A Research paper on Cyber warfare written by Muhammad Zubair Warsaji, for Afghan Views.

It was 29th, October 1969 when researchers at University of California, Los Angeles were able to transmit the first electronic message from one of their computers (SDS Sigma7) to another host computer (SRI SDS940) at Standford Research Institute.1  It was not just data transmission but was actually the birth of a Digital Universe, that we call  today as the “Cyberspace”.

As of now it contains billions of interconnected digital systems or nodes, capable of sending and receiving messages with different speeds up to the speed of light. The major and vital part of this digital population constitutes the Critical Government/Corporate infrastructure whose incapacitation or destruction has a debilitating impact on National Security or Public Safety.2

This mini paper briefs the Cyberwarfare going on between US, Israel (as allies) and Iran; and how effectively they used Cyber weapons to incapacitate and sabotage their critical infrastructure.

Keywords: Cyberwarfare, Cyber Assault, Digital Sabotage, Digital Ambush, GrooveMonitor, BitWiper, Stuxnet, Natanz

Introduction:
The term Cyberwarfare has been defined as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption".3 Leon Panetta, the US defense secretary said in an interview, "There’s no question that if a cyber attack, you know, crippled our power grid in this country, took down our financial systems, took down our government systems, that would constitute an act of war.”4

Coordinated Cyber Attacks on Iran:
Iranian Cyberspace has been a legitimate target for the US Cyber army and its allies since the Bush Administration. President Bush secretly authorized Cyber Assault on Iranian Cyberspace and code-named the operation as "Olympic Games".5 President Obama from his first day in office, not only backed up the authorization but also accelerated sophisticated Cyber attacks on Iranian Nuclear Enrichment Facility at Natanz.5

Facilities like Natanz are not connected to the Internet. It is because Internet is not a calm and secure space. Thus every single digital mean has been used to make malicious codes reach the critical systems.  It has been digitally targeted several times, wrecking its mission critical nuclear machines. As an example we can name STUXNET, a refined type of code written in coordination with US and Israel to attack Industrial Control Systems (ICS).

It is authored with the capability to covertly change the frequencies of certain types of Frequency Converters and control the speed of Motors.6 This worm caused Iranian Nuclear Enrichment Program to slowdown and loose more than a year because 1000 out 5000 IR-1 centrifuges were blown out at Natanz.5 The news that Natanz was successfully infiltrated by Stuxnet was attested by the Iranian President, saying that the malware has reached their Critical Infrastructure.7 

This is clear that the majority of the attacks on Iranian computer systems are focused on Natanz but  this time on December 16th, 2012, all Windows based machines with their regions set as Iran were targeted. MAHER the Iranian CERT team announced that a simple Zero-Day malicious code has hit their Computer systems running Microsoft Windows; deleting hard drives and desktop files.8 This small destructive code also known as "GrooveMonitor.exe", or BatchWipper as named by AlienVault Labs "could be deployed using several vectors, ranging from spear phishing emails, infected USB drives, via some other malware already running on computers, or an internal actor uploading it to network shares,".9 It has been configured with a set of predefined dates. If the dates on the Windows machines match, "it will wait for 50 minutes and then try to delete all files from drive D throughout I. It will also wipe all files from the user's desktop."10

The features of this malicious code are kind of similar to Shamoon Malware which damaged about 30,000+ computers of Saudi's Aramco Oil company on August 15th, 2012 deleting their files and halting their operations.11 It took Aramco 10 days to restore their internal network.12  Here ten days for one of the world's top most oil production companies mean a loss of hundreds of millions of dollars. But anyway the authors of these two pieces of malicious code are not related.

Iranian Cyber Exercises on US & its allies:

Now it seems that the era of using bits and bytes to fighting battles and wars have already started and it is not only US and its allies that possess cyber weapons but many other nations including Iran has also demonstrated their cyber capabilities in the past. Let's see what Iranian Cyber Army did  in response to the secret Cyber attacks authorized by the US government.

The Iranian Cyber army carried out a Cyber exercise in 2009 and hacked the Name Servers hosting the DNS records of one of the most popular microblogging sites called Twitter, redirecting users to the page set by Iranian Cyber Army.13 Twitter services were denied for visitors and there seemed no other motive except a Cyber Power showoff and publicity.     

Despite of many structured Cyber attacks on US, hackers associated with Iranian Revolutionary Guard carried out two effective Cyber attempts on mission critical systems of US air force. They very easily exploited a vulnerability of the US Stealth Drone RQ170, flying around Afghan-Iranian border, making two of the Drones smoothly land at Iranian Airbase.14

Statistics online show that Iran has not only been busy carrying out reconnaissance attacks on US infrastructure, but Iranians have also conducted several structured passive and active attacks on the critical infrastructure of US allies like Israel.

On October 28th, 2012, the computers at Israeli Police department were shutdown because of a Cyber attack. Times of Israel reported “The Cyberwar is already here, and Israel apparently lost the first round after a suspicious file was found circulating on police computers..”15, and was further attributed to Iran.

Iranian Hackers were also involved with the Anonymous Hackers' Collective and carried out effective cyber attacks in Israeli cyberspace during the Israeli offensive on Gaza last November. Israel incurred serious loss by losing critical government and corporate resources.. Carmela Avner, Israel's chief information officer said on 18th November 2012 that "the war is being fought on three fronts. The first is physical, the second is the world of social networks and the third is cyber attacks"16.

Conclusion:
Today Cyberspace has become so critical to military, that it is counted in the same category of importance as land, air and sea. Who would have thought that one day this digital universe would become so critical that the Pentagon would recognize it as "the fifth domain of warfare"? 17 Now one of the infrastructural projects of every nation should be to  secure their cyberspace because every national infrastructure at some point is seriously dependent on it.  It is only possible when nations develop a cyber code of conduct for appropriate use of ICT and promulgate a genuine security policy that stipulates the standards that cybersecurity users (entities, partners and providers) will be expected to meet. 18

References:

[1] First Electronic Message sent between UCLA & SRI
[2] "Critical Infrastructure Protection and Resilience" Department of Homeland Security USA
[3] "CYBER WAR: THE NEXT THREAT TO NATIONAL SECURITY AND WHAT TO DO ABOUT IT" by Richard A. Clarke
[4] "Not if or when, cyber war is happening now" by Defense Systems
[5] "Obama Order Sped Up Wave of Cyberattacks Against Iran" By DAVID E. SANGER
[6] "Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?" by David Albright, Paul Brannan, and Christina Walrond
[7] "Iran says cyber foes caused centrifuge problems" Reuters
[8] "MAHER, The Iranian Computer Emergency Reponse Team (CERT)" with incident ID: IRCNE2012121703
[9] "Batchwiper: Just Another Wiping Malware" by Alien Vault Labs
[10] "GrooveMonitor, another Wiper Copycat?" by Roel, One of Kaspersky Lab Experts
[11] "Saudi Aramco says cyber attack targeted kingdom’s economy" by Al Arabiya & AFP
12] "Saudi Aramco: Foreign hackers tried to cork our gas output" by John Leyden
[13] "Twitter hackers appear to be Shiite group" by CNN
[14] "US admits losing stealth drone held in Iran" by Aljazeera
[15] "How Israel Police computers were hacked: The inside story" by David Shamah Times of Israel
[16] "Anonymous declares 'cyberwar' on Israel" By John D. Sutter, CNN
[17] “Doctrine to Establish Rules of Engagement Against Cyber Attacks By Donna Miles AFP”
[18] “Cybersecurity guide for developing countries Edition 2007”  by ITU