the economic situation in the United States and srael was the reason why those countries wouldn't start a new war in the region. f the United States and srael did launch a war, Safavi said that its end would not be under their control but in the hands of the slamic Republic.
Safavi also accused ran's "enemies" of trying to promote the idea that the country is under the threat of an imminent military attack.
n March, the Supreme Leader said that in the face of aggression ran would retaliate on the same level. Khamenei also said that ran did not have nuclear weapons and had no intention of producing them.
Safavi praised the Supreme Leader for what he described as his "brilliant" fatwas against nuclear and chemical weapons, in which he declared weapons of mass destruction "haram" (religiously banned).
On Sunday, the Supreme Leader also warned the US and srael against military action against ran, and ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
said enemies' threats to ran indicate that they are deeply fearful of the country's power.
Addressing tens of thousands of people who had gathered at mam Khomeini's mausoleum to mark the 23rd anniversary of the demise of the Late founder of the slamic Republic, Ayatollah Khamenei said that the Zionist regime's military threats against ran are due to its fear and frustration.
"The leaders of the Zionist regime are well aware that they are more vulnerable today than any other time and that every misstep and every inappropriate move will strike them like a thunderbolt."
The Supreme Leader of the slamic Revolution referred to the conditions of the West and America, and added, "Today because of their economic, financial and social problems, western governments are helpless against their own people and they are just trying to maintain appearances."
Ayatollah Khamenei said that the collapse of certain allies of America in Europe and the increasing hatred of nations towards America show that there is a serious crisis in the West.
He reiterated that America is trying to divert attention towards Asia, Africa and the Middle East region by creating conflicts.
"Today the Americans have turned to the experience and expertise of the British in creating religious and ethnic conflicts. For this reason, all nations, all religious scholars and all academic elites in the region - both Shiite and Sunni - should take care not to contribute to the enemy's plots."
The Supreme Leader of the slamic Revolution described the actions of the West and the Americans as dim-witted and stressed, "n order to cover up their problems and divert attention from the crisis they are involved in, they magnify the nuclear issue of ran and put it at the top of global issues and they deceitfully speak about nuclear weapons."
Ayatollah Khamenei said that the efforts by the West and America will not produce any results.
His Eminence said that the enemies of the slamic Revolution are afraid of the ranian nation because it has made progress and turned into a role model for the nations of the region and the world.
"The efforts made by the political communities of the world to magnify the threat posed by a nuclear ran are based on nothing but a lie because they are afraid of an slamic ran, not a nuclear ran."
Ayatollah Khamenei stressed that the ranian nation has shaken the foundations of the arrogant powers by proving that it is possible to achieve progress without relying on America and other global powers.
"America and other global powers are trying to convince nations and political elite that progress is impossible without America's support, but the ranian nation has proven the opposite and this is a great lesson for the nations of the world."
03 Jun 12 Press TV LegaI Action Must Be Taken Against US Over Cyber Attacks: AnaIyst By Hassan Beheshtipour about the author: a researcher, documentary producer, and a frequent ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
contributor to Press TV, Hassan Beheshtipour was born on June 22, 1961 in the Iranian capital. He received his BA in Trade Economics from the prestigious Tehran University. His research topics span from US and Russian foreign policy to the Ukrainian Orange Revolution. The Iranian analyst is currently busy with research on the 1979 US embassy takeover in Tehran.
Unclassified
t seems that in addition to defending itself against this undeclared cyberwar which targets its national interests, ran must launch such initiatives as filing a lawsuit with international legal authorities on the US cyberwar against ran. Of course, due to the nature of the "cyberwar, international laws on this phenomenon are not clear-cut yet. However, since this is the United States' first experience in foreign cyberwar, as admitted by the New York Times, it can also be ran's first experience in using legal defense against the US "cyber-aggression.
Hassan Beheshtipour n an article published on Friday June 1, 2012, The New York Times revealed that in the first months of his presidency, US President Barack Obama had secretly ordered a cyber attack with the Stuxnet virus against ran.
This important and revealing report was based on an 18-month research which included interviews with former and current US, European, and sraeli officials and selection from the book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, by David Sanger. The book is due to be published on Tuesday, June 5.
This report, contrary to similar contents that are mostly based on scenarios devised by the US intelligence and security apparatuses, is worth a comprehensive analysis, because for the first time, this "investigative report reveals that the cyber operation began in the era of the former US President George W. Bush under the codename "Olympic Games. This operation, that was designed using destructive codes with sraeli cooperation, is in fact the first sustained US cyber attack against another country.
n this respect, it is just like the 1953 coup d'tat launched by the US Central ntelligence Agency (CA). t, too, was the agency's first overseas endeavor which led to the overthrow of the government of the ranian Prime Minister Mohammad Mosaddeq and the imposition of the dependant rule of Mohammad Reza Shah on the ranian nation.
The only difference being that at the time Britain's M6, which had seen its interests compromised as a result of the nationalization of the ranian oil, was complicit with the CA in the plot. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Background:
According to Western sources, the destructive Stuxnet virus was created by the US and srael and had infiltrated ran's cyber network in 2010 with the cooperation of Germany's Siemens company. ranian officials said they had managed to prevent it from successfully completing its mission. n 2011, it was also reported that the US had created the data-thieving Duqu virus to steal intelligence from ran's vital industrial and oil and gas energy infrastructure.
On May 28, Kaspersky Lab security senior researcher Roel Schouwenberg told Reuters that a data- stealing virus, called Flame, had been discovered. He said the virus had contaminated thousands of computers in the Middle East.
This worm, he added, was part of the cyber war that has been waged in the region, but it was not clear who had created the virus.
Kaspersky Lab discovered Flame while investigating reports that a virus dubbed Wiper had attacked computers in ran.
According to Schouwenberg, Flame contains about 20 times as much code as Stuxnet and about 100 times as much code as a typical virus designed to steal financial information.
Analysis :
To fully grasp the importance of The New York Times article, it is necessary to take a look at the comments of Senator John McCain, the 2008 Republican presidential candidate. While McCain, along with the US Defense Secretary Leon Panetta, was on a visit to Singapore he told the reporters:
"Again we see these leaks to the media about ongoing operations, which is incredibly disturbing. Doesn't this give some benefit to our adversaries?... We know the leaks have to come from the administration. And so we're at the point where perhaps we need an investigation.
t is clear that Mr. McCain is criticizing Obama who resorts to any means to win the election and even discloses his country's secrets in order to get people's votes. t seems that Obama helps the leak of such news in order to prove that his plans against ran have not been a total failure. While helping the leak of US secret policies, Obama knows what he is doing, but McCain apparently ignores that confirming the New York Times report by him clearly proves that the US government, both under Republicans and Democrats, spares no effort to achieve its expansionist goals.
By taking this position, Mr. McCain indirectly confirms the New York Times report to prove that the United States and srael act in unison to control ran's peaceful nuclear energy program. Therefore, recent claims about differences between Washington and Tel Aviv are a tactic to distract the world's public opinion from US and srael's triple strategy against ran.
According to that triple strategy, the US, firstly, uses all its power to impose maximum sanctions beyond the scope of UN resolutions against ran. Secondly, it employs all software possibilities to attack ran's facilities and technology at all levels, including scientific and research centers in addition to oil, gas and nuclear energy production centers. Thirdly, it will insist on continuation of negotiations with ran in order to show, for propaganda purposes, that Washington advocates peaceful solutions. Such paradoxical ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
treatment creates practical conditions under which the world public opinion will be at loss for correct understanding of US policies.
Explaining contradictory behavior of the US is only possible if US and srael's policies, goals and plans with regard to ran have been carefully followed in the past 10 years in order to reveal the contradictory nature of those policies, not only in words, but also in action.
Conclusion
t seems that in addition to defending itself against this undeclared cyber war which targets its national interests, ran must launch such initiatives as filing a lawsuit with international legal authorities on the US cyberwar against ran. Of course, due to the nature of the "cyberwar, international laws on this phenomenon are not clear-cut yet. However, since this is the United States' first experience in foreign cyberwar, as admitted by the New York Times, it can also be ran's first experience in using legal defense against the US "cyber-aggression. Some ranian officials have already proposed this, but the issue was not seriously followed by the ranian Foreign Ministry.
All available evidence attest to the US and srael's "cyber-aggression against legitimate right of the ranian nation to peaceful technologies in all areas, including production of nuclear energy. Therefore, there is no justification for not pursuing such a lawsuit with international bodies at a time that bullying powers imagine that they can give legitimacy to any act of aggression under the cover of peace-seeking.
03 Jun 12 JerusaIem Post IDF Admits To Using Cyber Space To Attack Enemies Military reveals for first time that it uses cyber space to gather intelligence, conduct military operations.
The DF uses cyberspace to gather intelligence, attack enemies and conduct various military operations, the military revealed on Sunday in a posting on its official website.
The rare announcement was the first time the DF officially admitted it engages in cyberwarfare for offensive purposes. t also came a week after a new virus was discovered to have attacked
The DF's Operations Directorate recently drafted a document defining the purpose and use of cyberwarfare for the sraeli military.
