Stuxnet failed to cause enough damage to Iran’s nuclear program, and more recent attacks on the country’s science ministry and oil industry have also apparently fallen flat, but practice makes perfect, and cyber warfare will continue to escalate, presumably with Iran going on the offensive as soon as its capabilities allow.
Iran’s Fars news agency claimed on 29 April that cyber attacks on the Iranian Science Ministry and the oil industry “failed to penetrate” or to leave “any impact on the data system”. A cyber attack on Iran’s oil industry earlier this week saw a virus penetration that damaged hard disks but ultimately failed to cause any lasting damage and computer systems were functioning normally, Iranian oil officials said.
The “Viper” virus, which it has reportedly been dubbed, managed to take some key installations offline for a short period, including the Kharg Island terminal control systems, which deals with the bulk of Iran’s oil exports through the Persian Gulf.
On 28 April, Iranian officials said they had successfully identified the source of the cyber attack on the oil industry, though they declined to release the results of their investigation. "The nature of the attack and the identity of the attackers have been discovered, but we cannot publicize it since we are still working on the case," Iranian news agencies quoted a senior Oil Ministry official as saying.
Independent experts suggest that the virus was intended to disrupt Iranian oil exports while the country is under sanction. There appears to have been no effect on Iranian oil exports due to the cyber attack, however.
The first major cyber attack directed at Iran was in 2010, when the Stuxnet worm targeted Iranian nuclear facilities and attempted to disrupt their operations. Stuxnet was the first known worm designed to spy on and reprogram industrial systems. It managed to infect 30,000 Iranian IP addresses, according to Iranian officials, but apparently did not cause any real damage to the computer systems attached to the country’s nuclear program. A Russian computer security lab discovered that there were four subsequent offshoots of Stuxnet. One was the Duqu Trojan virus designed to steal data and launched shortly after Stuxnet. Another, launched earlier this month, was the Stars virus, for which Iranian experts found similarities to Stuxnet in design, not purpose.
Of course the cyber attacks against Iran are believed to be the undertakings most probably of Israel with American complicity, or some division of labor thereof. That said, there is no concrete evidence of the origins of Stuxnet. Still, the covert war against Iran’s nuclear facilities is not exactly covert.
“US intelligence officials revealed earlier this month that the Stuxnet malware was not only designed to disrupt Iran's nuclear program, but was part of a wider campaign directed from Israel that included the assassination of the country's nuclear scientists,” Fars writes.
Iranian news agencies keep the world up-to-date on the country’s efforts to maintain pace with cyber warfare, at least from a defensive perspective. In November, Iranian news agencies announced that developed a program to combat the Duqu spyware.
Iran has also set in motion plans to create a separate body dedicated to the issue, the Supreme Council of Cyberspace, and has clearly demonstrated cyber army abilities, targeting dissidents at home and using pro-government hackers to shut down social networking platforms.
So is Iran ready to go on the offensive and target critical energy infrastructure in Israel and the US? In an interview with NPR, cyber security expert Jeffrey Carr, occasionally on loan to the Department of Defense, said "[The Iranians] have all the resources and the capabilities necessary to be a major player in terms of cyberwarfare."
"Cyber basically levels the playing field. It provides asymmetry that can give small groups disproportionate impact and consequence," said Frank Cilluffo, associate vice president and director of the Homeland Security Policy Institute at George Washington University, told a panel of lawmakers last week. "And whereas they may not have the capability they can rent or buy that capability. There's a cyber arms bazaar on the Internet. Intent and cash can take you a long way, and that is what I think we need to be thinking about."
The fear that Iran may launch a cyber attack on critical US infrastructure is a fear of retribution. Push Iran too far, and it is sure to go on the cyber offensive. By most accounts, it has, or could easily acquire, the necessary capabilities.
By Jen Alic of Oilprice.com
Jen Alic is a geopolitical analyst, co-founder of ISA Intel in Sarajevo and Tel Aviv, and the former editor-in-chief of ISN Security Watch in Zurich.