About Me


Connect

Saturday, July 7, 2012

Cyber Warfare 2.0 : Operation Myrtus

Never mind the jargon  (or hyperbole if you would prefer) in the title, cyber warfare has indeed been taken to the next level in last  two years. The latest cyber-attack on Iran through the malware "Flame" (dubbed Stuxnet 2.0) wasn't surprising enough, it was expected. In a post I had made on October 2010, regarding the advent of cyber-weapon in most probability, Stuxnet being a precursor to a range of cyber weapons. After all Stuxnet had proved that a  cleverly crafted code snippet  can do what perhaps air-strikes may not be able to. This malware was successful in taking over control the computers in one of Iran's nuclear research facility,destroying centrifuges and pushing Iran's nuclear programme some years back. Given the huge return on investment, , 0 casualty  and stealthiness it provided, cyber weapons if properly executed, it is only natural that other nation-states follow the same.



Now I am not sure if Flame was designed by the same entity that created Stuxnet or not but there are indications that they might have been. As expected, within few months after Stuxnet caught attention of the media, hacker groups were able to reverse engineer the malware and explain each module in depth, as can be seen here. It implied that Stuxnet had lost its initial advantage.  Then Kaspersky revealed that Stuxnet and its variant DuQu were most likely part of 5 cyber weapons developed by the sane set of developers and in the same facility.

Until now all malicious software were considered to be handiwork of black hat hackers,working in small groups over the Internet or even working alone.However,hackers have seldom been seen to have attacked infrastructure of a single country, at behest of another. For example,Anonymous, the largest hacker group currently did threaten Iran for suppressing the protesters and censoring the flow of information but it also threatens Israel  for its crimes against humanity and actually comes out in support of Iran, warning Israel against launching air strikes on Iranian nuclear facilities. In the last release it has in fact threatened to destroy Pro-Israel lobby in Washington influencing US foreign policies. Besides, experts have all along said that a software such as Stuxnet can be created only in a proper development facility and a considerable amount of investment that a bunch of hackers may not have at their disposal. The following video by Al-Jazeera hints of the existence of a Israeli Special Intelligence Cyber Unit with adequate resources at their disposal



Although neither US nor Israel have officially accepted responsibility for the cyber attack on Iran, they aren't trying to deny as emphatically as they would have, if the target was China or Russia. At a time when hostility between US-Israel and Iran continues to escalate,even to the brink of war over Iran's nuclear ambition, anything that damages the latter's nuclear facility would be seem to have been carried out by US-Israel.  As a matter of fact,Israel  may not have publicly owned responsibility but  Stuxnet contains enough hints and clues so as to make it clear who the designers were and they same time leave space for plausible deniability. According to Al-Jazeera 




There are very strong indications that the cyber-attack was part of "Operation Myrtus"

Although there is no incontrovertible proof of Israel's involvement,there are hidden clues within the software   suggest it,like Easter eggs in applications like MS Excel, Mozilla Firefox [ quick tip: type about:mozilla in address bar ]

The first clue because of which this cyber attack has been called Operation Myrtus is the presence of the text "myrtus", in the code.  It seems to a refer to the story in the Book of Esther, one of the books of Hebrew Bible. Esther, whose original name was Hadassah (myrtle) Esther 2:7 was married to the King of Persia when Haman, a wicked prince plotted to exterminate all Jews living throughout the Persian Empire but Esther puts her life on stake and thwarts Haman's evil designs by revealing everything to the King. The King orders death sentence against Haman and allows Jews to take up arms and kill their enemies. Jewish festival of Purim is held to commemorate it. Thus, because of Esther/ Hadassah (myrtle) Jews were able to pre-empt and kill those who had planned to exterminate them. Pre-emptive attack is the only option available to Israel to safeguard its nuclear deterrence and occupation of Palestine.   

The second clue is bit technical. During installation, the software checks for a particular value in the registry key  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\MS- DOS Emulation] and if the value is 19790509, is not found it doesn't infect.
This value is actually a date in yyyy-mm-dd format- 1979-05-09 , the date of the execution of a noted Iranian Jew,Habib Elghanian which has a great historical significance in the context of Iran-Israel relationship. Habib Elghanian's execution,shortly after the Islamic Revolution was a symbolic gesture by the new government on how its policy towards Israel would evolve and going by the current trends, true enough, it has turned out to be the biggest threat to the Jewish nation.
However, this is not the first time that nation-states have taken their animosity to cyber-space. Nation-states have unleashed electronic warfare against each other in the past but they have been no indication of respective government's involvement. Espionage and As of yet cyber wars between nation-states such as China-USARussia-Georgia, China-Philippines and India-Bangladesh/Pakistan (I wasn't aware of this until now) mostly involved DDoSes and website defacement which have more symbolic value rather than actual. Cyber espionage involving theft of confidential information which was part of China's Operation Aurora against the USA and strangely enough report of India hacking US-China Commission's e-mail communication and the US-Israel cyber espionage network may pose threat but as yet it has mostly been theft intellectual property with the focus of the perpetrator (mostly China followed by Russia) has been on the lines of corporate espionage but also obtaining strategic information. 


While cyber espionage may prove useful (espionage as a concept and practice is as old as the concept of warfare itself.) it has to be used effectively. Defacement of government websites doesn't really affect the functioning of the government or inflict any sort of damage even remotely comparable to a war involving air-strikes, land invasion or a naval attack.  But advent of the next generation of malicious software capable of affecting the physical infrastructure of the opponent takes cyber warfare to the next level. From your cell phone to industrial robots to medical devices and self-driven cars, software has permeated every commodity    even if some commodities (such as those with embedded software) are relatively secure, one can never be too sure to lower guard. After all there are still reports of cars' software systems being hacked remotely such as in this case when a disgruntled ex-employee tapped into the web based system and immobilized more than 100 cars. Imagine a maniac in control of a hundred cars during the rush hour! Similarly, a terrorist holed up somewhere (formerly remote tribal areas) in Pakistan gaining access to systems that play role in manufacture of medicine or baby food or fizzy drinks is one such horrific scenario. The options today are endless and too horrific to imagine.      

However, nation-states would be far more cautious in exploiting these system vulnerabilities to harm general population of a country but there are non-state entities too capable of creating similar but smaller cyber-weapons, especially after these software are reverse engineered and put up in public domain. And they have also shown through numerous terror attacks that they have absolutely no regard for lives of innocent people , not even for children. It is time that leading nations of the world understand the gravity of the threat and work towards countering it. This is not the first time that we are facing a situation in which the intensity of the threat, the feasibility of threat being carried out and the scale of damage it could inflict, are all uncertain. 


During the Cold-War, there was perception of a race to place weaponry in outer space and on celestial bodies to ensure the particular nations had capability to fight back even if their bases on earth were destroyed in a single strike. To avert weaponization of the space and keep it as a common heritage of mankind, treaties and agreement, such as Outer Space Treaty, the Moon Treaty were made, even if they weren't  much effective or necessary. There is no reason why these can't serve as precedence to treaties and agreements on cyber-space. Of course,the first step for most governments would be to stop trying to impose restrictions on the users/citizens and instead focus on security against attacks by hostile nations, much the same way they would against a conventional attack.  





0 comments :