According to the document, cyberspace is viewed by the army as another battlefield like land, sea and airspace.
"Professionally speaking, the DF is fighting consistently and relentlessly in cyberspace, is collecting intelligence and protecting the DF networks as well, the army posting said. "When needed, cyberspace is also used to execute attacks and other information operations.
The DF said that the purpose of operations in cyberspace included " thwarting initiatives by srael's enemies to undermine the DF's and srael's operational freedom in a wide variety of conflicts. The timing of the publication of this information is interesting, as it comes just a week after the Flame virus was discovered to have infected a significant number of computers in ran. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Flame effectively turns every computer it infects into the ultimate spy. t can turn on PC microphones to record conversations occurring near computers, take screenshots, log instant message chats, gather data files and remotely change settings.
The day it was discovered, Strategic Affairs Minister Moshe Ya'alon fueled speculation of sraeli involvement in developing Flame by praising sraeli technological prowess in response to a radio interview on the issue.
srael, he said, was blessed with superior technology: "These achievements of ours open all kinds of possibilities for us, he said.
Military ntelligence Unit 8200 the equivalent of the US National Security Agency and already the supervisor of signal intelligence, eavesdropping on the enemy and code decryption is responsible for the DF's offensive cyber capabilities. Defending military networks is under the supervision of the C4 Directorate.
The branches work closely together and rely heavily on each other's input and experience.
The C4 Directorate, for example, receives intelligence on enemy cyber capabilities from military intelligence, and Unit 8200 looks to the directorate for technical guidance.
The C4 Directorate also recently established a cyber war room in the Kirya military headquarters where officers can keep an eye on the army's various networks. Currently, the directorate is developing a new command- and-control system that will enable it to oversee all of the main networks at once without needing to look at each one individually.
03 Jun 12 The Nation - Pakistan US Senator Accuses Obama US Senator John McCain on Saturday accused President Barack Obama's administration of leaking details of a reported cyber attack on ran and other secret operations to bolster the president's image in an election year. "Again we see these leaks to the media about ongoing operations, which is incredibly disturbing. Doesn't this give some benefit to our adversaries?
McCain told reporters in Singapore, where he was attending a summit on Asian security. McCain, who was defeated by Obama in the 2008 presidential election, said there had been ill-advised leaks previously that revealed details of the US raid last year that killed Al-Qaeda leader Osama bin Laden and other operations.
"We know the leaks have to come from the administration. And so we're at the point where perhaps we need an investigation, said McCain, the most senior Republican on the Senate Armed Services Committee.
"So this is kind of a pattern in order to hype the national security credentials of the president and every administration does it. But think this administration has taken it to a new level.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
The New York Times reported Friday that Obama accelerated cyberattacks on ran's nuclear program using the Stuxnet virus, and expanded the assault even after the virus accidentally made its way onto the nternet in 2010.
02 Jun 12 GuIf Times - Qatar Iran Vows 'Proportionate' Response To Any Strike ran will respond to any sraeli or US attack against its nuclear sites with a "proportionate" reaction, the military adviser to the country's supreme leader Ali Khamenei said on Saturday.
General Yahya Rahim Safavi, quoted by Fars news agency, said however that such an attack was unlikely.
Despite warnings from Washington and srael that "all options are on the table" if negotiations between ran and major powers on Tehran's controversial nuclear programme fail, conditions do not favour an assault, he said.
"They may be able start one but they can not end it and it remains in ran's hands," the general said.
"The domestic political, economic and social conditions in America and the Zionist regime are not such as to have a new war in the region," he said.
US President Barack "Obama wants to get re-elected (in November) ... the cabinet of Mr (sraeli prime minister Benjamin) Netanyahu is a fragile one," he said.
However, in case of an attack, "we will act against their military operation smartly, proportional to any damage that they inflict on us ... meaning we will hurt them as much as they hurt us."
Rahim Safavi warned that the whole of srael was within range of the missiles of Hezbollah, ran's Shiite militia allies in Lebanon, and that US forces in the region were vulnerable.
"They have thousands of missiles ... (Hezbollah chief) Hassan Nasrallah is a soldier of the supreme leader ... All places in the Zionist entity are within missile range," he said.
And "the 20 American bases and more than 100,000 soldiers in the region all face ranian danger ... The Americans know full well that all of their 60 warships in the Persian Gulf and Sea (Gulf) of Oman are vulnerable," the general added.
02 Jun 12 Reuters Cyber-Attacks "Bought Us Time" On Iran - U.S. Sources The United States under former President George W. Bush began building a complex cyber-weapon to try to prevent Tehran from completing suspected nuclear weapons work without resorting to risky military strikes against ranian facilities, current and former U.S. officials familiar with the program said.
Barack Obama accelerated the efforts after succeeding Bush in 2009, according to the sources who ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
spoke on condition of anonymity because of the classified nature of the effort. The weapon, called Stuxnet, was eventually used against ran's main uranium enrichment facilities.
The effort was intended to bridge the time of uncertainty between U.S. administrations after the 2008 presidential election in which Obama was elected, and allow more time for sanctions and diplomacy to avert ranian nuclear weapon development, according to the current and former officials.
The sources gave rare insight into the U.S. development of its cyber-warfare capabilities and the intent behind it.
One source familiar with the Bush administration's initial work on Stuxnet said it had stalled ran's nuclear program by about five years.
"t bought us time. First, it was to get across from one administration to the next without having the issue blow up. And then it was to give Obama a little more time to come up with alternatives, through the sanctions, et cetera," said the source.
Only in recent months have U.S. officials become more open about the work of the United States and srael on Stuxnet, the sophisticated cyber-weapon directed against ran's Natanz nuclear enrichment facility that was first detected in 2010.
The cyber-attacks provided the United States with an avenue to try to stop ran from producing a suspected weapon without turning to military strikes against ranian facilities - all at a time when U.S. forces already were fighting wars in raq and Afghanistan, the sources said.
n the end, senior U.S. officials agreed the benefit of stalling ran's nuclear program was greater than the risks of the virus being harnessed by other countries or terrorist groups to attack U.S. facilities, one source said.
HUNDREDS OF MLLONS OF DOLLARS
Two sources with direct knowledge of the U.S. program said it cost hundreds of millions of dollars to carry out.
The United States for years has been developing - and using - offensive cyber-capabilities to interfere with the computers of adversaries, including during the Battle of Falluja in raq in 2004 and in finding Osama bin Laden and other al Qaeda figures, the sources said.
Last year, the United States also explicitly stated for the first time that it reserved the right to retaliate with military force against a cyber-attack.
The New York Times reported on Friday that from his first months in office, Obama secretly ordered attacks of growing sophistication on the computer systems running the main ranian nuclear enrichment facilities, greatly widening the first sustained U.S. use of cyber-weapons. The Times said the attacks were code-named Olympic Games.
White House spokesman Josh Earnest declined comment on the substance of the New York Times article, but denied "in the strongest possible terms" that it was an authorized leak of classified information. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Obama is seeking re-election on November 6 in part on the strength of his foreign policy achievements.
Reuters reported on May 29 that the United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the Flame computer virus that was recently discovered in ran and other parts of the Middle East.
Stuxnet is one of many weapons in the U.S. cyber-arsenal, which some experts say also includes a data- gathering tool known as Duqu that was deployed to cull information about ran's weapons programs.
ranian officials have described the cyber-attacks as part of a "terrorist" campaign backed by srael and the United States.
Some current and former U.S. officials, who asked not to be named, criticized the Obama administration for talking too freely to the media about classified operations.
Representative Peter King, the Republican chairman of the House of Representatives Committee on Homeland Security, said, " believe that no one, including the White House, should be discussing cyber- attacks."
"The U.S. will now be blamed for any sophisticated, malicious software, even if it was the Chinese or just criminals," added Jason Healey, who has worked on cyber-security for the Air Force, White House and Goldman Sachs, and is now with the Atlantic Council research group.
02 Jun 12 IRIB Obama Govt. Leaked DetaiIs Of Anti-Iran Operation: Mccain Unclassified
US Senator John McCain has accused the White House of leaking details of a cyber attack and other secret operations against ran in order to increase his chances in the upcoming elections.
"Again we see these leaks to the media about ongoing operations, which is incredibly disturbing. Doesn't this give some benefit to our adversaries?" McCain told reporters in Singapore on Saturday.
The New York Times reported on Friday that Obama secretly ordered a cyber attack with the Stuxnet computer virus against ran to sabotage the country's nuclear energy program "from his first months in ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
office.
"Mr. Obama decided to accelerate the attacks - begun in the Bush administration and code-named Olympic Games - even after an element of the program accidentally became public in the summer of 2010 because of a programming error, the report added.
"We know the leaks have to come from the administration. And so we're at the point where perhaps we need an investigation," said McCain, who was defeated by Obama in the 2008 presidential election.
"So this is kind of a pattern in order to hype the national security credentials of the president and every administration does it. But think this administration has taken it to a new level.
n July 2010, media reports claimed that Stuxnet had targeted industrial computers around the globe, with ran being the main target of the attack. They said the country's Bushehr nuclear power plant was at the center of the cyber attack.
