Terror-Byte: why we need a Hard Drive to shutdown cyber-Terrorism

There are a number of details within the Shamoon story which show some of the dangers of cyber-terrorism and the murky virtual world within which it operates.

Firstly, there are some commentators who believe Shamoon is either state-sponsored or even state-initiated (see here, here and here), some going so far as to identify Iran’s finger on the trigger. Things are rarely either simple or favourable to the West where Iran is involved and it seems that the world’s most prolific sponsor of terrorism has quite comfortably moved into the cyber domain. This is clearly demonstrated by a report from the Atlantic Council on Iran’s cyber capabilities, which states that “[c]oncerns about Iran’s cyber abilities [a]rose in 2012 in connection with so-called distributed denial of service (DDoS) attacks on American financial institutions that briefly cut off access to online accounts and required expensive countermeasures.”

Secondly, which may well strengthen the case for Iran’s involvement with Shamoon, is the similarity of Shamoon’s structure to the Flame malware virus. Flame was a modular malware discovered in a huge number of computers across the Middle East, including Iran, in April 2012. This sophisticated virus was using infected machines to make voice recordings, note keystrokes and steal information, reporting back to a host computer, which was suspected to be in Israel. Whilst Shamoon is clearly ‘a copycat, the work of script kiddies’, riddled with ‘simple’ coding mistakes, this is congruent with Iran’s modus operandi. Iran demonstrated their knack for ‘recycling’ ideas when they unveiled the Shaher .57 calibre anti-materiel sniper rifle, a ‘scaled-up’, ‘cheaply’ made ‘clone’ of the Austrian-made Steyr HS-50, which is 0.50 calibre. This follows the February 2013 announcement of the Qaher 313 stealth fighter, which has been compared to a ‘cheap copy an American F-22 [Raptor].’ Further examples of this behaviour also include the modification and cloning of Chinese technology. The Mithaq-2 man-portable air defence system (MANPAD), a shoulder-launched surface-to-air missile (SAM), would appear to be a modified version of the Chinese QW-1 Vanguard. The Iranian Noor anti-ship missile has been reported as a copy of the Chinese YJ-82 cruise missile.

The further problem that this shows, aside from the complications of state involvement, is the amount of knowledge already available to would-be cyber-terrorists. The full source code of some malware, including Stuxnet, is now available online for all to find, copy, modify and/or take inspiration from as they see fit. The Flame malware, whilst not available in full, has been extensively discussed and analysed (here, here and here), providing a treasure trove of information for would-be cyber-terrorists. This openness, whilst useful for academic purposes, is lowering the knowledge threshold for cyber-terrorists to produce formidable malware, as with Shamoon.

The above notwithstanding, there are still significant barriers for cyber-terrorists to clamber over before they can launch sophisticated cyber attacks as seen in Skyfall. Attacks on specific systems such as banks require insider familiarity and often working knowledge of a number of the myriad programming languages out there. However, terrorists are capable of doing significant damage without such sophisticated, information-age cyber-weapons. The Assad-aligned Syrian Electronic Army inflicted $136billion worth of damage on Wall Street when it hacked the Associated Press Twitter account and tweeted that the White House had been bombed and President Obama was injured. Such a feat requires considerably less technical knowledge to pull off than is necessary to build a complex cyber-weapon.

This is the position that cyber-terrorists find themselves in at present, but technology almost always eventually proliferates and permeates until it is available to private individuals. Governments first produced nuclear weapons in the Manhattan Project in 1945. By 1976 a PhD student called John Aristotle Phillips produced plans for a nuclear weapon from publicly available documents, which were verified as capable of producing a nuclear explosion by a scientist from the Manhattan Project. The main hurdle between terrorists and nuclear weaponry is the availability of weapons-grade Uranium and/or Plutonium. This is not a hurdle presented to those who seek to learn how to produce cyber-weapons.

Whilst effective cyber-weapons are very difficult to produce, let’s not forget that Linus Torvalds managed to write the Linux operating system entirely on his own (see his book Just for Fun: the Story of an Accidental Revolutionary) without the huge resources available to a state. The most challenging hurdle for cyber-terrorists is the delivery of the malware by breaking or otherwise circumventing the formidable firewalls and other countermeasures put in place to keep them out. However, even this difficult task can be completed with shortcuts. Stuxnet is believed to have been delivered to Iran’s nuclear infrastructure through an infected USB stick, likely by either an inside agent or an unwitting employee. Even more ingeniously, cyber-criminals managed to gain access to a bank’s systems by using a fake maintenance man to install a Keyboard-Video-Mouse (KVM) switch, which is used by people with one keyboard, monitor and mouse, but who want to switch between multiple computers. This allowed the criminals to access the bank remotely and steal £1.3million, although they were subsequently caught in this case.

The fact that no one has yet been seriously harmed by cyber-terrorism should not offer comfort to anyone.

Simon Schofield is contactable at:

Simon.Schofield@hscentre.org

Please cite this article as:

Schofield, S. (2014). ‘Terror-Byte: why we need a Hard Drive to shutdown cyber-Terrorism’

Human Security Centre, Defence and Security, Issue 1, No. 2.