We Are In The Midst Of a Hot Cyberwar, Make No Mistake About It. Iran Fires The Latest Salvo (That We Know Of).

In December of last year, several banks' (Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC) websites were inundated by DDoS (distributed denial of service) attacks.  DDoS attacks generally do not seek to penetrate the sites or to obtain information or steal anything but try to overwhelm the capacity of the website to respond to the traffic directed toward them.  The attacks in December were launched by an entity that had access to multiple computers, such as in a data center, and exceeded the capabilities usually found in your standard run of the mill hackers.

Today, the New York Times ran an article that lays the attacks at the doorstep of Iran.  An independent hacker group called Izz ad-Din al-Qassam Cyber Fighters has tried to take credit for the attack, saying it was retaliation for the anti-Muslim movie that prompted riots throughout the Muslim world and which was involved in the Benghazi consulate attack.  Izz ad-Din al-Qassam called it Operation Ababil, referring to Allah sending birds to drop bricks on elephants sent by the King of Yemen to Mecca.  However, U.S. officials think it is the work of Iran and is in retaliation for economic sanctions and the release by the U.S. and/or Israel of the Stuxnet, Flame and DuQu malware. 

Whatever it is, the DDoS attacks spewed 70 gigabits per second at the sites, which included a new wrinkle involving requests for encryption, and which adversely affected the sites' performance.  The attacks used a readily available malware toolkit called Itsoknoproblemobro

It is certain that the attacks that we have heard of are only the tip of the malware iceberg and it is probably as certain that these attacks and counterattacks will continue to escalate.  Warriors on the front lines of these wars will be keyboard commandos and may someday sport the malware marksman ribbon on their dress uniforms.  This is war.

Cyberwar Enters The Next Phase. Move Over Stuxnet and DuQu, Here Comes Flame.

We have written on several occasions about the new wave in malware that are probably the products of nation state(s) because of the complexity or the code and the resources required to write and deploy such creations. (See here, here and here).

These nasty creatures go by the name of Stuxnet and DuQu and so now appears their cousin who has the moniker "Flame" because that name appears in its code.

Stuxnet caused the Iranian nuclear centrifuges to spin out of control and self destruct and DuQu extracts information and sends it to an unknown site. 

Flame apparently can eavesdrop on users by recording their e-mail or instant messaging via a screen shot and  can snoop on audio using the computer's microphone or via video conferencing programs. To top it off, it may be able to use near field communications to monitor near by devices.  Flame does not appear to be destructive but is apparently the most complex system yet to invade the privacy of the unwitting recipients.  To date, it apparently has been deployed mainly in the middle east with about half of the reports coming from Iran.

It is incredibly complex with a file weight of about 20 times the size of Stuxnet, but in spite of its large file size, it has gone undetected for at least 2 years.

If war is just the continuation of politics by another means, this could be political.