However, ranian experts detected the virus in time, averting any damage to the country's industrial sites and resources.
02 Jun 12 GuIf News US, Iran Dig In For Long Cyber War The United States and ran are locked in a long-running cyber war that appears to be escalating amid a stalemate over Tehran's disputed nuclear programme.
The Flame virus that surfaced recently may be part of the face-off, but Washington probably has more sophisticated tools at its disposal, security specialists say.
"Large nations with large spy agencies have been using these kinds of techniques for more than a decade, said James Lewis, a senior fellow who monitors technology at the Centre for Strategic and nternational Studies in Washington.
Lewis said cyber espionage is "not a weapon but can be "very effective as an intelligence tool and can avoid some of the problems with traditional surveillance such as spy planes.
"f you have to choose between this and a pilot being paraded through the streets of Tehran, this is much preferable, he said.
But Lewis noted that the Flame virus is more primitive than one would expect from US intelligence services.
" hope it wasn't the US that developed it because it isn't very sophisticated, he told AFP.
He said srael has quite advanced capabilities as well, and that this probably means Flame was developed in a "second-tier country.
Some analysts, however, consider Flame to be highly sophisticated. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
The nternational Telecommunications Union said the virus is "a lot more complex than any other cyber- threat ever seen before.
Rough version
Johannes Ullrich, a computer security specialist with the SANS Technology nstitute, said Flame is a rather "clumsy tool compared to other types of malware, but that it may be a rough version or prototype which can be wrapped into a "more polished version.
"The technical part isn't that great, and think it has been a bit hyped in some of the reports, Ullrich said.
Exactly where the malware came from is impossible to know from the code, Ullrich said.
"t doesn't look like one single individual, he said. "Whether it is a government or some criminal group, it's hard to tell.
Marcus Sachs, former director of the SANS nstitute's nternet Storm Centre, said Flame "could be written by virtually anybody but it looks similar to targeted espionage from a country.
Sachs said Flame is not a sabotage tool like the Stuxnet virus that targeted control systems in ran, but instead resembles spyware seeking "to gain intellectual property, but it could be surveillance by a foreign government.
Neither the US nor the sraeli government has openly acknowledged authoring Flame, though a top sraeli minister said use of the software to counter ran's nuclear plans would be "reasonable.
The US military has acknowledged working on both defensive and offensive cyber war systems.
The Pentagon's Defence Advanced Research Projects Agency (Darpa) has revealed few details about its "Plan X, which it calls a "foundational cyber warfare programme that draws on expertise in the academe, industry and the gaming community.
But a Darpa statement said the programme is "about building the platform needed for an effective cyber offensive capability. t is not developing cyber offensive effects.
Sachs said the US has been open about developing its cyber capabilities and that Darpa, which created the internet, is looking at longer-term projects that may involve technologies not yet deployed. On the surface, it might be harder for the US to maintain superiority in cyberspace as it does in the skies, for example, because the costs for computer programming is far less than for fighter planes.
But experts say the US is investing in cyberspace through Darpa and other projects.
Still, Sachs said measuring the capabilities of another country are not as easy as counting missile silos.
"There's no way to measure what a country has, he said.
The New York Times reported that President Barack Obama secretly ordered cyber warfare against ran ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
to be ramped up in 2010 after details leaked out about Stuxnet, which some say came from the US, srael or both.
Capability boost
lan Berman, an analyst at of the American Foreign Policy Council who follows ran, said that with cyber war simmering, Tehran is boosting its defensive and offensive capabilities.
"They feel like there is a campaign against them and they are mobilising in response, he said.
And the US should therefore be prepared for cyber retaliation from ran.
" think a cyber attack by ran may not be as robust [as one from China or Russia], but politically it's more likely, he said.
Lewis said the US and ran have been engaged in struggles for the past decade, due to the nuclear issue and suspected ran involvement with certain forces in raq while US forces were deployed there.
But he said Flame and other cyber weapons are "not really warfare, it's primarily intelligence collection.
Lewis said he was not surprised that the discovery of the virus came from a Russian security firm, Kaspersky, which worked with the TU.
"Flame is a way to drive Russia's diplomatic agenda, which includes bringing the internet under UN control, Lewis said.
01 Jun 12 Haaretz The FIame Cyber Attack: How One Worm Changed The Discourse On An Iran Strike The revelation that a new malware virus has been targeting Iran's nuclear program has led to speculation about Israel's involvement.
Retired generals, including some who had only the most tenuous connection to cyber warfare during their service, stepped in front of media microphones this week to scatter hints about the Flame virus that attacked computers in ran and Arab countries in the Middle East. This is the third such documented attack in the past two years, all apparently aimed at the nuclear project of the ayatollahs' regime. The sophistication of the assault, the widespread conjecture (which was not officially confirmed, of course) about the involvement of Jewish genius in its development, and the ostensible proof that the ranian nuclear threat can, after all, be removed without recourse to dangerous aerial bombing - all this focused international interest on the latest computer bug.
n fact, this is old news which has probably been known for some time to those who are engaged in this realm or are following its developments close-up. Reporting Monday about Flame, Russia's Kaspersky Lab, which deals in information security, was talking about a virus that was developed early in 2010. n September of that year, the Stuxnet malware virus caused considerable damage to computers used in connection with ran's nuclear project.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Stuxnet, which according to a New York Times investigative report was a joint American-sraeli development, was an offensive tool. For his part, ranian President Mahmoud Ahmadinejad admitted the worm had caused damage to his country's centrifuges, though he tried to downplay its importance. This time around, at least according to the report from Russia, the goal of the Flame virus was espionage, not interdiction: t is a means for extracting information from classified computers.
Somewhat perturbed
Former chief of staff Gabi Ashkenazi said Wednesday that the international strategy against ran should be based on three elements: a secret campaign, supported by economic and diplomatic sanctions, and with "the option of the use of credible and available military force hovering above everything." The secret campaign, he added laconically, "buys time, no more than that."
This balance between clandestine sabotage, sanctions and a military assault - and by implication also the situation of fierce tension between srael's senior political officials and some former top figures in the defense establishment - was the theme of the ran discussion held on Wednesday at the annual conference of the nstitute for National Security Studies at Tel Aviv University.
Prime Minister Benjamin Netanyahu made fewer references to the Holocaust and issued fewer warnings this time around. t was Defense Minister Ehud Barak who, with obvious relish, assumed the task of taking on the former defense luminaries.
Barak returned from a mid-May visit to Washington somewhat perturbed. The sraeli military attache to the United States, Maj. Gen. Gadi Shamni, told the defense minister that, against the backdrop of the resumption of the talks between ran and the six world powers (the P5 +1), the assessment in the American capital was that the danger of an sraeli attack on ran before the November elections had passed.
Barak immediately set out to correct this impression. "Gen. Shamni told me that an atmosphere of calm now prevails here," he told his hosts. " want to make it clear: Our position has not changed one iota, not in regard to the talks and not in regard to the implications of the ranian project."
Barak's presentation at the Tel Aviv conference on Wednesday was apparently intended to uphold the viability of the sraeli military threat, though he went about it in a somewhat complex manner. On the one hand, the minister sounded more committed than ever to the need to remove the nuclear threat - by military means if necessary. On the other, he seemed to be a little less clear about the timing of an attack. Publicly, Barak is not talking about 2012 as the year for a decision (in closed forums he explains that he does not want to provide the ranians with advance information about srael's timetable). Some six months ago, in an interview on CNN, Barak warned that ran was liable to complete its nuclear consolidation in a "zone of immunity" to an sraeli attack. "t's true that it won't take three years, probably three-quarters [of a year]," he said. At present, he is not going into that level of detail.
Absent this week was the outspoken personal dimension of discourse. For instance, former Shin Bet security service head Yuval Diskin, who recently described Netanyahu and Barak as "messianic," did not speak at the NSS gathering. His friend, former Mossad chief Meir Dagan, showed restraint. Even when Barak stated that the ranian threat does not allow anyone to sleep well, Dagan did not seize the opportunity to point out that he is not sleeping well precisely because Netanyahu and Barak are making the decisions. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
The director of NSS, Maj. Gen. (ret.) Amos Yadlin, who was the director of Military ntelligence until about a year and a half ago, is cautious when talking about ran. t's clear he has some reservations about the official line being taken by Netanyahu and Barak, but also that he is worried (far more than his colleagues Dagan and Diskin ) that public criticism on his part could be detrimental to the sraeli effort to establish a substantial threat in regard to an attack on ran.
n his talk, Yadlin presented conclusions that were drawn up by the institute's staff. They are against "containing" the threat; warn that life in the shadow of an ranian bomb will be far more complex than that during the Cold War; and are less concerned about the likely consequences that an attack on ran will have for the sraeli home front, if srael strikes first.
At the same time, the NSS staff warns that an attack on ran is not a one-off event, and that afterward "it is essential to ensure that the leading forces in the international community will be ready to mobilize for continued obstruction of ran." The staff maintains that it is critical to "create legitimization" for measures taken against ran - a posture shared by both Dagan and Ashkenazi in their remarks at the conference. Barak also gave priority to preserving an international coalition, but argued that in the end srael will be solely responsible for its own security and future.
