Digirati Hub

Militant Malware: Iran is the latest country to be attacked in on-going cyber-warfare

The Iranian Nuclear program is reported to have come under ‘cyber attack’ by a worm virus that causes their machines to play ‘Thunderstruck’ by rock band AC/DC at full volume, in the middle of the night, ad nauseum.  The unconfirmed report comes from Mikko Hypponen, a researcher at the Finnish security company F-Secure, the company that received the complaint from the Iranian Atomic Energy Organisation.  It is the latest event in an steadily expanding cyber war that has been heating up under the radar.

‘AC/DC’ Virus

There’s nothing more annoying and frustrating than a computer virus and if this had happened to me I would be pulling my hair out, particularly had my PC been struck down by a highly-irritating, loud and repetitive virus such as this.  Admittedly because the attack has been aimed at the nuclear ambitions of a hyper-militant country like Iran, it becomes slightly humorous.  The email of complaint, made public by the Swedish firm details the automatic systems that the worm has shut down, the locations of the facilities affected and the belief that the hacker tool Metasploit was used.  According to Gawker.com, it goes on to read, “There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.”

ACDC

AC/DC virus – Shutterstock

‘Flame’ virus

Just last month, ‘Flame’, a complex spyware program developed by the U.S. and Israeli governments, infected Iranian computers activating microphones, keyboards and cameras while spying on the users of infected computers, stealing data including documents, recorded conversations and keystrokes.  The most sophisticated virus of its kind, Flame can enable microphones, recording Skype chats or any conversations happening in the vicinity of the device and using Bluetooth-enabled computers as beacons to scan other Bluetooth devices in the vicinity to siphon phone numbers, contacts, screen shots and emails.  High security areas can be accessed by stealing passwords and new software can be installed, tweaking the toolkit to add new functionality.  Flame has actually been around for a couple of years, having infected Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa, in a U.S. state-run cyber-espionage operation costing millions.

Flame Infection map

Flame Infection map – Kaspersky

Prior to Flame, there were Stuxnet and DuQu, also collaborations between the U.S. and Israeli governments, designed to steal documents and other data from enemy machines.  Both were complex and expensive programs, however, this latest AC/DC attack was executed using ‘Metasploit’, a cheap, opensource kind of virus that can be developed for pennies.  It’s for this reason, Hypponen isn’t quite sure how genuine the email he received is, it also seems a strange and humorous kind of infection to spread, “It does sound really weird,” he said. “If there was an attack, why would the attacker announce themselves by playing ‘Thunderstruck?”  The Iranian government isn’t above disinformation campaigns, not out-ruling the possibility that this could just be a hoax.  It’s all part of a new brand of war that is likely to progress as fast as technological developments can carry it.

 

Leave a Reply