But experts wonder if it is a publicity stunt rather than new cyber attack
Still recoiling from the attack of a sophisticated computer virus that set back its nuclear ambitions, Iran is once again saying it has come under cyber attack.
The head of Iran’s cyberdefense agency Gholam-Reza Jalali dubbed the new worm “Stars” in an announcement on Monday, but he offered little information on it. That has computer security experts wondering if it’s a publicity stunt. It also raises the question of how Iran could retaliate for cyber warfare against an anonymous foe.
Jalali told the Iranian Mehr news agency that Stars had targeted government computer programs by disguising itself as an ordinary computer file. “The damage was very slight in the initial stage,” he said, adding, however, that Iranian scientists are still studying the cyber intruder.
While it remains unclear what the objective of the Stars virus is, it comes on the heels of Stuxnet, a highly sophisticated computer worm said to have caused major damage to Iran’s uranium-enrichment program and set it back considerably before it was discovered last September.
According to The Washington Post, the new Stars virus is aimed at Iran’s nuclear facilities and suggested “a broader campaign by foreign saboteurs to undermine Iran’s atomic energy program.”
“They have been doing a lot of publicity stunts ever since the whole Stuxnet issue,” Gadi Evron, an expert on Internet security, told The Media Line. “All that we have been able to ascertain is that Iran has been doing PR, meaning, there may be a real virus. There may be a real threat. But nothing is really known about it at this point.”
The U.S. has been leading an effort to force Iran to abandon its nuclear program through an array of measures, including economic and trade sanctions authorized by the United Nations. But behind the scenes, the U.S. and other countries – most notably Israel – may also be mounting a parallel campaign of cyber warfare and attacks on key Iranian scientists to thwart Tehran’s nuclear ambitions.
Iran insists the program is for peaceful development of nuclear energy, but Western powers are convinced Tehran aims to develop nuclear weapons. Israel has hinted that it might take out Iran’s nuclear sites with a military strike, but since the Stuxnet virus episode, it has toned down its threats.
“The nation should ready itself for the next virus since it’s possible that new viruses will be considerably more dangerous than the first,” Jalali was quoted as saying. He added that Stuxnet was still posing a danger to government computer systems and the country’s nuclear program “because viruses have a certain life span and they might continue their activities in another way."
He urged the government to take action against the enemies he said were waging cyber war on Iran.
"Perhaps the Foreign Ministry has overlooked the options to legally pursue the case, and it seems our diplomatic apparatus should pay more attention to follow up the cyber wars staged against Iran," Jalali said.
Iran has blamed the U.S. and Israel for launching the Stuxnet virus, which reportedly sent the centrifuges used to enrich uranium into damaging spins while concealing it from their operators.
“Stuxnet was very, very special and extremely advanced technology. We haven’t seen anything like it before. We haven’t seen anything like it since. It ‘s not your run-of-the-mill computer virus that you have on your computer. This one actually affected, according to reports, the nuclear program of Iran. What virus can actually claim that kind of credit?” said Evron, who was the founder of the team that handles computer break-ins in Israel (the Computer Emergency Response Team).
While Iran shared samples of the Stuxnet virus for analysis, it hasn’t so far released any of Stars.
“Every anti-virus vendor is clamoring to get their hands on this malware, yet so far Iran has not produced a sample of the code. Until a vendor or two can corroborate these claims this news falls into the propaganda category,” Andrew Storms, director of security operations for nCircle, was quoted as saying in the magazine PC World.
Evron said no one can ensure total protection from computer viruses. But he rejected the contention of some analysts that cyber attacks could one day replace military strikes.
“Because we use computers and the Internet so much it makes sense that attacking them would happen more and more. So it is another tool in the military arsenal,” Evron said. “It makes sense that in the future we’ll see more and more attacks, cyber attacks. Whether a missile will be more effective or a war will be more effective, I’m sure that it depends on the circumstances.”
Retaliating for a cyber attack raises question of accountability, particularly due to the anonymity and plausible deniability of those engaged in cyber attacks. The U.S. military recently established a Cyber Command and other nations such as Britain and Israel have flowed suit. Last summer, Israeli military announced it had set up a cyber force for “intelligence gathering, defensive and offensive operations”
“You may know who your rivals are but you may not know who is attacking you,” Evron said. “Counter attacks? There is a whole philosophical realm of can you actually counter attack somebody if you don’t know who they are, if they have actually attacked you. Do you have a casus belli to launch a war? Do you have any proof to have the moral high ground to launch a war if you can even define a war, especially on the Internet? If somebody would decide to counter attack I would hope for some sort of proof and it wouldn’t necessarily be on the Internet.”