At the present juncture, ahead of another round of P5 +1 talks with ran in Moscow in mid-June, and with severe sanctions scheduled to take effect at the beginning of July, Yadlin's last point appears to be of overriding importance: f it is agreed that the campaign against ran is an ongoing one, which will not end with a military attack but will require a significant international follow-up - srael will find it very difficult to ensure this if it decides to attack before the November elections, in explicit contradiction to the desire of the Obama administration.
The Syrian debacle
n his remarks this week, Ehud Barak drew an analogy between the future handling of ran and the world's attitude toward the massacres in Syria. President Bashar Assad lost no sleep over the withdrawal of the Western ambassadors from Syria, Barak said. The defense minister agreed with what Zvi Bar'el wrote in Haaretz on Wednesday: f the international community is responding so slowly to events in Syria, who will ensure that it will take timely action against ran, when it becomes clear that action is required?
Expectedly, Meir Dagan described Assad's plight as an opportunity. The West, he said, needs to step up the threat against the ranian and Syrian regimes. Assad's fall, when it happens, will be "an extraordinary opportunity to weaken ran's status in the region."
The horrific photographs of the bodies of the children who were massacred by Assad's forces in Houla last weekend immediately catapulted the crisis in Syria back to the top of the international agenda. Even though dozens of people are killed every day in Syria (there were some weeks in which an unbelievable daily average of 120 to 140 killings was recorded), the unbearable sight of the bodies of slaughtered children laid out in a row a few days ago made even the most indifferent of the media outlets take notice of the unfolding events there.
ndeed, even before the Houla massacre, numerous testimonies spoke about the murder and rape of minors during efforts by Assad's security forces to suppress the protest movement. But this time it was United Nations inspectors based in Syria, and not opposition spokesmen, who announced that at ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
least 108 people, among them 49 children, had been murdered in Houla. The inspectors also provided additional information, which completely contradicted Damascus' claims: Only 20 of the dead were killed by the army's artillery barrage against the residential neighborhood. The other 88 were executed, most of them by being shot in the head at close range.
These testimonies, combined with the extensive media coverage, prodded Western decision makers to take action. But it's hard not to be somewhat cynical: After 15 months of relentless killing and more than 13,000 dead (according to opposition estimates), Western countries have now remembered to expel the Syrian ambassadors and to recall their own ambassadors from Damascus.
Barak is right: Assad has long since stopped taking the international community into account. He feels secure as long as he enjoys Russian diplomatic support and ranian financial and military aid, and refuses to accept a plan that will enable him to leave the country safely, along the lines of the Yemen and Tunisia models.
The best evidence of this was seen precisely in parallel to announcements by the European Union countries that the Western ambassadors were being expelled: another massacre at Deir el-Zour (the town adjacent to the nuclear site that was bombed by srael - according to foreign media reports and the Bush administration - in 2007) with more bodies of civilians who were executed in their homes.
On Tuesday and Wednesday, many dozens of people were killed in Syria, despite the seemingly dramatic action by the West. On Tuesday, Assad met with UN envoy Kofi Anan, who was urgently dispatched to Syria in the wake of the Houla attack. Assad declared, as usual, that the massacre had been perpetrated by gangs of terrorists and not by his forces, but the UN inspectors stated that it was most likely that the civilians in Houla were killed by the president's loyalists. Anan's efforts to achieve a cease-fire have been an exercise in futility, but somewhat pathetically he continues to implore Assad to return to the blueprint he drew up to stop the violence.
For the present, Assad continues to control his army, and his regime shows no signs of disintegrating. Apparently this is a gradual process of weakening. The only development that has emerged with some sort of potential to dissuade the Syrian president from continuing to shell densely populated neighborhoods has been the declarations in recent days by France and Australia to consider a military operation in Syria. While this could also generate brutally extreme reactions by Damascus, the alternative is to allow Assad to go on massacring children and women as long as he wishes.
01 Jun 12 Press TV Obama Ordered Stuxnet Cyber Attack On Iran: Report A US daily has revealed that President Barack Obama secretly ordered a cyber attack with the Stuxnet computer virus against ran to sabotage the country's nuclear energy program.
"From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run ran's main nuclear enrichment facilities, significantly expanding America's first sustained use of cyber weapons, The New York Times quoted "participants in the program as saying on Friday.
The report added that the offensive was part of a wave of digital attacks codenamed "Olympic Games. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
"Mr. Obama decided to accelerate the attacks - begun in the Bush administration and code-named Olympic Games - even after an element of the program accidentally became public in the summer of 2010 because of a programming error, the report added.
The US daily also confirmed that the Stuxnet virus was created with the help of a secret sraeli intelligence unit.
Stuxnet, first indentified by the ranian officials in June 2010, is a malware designed to infect computers using a control system favored by industries that manage water supplies, oil rigs, and power plants.
n July 2010, media reports claimed that Stuxnet had targeted industrial computers around the globe, with ran being the main target of the attack. They said the country's Bushehr nuclear power plant was at the center of the cyber attack.
However, ranian experts detected the virus in time, averting any damage to the country's industrial sites and resources.
On Wednesday, Head of the nformation Technology Organization of ran Ali Hakim Javadi said the country's experts have managed to produce antivirus software that can spot and remove the newly detected computer virus Flame, which experts say is 20 times more powerful than the Stuxnet virus.
sraeli Deputy Prime Minister Moshe Ya'alon strongly hinted Tuesday that Tel Aviv was involved in creating the computer virus to sabotage ran's nuclear energy activities.
Ya'alon expressed support for the creation of the virus and similar tools, arguing that it was "reasonable" for anyone who sees ran as a threat to take such steps.
01 Jun 12 New York Times Obama Order Sped Up Wave Of Cyberattacks Against Iran By David E. Sanger
From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run ran's main nuclear enrichment facilities, significantly expanding America's first sustained use of cyberweapons, according to participants in the program.
Mr. Obama decided to accelerate the attacks begun in the Bush administration and code-named Olympic Games even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape ran's Natanz plant and sent it around the world on the nternet. Computer security experts who began studying the worm, which had been developed by the United States and srael, gave it a name: Stuxnet.
At a tense meeting in the White House Situation Room within days of the worm's "escape, Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central ntelligence Agency at the time, Leon E. Panetta, considered whether America's most ambitious attempt to slow the progress of ran's nuclear efforts had been fatally compromised. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
"Should we shut this thing down? Mr. Obama asked, according to members of the president's national security team who were in the room.
Told it was unclear how much the ranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. n the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges ran had spinning at the time to purify uranium.
This account of the American and sraeli effort to undermine the ranian nuclear program is based on interviews over the past 18 months with current and former American, European and sraeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day.
These officials gave differing assessments of how successful the sabotage program was in slowing ran's progress toward developing the ability to build nuclear weapons. nternal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that ran's enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.
Whether ran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that ran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.
ran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of ran's Passive Defense Organization, said that the ranian military was prepared "to fight our enemies in "cyberspace and nternet warfare. But there has been scant evidence that it has begun to strike back. The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.
t appears to be the first time the United States has repeatedly used cyberweapons to cripple another country's infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.
A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of ranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
responsible for the Flame attack.
Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons even under the most careful and limited circumstances could enable other countries, terrorists or hackers to justify their own attacks.
"We discussed the irony, more than once, one of his aides said. Another said that the administration was resistant to developing a "grand theory for a weapon whose possibilities they were still discovering. Yet Mr. Obama concluded that when it came to stopping ran, the United States had no other choice.
f Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with ran to work. srael could carry out a conventional military attack, prompting a conflict that could spread throughout the region.
A Bush nitiative
The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with ran. At the time, America's European allies were divided about the cost that imposing sanctions on ran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in raq, Mr. Bush had little credibility in publicly discussing another nation's nuclear ambitions. The ranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.
ran's president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor whose fuel comes from Russia to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the ranians made a political decision to do so.
Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the ranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.
For years the C..A. had introduced faulty parts and designs into ran's systems even tinkering with imported power supplies so that they would blow up but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America's nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. t involved a far more sophisticated cyberweapon than the United States had designed before.
The goal was to gain access to the Natanz plant's industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the nternet called the air gap, because it physically ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.
The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an ranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.
Eventually the beacon would have to "phone home literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to "throw a little sand in the gears and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.
Breakthrough, Aided by srael
t took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.
Then the N.S.A. and a secret sraeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.
The unusually tight collaboration with srael was driven by two imperatives. srael's Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.'s, and the sraelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the sraelis from carrying out their own pre-emptive strike against the ranian nuclear facilities. To do that, the sraelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.
Soon the two countries had developed a complex worm that the Americans called "the bug. But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of ran's P- 1 centrifuges, an aging, unreliable design that ran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.
When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed "destructive testing, essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department's national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.
Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
day, toward the end of Mr. Bush's term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: ran's underground enrichment plant.
"Previous cyberattacks had effects limited to other computers, Michael V. Hayden, the former chief of the C..A., said, declining to describe what he knew of these attacks when he was in office. "This is the first attack of a major nature in which a cyberattack was used to effect physical destruction, rather than just slow another computer, or hack into it to steal data.
