The media is a buzz with the ongoing “cyber warfare” attacks against Iranian Government servers following the election and protests that have followed in Iran this week. It is all about Twitter according to many news articles.
For an excellent analysis head over to Dancho Danchev’s blog, as always he has done an excellent job at dissecting the attacks from a technical perspective.
By utilizing the people’s information warfare concept, Iranian opposition has managed to successfully organize a cyber attack against Tehran’s regime (complete analysis) by using Twitter, web forums, and localization (translation) of the recruitment messages in order to seek assistance from foreigners.
So far, their rather simplistic denial of service tools has managed to disrupt access to key government web sites, and the intensity of the attacks is prone to increase since the opposition appears to be in a “learning mode”.
Iranian Opposition DDoS-es pro-Ahmadinejad Sites
The State of Irans Ongoing Netwar – Slashdot Coverage with some interesting comments
Irans Netwar – Netwar focused coverage with some background on the history of “Netwar”
This excellent piece of work by the Citizen Lab should be required reading for any human rights or political organisation. It highlights a focused and high value targeting by attackers (whoever they are) that clearly oppose the groups goals.
This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.
The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.
GhostNet – Investigating a Cyber Espionage Network
Infowar-monitor.net