"Somebody crossed the Rubicon, he said.
Getting the worm into Natanz, however, was no easy trick. The United States and srael would have to rely on engineers, maintenance workers and others both spies and unwitting accomplices with physical access to the plant. "That was our holy grail, one of the architects of the plan said. "t turns out there is always an idiot around who doesn't think much about the thumb drive in their hand.
n fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.
The first attacks were small, and when the centrifuges began spinning out of control in 2008, the ranians were mystified about the cause, according to intercepts that the United States later picked up. "The thinking was that the ranians would blame bad parts, or bad engineering, or just incompetence, one of the architects of the early attack said.
The ranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally. "This may have been the most brilliant part of the code, one American official said.
Later, word circulated through the nternational Atomic Energy Agency, the Vienna-based nuclear watchdog, that the ranians had grown so distrustful of their own instruments that they had assigned people to sit in the plant and radio back what they saw.
"The intent was that the failures should make them feel they were stupid, which is what happened, the participant in the attacks said. When a few centrifuges failed, the ranians would close down whole "stands that linked 164 machines, looking for signs of sabotage in all of them. "They overreacted, one official said. "We soon discovered they fired people.
magery recovered by nuclear inspectors from cameras at Natanz which the nuclear agency uses to keep track of what happens between visits showed the results. There was some evidence of wreckage, but it was clear that the ranians had also carted away centrifuges that had previously appeared to be working well.
But by the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush's advice.
The Stuxnet Surprise ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Mr. Obama came to office with an interest in cyberissues, but he had discussed them during the campaign mostly in terms of threats to personal privacy and the risks to infrastructure like the electrical grid and the air traffic control system. He commissioned a major study on how to improve America's defenses and announced it with great fanfare in the East Room.
What he did not say then was that he was also learning the arts of cyberwar. The architects of Olympic Games would meet him in the Situation Room, often with what they called the "horse blanket, a giant foldout schematic diagram of ran's nuclear production facilities. Mr. Obama authorized the attacks to continue, and every few weeks certainly after a major attack he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.
"From his first days in office, he was deep into every step in slowing the ranian program the diplomacy, the sanctions, every major decision, a senior administration official said. "And it's safe to say that whatever other activity might have been under way was no exception to that rule.
But the good luck did not last. n the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. t fell to Mr. Panetta and two other crucial players in Olympic Games General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C..A. to break the news to Mr. Obama and Mr. Biden.
An error in the code, they said, had led it to spread to an engineer's computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the nternet, the American- and sraeli-made bug failed to recognize that its environment had changed. t began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
"We think there was a modification done by the sraelis, one of the briefers told the president, "and we don't know if we were part of that activity.
Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. "t's got to be the sraelis, he said. "They went too far.
n fact, both the sraelis and the Americans had been aiming for a particular part of the centrifuge plant, a critical area whose loss, they had concluded, would set the ranians back considerably. t is unclear who introduced the programming error.
The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself "in the wild, where computer security experts can dissect it and figure out its purpose.
" don't think we have enough information, Mr. Obama told the group that day, according to the officials. But in the meantime, he ordered that the cyberattacks continue. They were his best hope of disrupting the ranian nuclear program unless economic sanctions began to bite harder and reduced ran's oil revenues.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Within a week, another version of the bug brought down just under 1,000 centrifuges. Olympic Games was still on.
A Weapon's Uncertain Future
American cyberattacks are not limited to ran, but the focus of attention, as one administration official put it, "has been overwhelmingly on one country. There is no reason to believe that will remain the case for long. Some officials question why the same techniques have not been used more aggressively against North Korea. Others see chances to disrupt Chinese military plans, forces in Syria on the way to suppress the uprising there, and Qaeda operations around the world. "We've considered a lot more attacks than we have gone ahead with, one former intelligence official said.
Mr. Obama has repeatedly told his aides that there are risks to using and particularly to overusing the weapon. n fact, no country's infrastructure is more dependent on computer systems, and thus more vulnerable to attack, than that of the United States. t is only a matter of time, most experts believe, before it becomes the target of the same kind of weapon that the Americans have used, secretly, against ran.
This article is adapted from "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power," to be published by Crown on Tuesday (05 Jun 12).
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U) How a Secret Cyberwar Program Worked (NYT, 01 Jun 12)
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
(U) Timeline: From Inception to a Leak (NYT, 01 Jun 12)
01 Jun 12 New York Times Cyber Attacks On Iran - Stuxnet And FIame Over the last few years, ran has become the target of a series of notable cyberattacks, some of which were linked to its nuclear program. The best known of these was Stuxnet, the name given to a computer worm, or malicious computer program.
According to an article in The New York Times in June 2012, during President Obama's first few months in office, he secretly ordered increasingly sophisticated attacks on ran's computer systems at its nuclear enrichment facilities, significantly expanding America's first sustained use of cyberweapons.
Mr. Obama decided to accelerate the attacks begun in the Bush administration and code-named Olympic Games even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape ran's Natanz plant and sent it around the world on the nternet. Computer security experts who began studying the worm, which had been developed by the United States and srael, gave it a name: Stuxnet.
The Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges ran had spinning at the time to purify uranium.
ran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. n 2011, ran announced that it had begun its own military cyberunit, but there has been scant evidence that it has begun to strike back. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
nternal Obama administration estimates say ran's nuclear program was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that ran's enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.
Stuxnet appears to be the first time the United States has repeatedly used cyberweapons to cripple another country's infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.
The Flame Virus: More Harmful Than Stuxnet?
A similar dissecting process is now under way to figure out the origins of another cyberweapon called Flame, a data-mining virus that in May 2012 penetrated the computers of high-ranking ranian officials, sweeping up information from their machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.
n a message posted on its Web site, ran's Computer Emergency Response Team Coordination Center warned that the virus was potentially more harmful than Stuxnet. n contrast to Stuxnet, Flame appeared to be designed not to do damage but to secretly collect information from a wide variety of sources.
Researchers at Kaspersky Lab in Moscow said that Flame is likely part of the same campaign as Stuxnet, though it appears to have been written by a different group of programmers. They declined to name the government.
n April, ran disconnected its main oil terminals from the nternet, after a cyberattack began erasing information on hard disks in the Oil Ministry's computers. ranian cyber defense officials labeled that program Wiper.
The increasing number of cyberattacks on ran runs parallel to a series of mysterious explosions and assassinations of nuclear scientists and underscores growing feelings among officials and normal ranians that the country is increasingly targeted by covert operations, organized by the United States and srael.
Origins of Stuxnet: A Bush nitiative
The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with ran. At the time, America's European allies were divided about the cost that imposing sanctions on ran would have on their own economies. Having falsely accused Saddam Hussein of reconstituting his nuclear program in raq, Mr. Bush had little credibility in publicly discussing another nation's nuclear ambitions. The ranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the ranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.
For years the C..A. had introduced faulty parts and designs into ran's systems even tinkering with imported power supplies so that they would blow up but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America's nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. t involved a far more sophisticated cyberweapon than the United States had designed before.
The goal was to gain access to the Natanz plant's industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the nternet called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.
The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an ranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.
Eventually the beacon would have to "phone home literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant.
t took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.
Developing a Complex Worm Called 'The Bug'
Then the N.S.A. and a secret sraeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.
Soon the two countries had developed a complex worm that the Americans called "the bug.
The first attacks were small, and when the centrifuges began spinning out of control in 2008, the ranians were mystified about the cause, according to intercepts that the United States later picked up.
The ranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally.
magery recovered by nuclear inspectors from cameras at Natanz which the nuclear agency uses ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
to keep track of what happens between visits showed the results. There was some evidence of wreckage, but it was clear that the ranians had also carted away centrifuges that had previously appeared to be working well.
By the time Mr. Bush left office, no wholesale destruction had been accomplished. Meeting with Mr. Obama in the White House days before his inauguration, Mr. Bush urged him to preserve two classified programs, Olympic Games and the drone program in Pakistan. Mr. Obama took Mr. Bush's advice.
Obama Authorizes Cyberattacks to Continue
Mr. Obama authorized the attacks to continue, and every few weeks certainly after a major attack he would get updates and authorize the next step. Sometimes it was a strike riskier and bolder than what had been tried previously.
n the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage.
An error in the code had led it to spread to an engineer's computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the nternet, the American- and sraeli-made bug failed to recognize that its environment had changed. t began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.
The question facing Mr. Obama was whether the rest of Olympic Games was in jeopardy, now that a variant of the bug was replicating itself "in the wild, where computer security experts can dissect it and figure out its purpose.
Within a week, another version of the bug brought down just under 1,000 centrifuges. Olympic Games was still on.
31 May 12 EtteIaat US Is Losing RegionaI Bases A top ranian commander says the United States is losing its geopolitical bases in the region as a consequence of the wave of the slamic Awakening in Muslim countries.
"The important event that has today impacted the atmosphere of the global and regional security as well as our national security is the rapid geopolitical developments, particularly in Muslim countries, Deputy Commander of the slamic Revolution Guard Corps (RGC) Brigadier General Hossein Salami said during a conference on "Sustainable Security in the capital Tehran on Wednesday, Press TV reported.
Referring to the wave of popular uprisings in the Middle East and North Africa, he added that "These developments are upsetting the geopolitics in the world, an order which had been shaped by the Western powers."
The ranian commander went on to say that, "Today, the Zionist regime [of srael] as a source of threat is ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
[also] losing its geopolitical supporters in the region.
Since January 2011, revolutions have swept through the Middle East and North Africa unseating dictators such as Tunisian Zine El Abidine Ben Ali, Egyptian Hosni Mubarak, Yemeni Ali Abdullah Saleh and Libyan Muammar Gaddafi.
Despite violent crackdowns, countries such as Bahrain have also been engaged in massive near-daily demonstrations against their despotic US-backed rulers.
Protests have also spread to the US and Europe, where demonstrators are braving police brutality to participate in rallies against financial greed, corporatism and austerity cuts.
30 May 12 AI Arabiya U.N. Agency PIans Major Warning On 'FIame' Virus Risk; IsraeI On AIert A United Nations agency charged with helping member nations secure their national infrastructures plans to issue a sharp warning about the risk of the Flame computer virus that was recently discovered in ran and other parts of the Middle East, as srael stepped up its supervision over computer systems of commercial banks.
"This is the most serious (cyber) warning we have ever put out, said Marco Obiso, cyber security coordinator for the U.N.'s Geneva-based nternational Telecommunications Union.
The confidential warning will tell member nations that the Flame virus is a dangerous espionage tool that could potentially be used to attack critical infrastructure, he told Reuters in an interview on Tuesday.
"They should be on alert, he said, adding that he believed Flame was likely built on behalf of a nation state.
The warning is the latest signal that a new era of cyber warfare has begun following the 2010 Stuxnet virus attack that targeted ran's nuclear program. The United States explicitly stated for the first time last year that it reserved the right to retaliate with force against a cyber-attack.
A top sraeli minister said on Tuesday the use of cyber weapons, such as the newly uncovered Flame virus, to counter ran's nuclear plans would be "reasonable, hinting at srael's possible involvement, AFP reported.
"For anyone who sees the ranian threat as significant, it is reasonable that he would take different steps, including these, in order to hobble it, Vice Prime Minister Moshe Yaalon told army radio, just hours after the virus was discovered by Russia's Kaspersky Lab. "srael is blessed with being a country which is technologically rich, and these tools open up all sorts of possibilities for us, said Yaalon, who is also srael's strategic affairs minister.
Evidence suggests that the Flame virus may have been built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked ran's nuclear program in 2010, according to Kaspersky Lab, the Russian cyber security software maker that took credit for discovering the infections.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
" think it is a much more serious threat than Stuxnet, Obiso said.
He said the TU would set up a program to collect data, including virus samples, to track Flame's spread around the globe and observe any changes in its composition.
Kaspersky Lab said it found the Flame infection after the TU asked the Russian company to investigate recent reports from Tehran that a mysterious virus was responsible for massive data losses on some ranian computer systems.
So far, the Kaspersky team has not turned up the original data-wiping virus that they were seeking and the ranian government has not provided Kaspersky a sample of that software, Obiso said.
A Pentagon spokesman asked about Flame referred reporters to the Department of Homeland Security.
DHS officials declined to respond to specific questions about the virus, but an agency spokesman issued a brief written statement that said: "DHS was notified of the malware and has been working with our federal partners to determine and analyze its potential impact on the U.S.
Some industry participants appeared skeptical that the threat was as serious as the U.N. agency and Kaspersky had suggested.
Meanwhile, srael's Haaretz daily reported on Wednesday that the Shin Bet security service has recently stepped up its supervision over computer systems of commercial banks, out of fear that they could become the target of a cyber attack that could dry up the country's financial lifeblood.
According to the report, the Shin Bet is seeking to have the banks defined as institutions that are responsible for essential infrastructure, which would enable the agency to supervise them even more closely. All companies that fall under this definition have their computer systems directly supervised by the Shin Bet via the National nformation Security Authority.
srael has suffered several cyber attacks over the past year. The most serious one was when a Saudi hacker posted some 15,000 sraeli credit card numbers online. Hackers, meanwhile, shut down several key sraeli websites, including those of the stock exchange and El Al srael Airlines.
The Shin Bet responded to those attacks by ordering the Bank of srael to have banks bar access to their websites from certain sites in ran, Saudi Arabia and Algeria, according to the Haaretz report.
Jeff Moss, a respected hacking expert who sits on the U.S. government's Homeland Security Advisory Council, said that the TU and Kaspersky were "over-reacting to the spread of Flame.
"t will take time to disassemble, but it is not the end of the Net, said Moss, who serves as chief security officer of the nternet Corporation for Assigned Names and Numbers, or CANN, which manages some of the nternet's key infrastructure.
"We seem to be getting to a point where every time new malware is discovered it's branded 'the worst ever,' said Marcus Carey, a researcher at with cyber security firm Rapid7.
Organizations involved in cyber security keep some of their communications confidential to keep ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
adversaries from developing strategies to combat their defenses and also to keep other hackers from obtaining details about emerging threats that they could use to build other pieces of malicious software.
30 May 12 IRIB EngIish Radio Zionist Regime Hints It Created FIame MaIware Unclassified
Zionist regime's Deputy Prime Minister Moshe Ya'alon has strongly hinted that the regime was involved in creating the computer virus Flame -- a new Stuxnet-like espionage malware -- to sabotage ran's nuclear plans.
According to Press TV, speaking in an interview with Zionist regime's Army Radio on Tuesday, Ya'alon expressed support for the creation of the virus and similar tools, saying it "opens up all kinds of possibilities.
He also noted that it is reasonable for anyone who sees ran as a threat to take such steps, saying that "whoever sees the ranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."
Ya'alon made the remarks only hours after a Russian lab discovered the new virus.
The computer security firm Kaspersky Lab, one of the world's top virus-hunting agencies, said the virus is being used as a cyber weapon to attack entities in several countries.
30 May 12 Mehr News Iran SuccessfuIIy Combats FIame Spyware ranian experts have created the required anti-virus software to clean the systems infected by a newly detected virus that has been described as the most complex cyber menace to date, Ali Hakim-Javadi, the ranian deputy minister of information and communications technology, announced on Wednesday. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Reuters reported on Monday that security experts had discovered a new data-stealing spyware virus dubbed Flame that they say had lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
The Associated Press also quoted the director of ran's Passive Defense Organization, Gholam Reza Jalali, as saying on Wednesday that ranian experts had "found and "defeated the Flame virus.
30 May 12 Fars News Iran SIams Enemy Cyber Attack ran indirectly accused srael of using a sophisticated malicious computer program to collect information from the slamic Republic as a UN agency warned that the Flame virus could be a more serious threat than Stuxnet.
"Some countries and illegitimate regimes are used to producing viruses," ranian Foreign Ministry Spokesman Ramin Mehman-Parast told reporters on Tuesday when asked about a malware, codenamed Flame.
His comments are seen as a clear reference to srael. "Such acts of cyberwar would not damage ran's computer systems," he said.
Meantime, srael's Deputy Prime Minister Moshe Ya'alon acknowledged the Zionist regime's cyber war attack on ran, including developing malicious softwares to damage sensitive ranian data and computers.
According to a report posted by sraeli daily Jerusalem post, in comments that proved srael is behind the "Flame" virus, Ya'alon on Tuesday said that "whoever sees the ranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."
Speaking in an interview with Army Radio, Ya'alon further hinted that Jerusalem was behind the cyber attack, took alleged credit for his regime by saying that srael a technological power.
"These achievements of ours open up all kinds of possibilities for us," Ya'alon added.
Also on Tuesday, officials at the UN agency charged with helping member nations secure their national infrastructures, said it plans to issue a sharp warning about the risk of the Flame virus. "This is the most serious (cyber) warning we have ever put out," Marco Obiso, cyber security coordinator for the UN's Geneva-based nternational Telecommunications Union, told Reuters. " think it is a much more serious threat than Stuxnet," Obiso said.
The confidential warning will tell member nations that the Flame virus is dangerous espionage tool that could potentially be used to attack critical infrastructure, he said in an interview. "They should be on alert," he said.
The US and srael have made repeated attempts in the last several years to damage ran's nuclear and industrial sites through web infiltration and computer malwares.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Computers of some ranian nuclear sites were attacked by the Stuxnet virus, the first known computer worm discovered in 2010 to target industrial controls.
30 May 12 Fars News Iran Shows Prompt Response To IsraeI's Cyber War ran declared on Tuesday that it has produced an anti-virus program against "Flame," an extraordinarily sophisticated malware that attacked its servers recently.
n a statement, ran's National Computer Emergency Response Team said that "investigations during the last few months" had resulted in the detection of the virus, which has been dubbed Flame and is capable of stealing data from infected computers.
"t seems there is a close relation to the Stuxnet and Duqu targeted attacks," the statement said, adding that the malware's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which ran had also fallen victim.
Stuxnet was designed to damage ran's nuclear sites, specially Natanz uranium enrichment facility. Duqu, like Flame, was apparently built for espionage but shared characteristics with Stuxnet.
ran's National Computer Emergency Response Team also said it has developed tools to detect and remove Flame from infected computers.
t said that the detection and clean-up tool was finished in early May and is now ready for distribution to organizations at risk of infection.
Security companies said Flame, named after one of its attack modules, is one of the most complex threats ever seen.
ran says its home-grown defense could both spot when Flame is present and clean up infected PCs.
Flame was discovered after the UN's nternational Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the Middle East.
An investigation uncovered the sophisticated malicious program which, until then, had largely evaded detection.
An in-depth look at Flame by the Laboratory of Cryptography and System Security at Hungary's University of Technology and Economics in Budapest, said it stayed hidden because it was so different to the viruses, worms and trojans that most security programs were designed to catch.
n addition, said the report, Flame tried to work out which security scanning software was installed on a target machine and then disguised itself as a type of computer file that an individual anti-virus program would not usually suspect of harboring malicious code.
Graham Cluley, senior technology consultant at security firm Sophos, said the program had also escaped detection because it was so tightly targeted. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
"Flame isn't like a Conficker or a Code Red. t's not a widespread threat," he told the BBC. "The security firm that talked a lot about Flame only found a couple of hundred computers that appeared to have been impacted."
Mr. Cluley said detecting the software was not difficult once it had been spotted.
"t's much easier writing protection for a piece of malware than analyzing what it actually does," he said. "What's going to take a while is dissecting Flame to find out all of its quirks and functionality."
t is not yet clear who created Flame but experts say its complexity suggests that it was the work of a nation state rather than hacktivists or cyber criminals.
Figures released by Kaspersky Labs in a report about the malicious program said 189 infections were reported in ran, compared to 98 in srael/Palestine and 32 in Sudan. Syria, Lebanon, Saudi Arabia and Egypt were also hit.
srael has tried to take the credit for the malware with its Deputy Prime Minister Moshe Ya'alon saying on Tuesday that "whoever sees the ranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."
Speaking in an interview with srael's Army Radio, Ya'alon further hinted that Jerusalem was behind the cyber attack.
"These achievements of ours open up all kinds of possibilities for us," Ya'alon added.
n April, ran briefly disconnected servers from the net at its Kharg island oil terminal as it cleared up after a virus outbreak - now thought to be caused by Flame.
30 May 12 Uskowi on Iran Iran Under Cyber-Attack By Data-Mining Virus (U) The computer virus known as Flame as shown by the Russian computer security firm Kaspersky Lab/ ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Agence France-Presse/Getty Images, 30 May 12)
The data-mining virus called Flame has reportedly penetrated important computers in ran in what is described as the most malicious program ever discovered. ran's Computer Emergency Response Team Coordination Center (CERTCC) also warned that the virus was extremely dangerous. ranian computer experts discovered Flame, which could reportedly be as much as five years old.
"The complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date, reported Kaspersky Lab, a Russian producer of antivirus software [nternational Herald Tribune, 30 May].
Experts believe that the virus bears special encryption hallmarks with similarities to previous sraeli malware. n an interview with Radio srael, the country's vice prime minister and strategic affairs minister, Moshe Yaalon, all but took responsibility for the attack.
"Anyone who sees the ranian threat as a significant threat it's reasonable that he will take various steps, including these, to harm it, said Yaalon in response to a question on Flame virus. Flame seems to be designed to mine data from personal computers and that it was distributed through USB sticks rather than the nternet, meaning that a USB has to be inserted manually into at least one computer in a network.
"This virus copies what you enter on your keyboard; it monitors what you see on your computer screen, said a spokesman for ran's CRTCC. That includes collecting passwords, recording sounds if the computer is connected to a microphone, scanning disks for specific files and monitoring Skype.
"Those controlling the virus can direct it from a distance, said the CRTCC spokesman. "Flame is no ordinary product. This was designed to monitor selected computers.
30 May 12 JerusaIem Post PM: IsraeI Increasing Its Cyber-Defense CapabiIities Speaking at INSS, Netanyahu says as one of world's most computerized countries, Israel vulnerable to cyber threat; does not mention 'Flame' virus that has been attacking Iranian computers.
The capacity srael is developing in the cyber sphere is significantly increasing its defensive capabilities, Prime Minister Binyamin Netanyahu said Tuesday, a day after it was revealed that a computer virus has been attacking ran.
Netanyahu, speaking at the annual conference in Tel Aviv of the nstitute for National Security Studies (NSS), said that when it comes to cyberspace, the size of a country is not significant. But there is, he said, great significance to a country's "scientific strength, and with that srael is blessed.
Netanyahu did not mention the cyber issue in direct connection to the virus dubbed "Flame that has been attacking ranian computers, but rather in the context of five threats srael faced, the other four being nuclear weapons, missiles, the enormous stockpiles of weapons in the region, and the influx of illegal migrants.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
Netanyahu said that as one of the world's most computerized countries, srael is also one of the most vulnerable to cyber attacks, and for that reason was investing tremendously in finances and human resources to develop its cyber capabilities.
Regarding ran, Netanyahu voiced criticism of the strategy behind the current talks between Tehran and the world powers known as the P5+1 the US, Russia, China, France, Britain and Germany. Netanyahu said that not only did the world need to stiffen sanctions against ran, which he said it has done, but that it also needed to stiffen its demands, which it has not.
He said that the objectives of the negotiations needed to be to get ran to stop all uranium enrichment, transfer its stockpile of enriched uranium out of the country and close the underground facility at Qom. Only a clear ranian commitment in the negotiations to those three demands, and their full implementation, can stop the ranian nuclear program, he said.
Unfortunately, Netanyahu declared, while in the past the world demanded that ran stop enrichment even to 3.5 percent, "that is not what happening today.
"On the one hand, good is being done through imposing heavy economic sanctions on ran, that is important and we called for it, he said. "But on the other hand, these sanctions need to be accompanied by the demands that spelled out.
Only a combination of the two, he said, will bring about an end to the ranian nuclear program.
Regarding the Palestinian diplomatic process, Netanyahu said the process was important first and foremost to prevent a bi-national state and strengthen srael's future as a Jewish, democratic state.
"We do not want to rule over the Palestinians, and we do not want the Palestinians as citizens of the State of srael, he said, adding that was why he declared on three separate occasions his support for peace "between two national states, a demilitarized Palestinian state that will recognize a Jewish state.
Netanyahu said the new government he has put together with Kadima reflected a wide consensus for a twostate solution with iron-clad security guarantees, and called on Palestinian Authority President Mahmoud Abbas "not to miss this unique opportunity.
He said he was not placing any conditions on entering negotiations, though he did as do the Palestinians have conditions regarding their outcome.
Switching into English for just a sentence, Netanyahu said, "President Abbas, all we are saying is give peace a chance.
The prime minister rejected the notion, however, that peace with the Palestinians would bring about regional peace and stability. Referring to slamic radicalism, Netanyahu's said huge historic forces were working against regional stability, and would continue to work to destroy srael and torpedo any chances for peace.
Quoting from a 1968 book by historian Will Durant, Netanyahu said there was no historical or natural guarantee that good would eventually win out and evil be crushed and disappear, but rather that a nation was obligated at all times to defend itself and had the right to use the necessary means to ensure its ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
survival.
n his nearly 30-minute address, Netanyahu also discussed the issue of illegal migrants from Africa, saying that the problem had to be dealt with both by stopping the flood of immigrants and extraditing those here illegally. He said that extradition was a long and arduous process, but that srael was determined to carry it out. First, he said, srael would return to their homeland the relatively small group of migrants from South Sudan, and then move on to other nationalities.
At the same time, Netanyahu called on public figures and the public at large to demonstrate restraint and responsibility.
"We are a moral people and will act accordingly, he declared.
"We reject violence; we respect human rights. Let us not lose our divine image, nor deny it in others. But with that we cannot accept a situation where migrants from a full continent will come here to work. We must protect our borders in order to ensure srael's future as a Jewish democratic state.
29 May 12 New York Times Iran Confirms Attack By Virus That CoIIects Information By Thomas Erdbrink
(U) The computer virus known as Flame as shown by the Russian computer security firm Kaspersky Lab. (NYT, 29 May 12)
The computers of high-ranking ranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on ran since the notorious Stuxnet virus, an ranian cyberdefense organization confirmed on Tuesday.
n a message posted on its Web site, ran's Computer Emergency Response Team Coordination Center warned that the virus was dangerous. An expert at the organization said in a telephone interview that it ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
was potentially more harmful than the 2010 Stuxnet virus, which destroyed several centrifuges used for ran's nuclear enrichment program. n contrast to Stuxnet, the newly identified virus is designed not to do damage but to collect information secretly from a wide variety of sources.
Flame, which experts say could be as much as five years old, was discovered by ranian computer experts. n a statement about Flame on its Web site, Kaspersky Lab, a Russian producer of antivirus software, said that "the complexity and functionality of the newly discovered malicious program exceed those of all other cyber menaces known to date.
The virus bears special encryption hallmarks that an ranian cyberdefense official said have strong similarities to previous sraeli malware. "ts encryption has a special pattern which you only see coming from srael, said Kamran Napelian, an official with ran's Computer Emergency Response Team. "Unfortunately, they are very powerful in the field of .T.
While srael never comments officially on such matters, its involvement was hinted at by top officials there. "Anyone who sees the ranian threat as a significant threat it's reasonable that he will take various steps, including these, to harm it, said the vice prime minister and strategic affairs minister, Moshe Yaalon, in a widely quoted interview with srael's Army Radio on Tuesday.
n a speech Tuesday night, Prime Minister Benjamin Netanyahu did not mention Flame specifically, but he did include computer viruses as one of five critical types of threats srael faces, saying: "We are investing a great deal of money in that, human capital and financial capital. expect these investments to yield a great deal in the coming years.
Mr. Napelian said that Flame seemed designed to mine data from personal computers and that it was distributed through USB sticks rather than the nternet, meaning that a USB has to be inserted manually into at least one computer in a network.
"This virus copies what you enter on your keyboard; it monitors what you see on your computer screen, Mr. Napelian said. That includes collecting passwords, recording sounds if the computer is connected to a microphone, scanning disks for specific files and monitoring Skype.
"Those controlling the virus can direct it from a distance, Mr. Napelian said. "Flame is no ordinary product. This was designed to monitor selected computers.
Mr. Napelian said he was not authorized to disclose how much damage Flame had caused, but guessed the virus had been active for the past six months and was responsible for a "massive data loss. ran says it has developed antivirus software to combat Flame, something that international antivirus companies have yet to do, since they have just become aware of its existence.
"One of the most alarming facts is that the Flame cyberattack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals, Alexander Gostev, chief security expert at Kaspersky Lab, said on the company's Web site.
Those close to ran's leaders said that the virus was tantamount to an attack.
" am no virus expert, and my computer seems to be working, said Sadollah Zarei, a columnist for the ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
state newspaper, Kayhan, "but know this is covert warfare, aimed at weakening us.
Jodi Rudoren contributed reporting from Tel Aviv.
This article has been revised to reflect the following correction:
Correction: May 30, 2012. An earlier version of this article misstated the contents of the message posted on the Web site of Iran's Computer Emergency Response Team Coordination Center. The message said the Flame virus was dangerous, not that it was potentially more harmful than the 2010 Stuxnet virus. That observation was made by an expert from the center.
29 May 12 JerusaIem Post Ya'aIon Hints At IsraeIi RoIe In 'FIame' Virus Israel's superior technology "opens up all kinds of possibilities," says vice premier on new virus found attacking Iran.
n comments that could be construed as suggesting that srael is behind the "Flame" virus, the latest piece of malicious software to attack ranian computers, Vice Premier Moshe Ya'alon on Tuesday said that "whoever sees the ranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."
Speaking in an interview with Army Radio, Ya'alon further hinted that Jerusalem was behind the cyber attack, saying "srael is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us."
The virus, dubbed "Flame, effectively turns every computer it infects into the ultimate spy. t can turn on PC microphones to record conversations taking place near the computer, take screenshots, log instant messaging chats, gather data files and remotely change settings on computers.
Security experts from the Russian Kaspersky Lab, who announced Flame's discovery on Monday, said it is found in its highest concentration in ranian computers. t can also be found in other Middle Eastern locations, including srael, the West Bank, Syria and Sudan.
The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.
t is the most complex piece of malicious software discovered to date, according to Kaspersky Lab's senior security researcher Roel Schouwenberg, who said he did not know who built Flame.
f the Lab's analysis is correct, Flame could be the third major cyber weapon directed against ran, after the Stuxnet virus that attacked ran's nuclear program in 2010, and its data-stealing cousin Duqu.
The complexity of the latest 'Flame' virus bears the hallmarks of a program engineered by a state, a number of sraeli computer experts believe.
As details of Flame filtered through the media, network security experts in srael, requesting anonymity, ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
studied the initial reports, and indicated that they believed small groups of hackers could not be behind the virus.
"This is not a couple of hackers who sat in a basement," one expert said. "This is a large, organized system. t is possible that years were invested in creating it."
A second analyst said that viruses at this level of sophistication require major capabilities and knowledge of code development, noting that "these are available only to states. And that's without mentioning a motive for developing [such a program]."
29 May 12 Fars News IsraeI Admits To Waging Cyber War On Iran srael's Deputy Prime Minister Moshe Ya'alon acknowledged the Zionist regime's cyber war attack on ran, including developing malicious softwares to damage sensitive ranian data and computers.
According to a report posted by sraeli daily Jerusalem post, in comments that proved srael is behind the "Flame" virus, Ya'alon on Tuesday said that "whoever sees the ranian threat as a serious threat would be likely to take different steps, including these, in order to hurt them."
Speaking in an interview with Army Radio, Ya'alon further hinted that Jerusalem was behind the cyber attack, took alleged credit for his regime by saying that srael a technological power.
"These achievements of ours open up all kinds of possibilities for us," Ya'alon added.
The virus, dubbed "Flame," effectively turns every computer it infects into the ultimate spy. t can turn on PC microphones to record conversations taking place near the computer, take screenshots, log instant messaging chats, gather data files and remotely change settings on computers.
Security experts from the Russian Kaspersky Lab, who announced Flame's discovery on Monday, said it is found in its highest concentration in ranian computers, but they also underlined that the virus can also be found in other Middle Eastern locations, including srael, the West Bank, Syria and Sudan.
The virus has been active for as long as five years, as part of a sophisticated cyber warfare campaign, the experts said.
Kaspersky Lab's senior security researcher Roel Schouwenberg said he did not know who built Flame.
f the Lab's analysis is correct, Flame could be the third major cyber weapon directed against ran, after the Stuxnet virus that attacked ran's nuclear program in 2010, and its data-stealing cousin Duqu.
n December, officials in Tehran said that ran's defense computer systems have been able to identify and control a "supervirus" similar to the one the US and srael created to damage Tehran's nuclear program.
Anti-virus experts have identified a virus called Duqu that they said shared properties with the Stuxnet worm apparently created by Mossad, the sraeli security service. t was thought to have targeted the nuclear program's centrifuges, the devices that enrich uranium to create nuclear fuel. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
ran has confirmed some of its computer systems were infected with the Duqu trojan, but said it has found a way to control the malware.
Security organizations had previously identified ran as one of at least eight countries targeted by the code.
The spyware is believed to have been designed to steal data to help launch further cyber attacks.
28 May 12 AIakhbar IsraeI, Iran, Lebanon hit by "FIame" super-virus Security experts have discovered a new data-stealing virus dubbed Flame they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign. t is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab's work were made available on Monday.
Once a system was infected with Flame, the virus began a series of operations including analyzing network traffic, taking screenshots, and recording audio conversations.
All this data was available to the operators of the virus, who would effectively have been able to access anything on those computers remotely.
ran was most badly effected by the virus, while srael, Palestine and Lebanon were also hit.
ran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
Schouwenberg said he did not know who built Flame but suggested it was probably state sponsored.
f confirmed Flame would be the third major cyber weapon uncovered after the Stuxnet virus that attacked ran's nuclear program in 2010, and its data-stealing cousin Duqu, named after the Star Wars villain.
The discovery by one of the world's largest makers of anti-virus software will likely fuel speculation that nations have already secretly deployed other cyber weapons.
"f Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don't know about," Schouwenberg said in an interview.
28 May 12 IsraeI NationaI News The 'FIame' Computer Virus Strikes Iran, 'Worse Than Stuxnet' ranian security experts report a virus far more dangerous than the Stuxnet worm has struck the country's computer systems. ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY Websites incIuded in OSINT products are subject to monitoring by U.S. and foreign government agencies, and shouId not be viewed on U.S. government or personaI computers. Author: OSNT Open Source ntelligence (CCJ2-JOWO) UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY
ranian security experts report a virus far more dangerous than the Stuxnet worm has struck the country's computer systems.
Dubbed the "Flame, the virus is one that has struck not only ran, however, but a number of other enemies of srael as well.
The Kaspersky nternet security firm is calling the "Flame data-stealing virus the "most sophisticated cyber-weapon yet unleashed and hinted it may have been created by the makers of the Stuxnet worm.
Kaspersky called the virus a "cyber-espionage worm designed to collect and delete sensitive information, primarily in Middle Eastern countries.
The "Flame has struck at least 600 specific computer systems in ran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority, Kaspersky malware expert Vitaly Kamluk told the BBC. He added that the virus has probably been operating discreetly for at least two years.
"This virus is stronger than its predecessor, he said. "t is one that could only have been created by a state or other large entity.
Problems in ran's computer systems are also continuing to surface in connection with the 2010 "Stuxnet virus. The malware successfully disabled the computers that operated ran's uranium enrichment facility. More than 16,000 of the Natanz facility's centrifuges were destroyed as a result of the cyber attack.
ccj2-osint@centcom.smiI.miI PH: 813-827-1441 UNCLASSIFIED//FOR OFFICIAL USE ONLY