The United States-led sanctions against Iran have impacted another company: Samsung and its app store.

As of May 22, Iranian Samsung phone owners will no longer have access to Samsung’s app store, as the Associated Press reports.

Since the late ’70s, the U.S. has used sanctions to target the Iran’s pocketbook. While this is all done in an attempt to influence Iran’s policies, the sanctions have had a greater affect on the Iranian people and the foreign companies that still work within its borders.

In a message sent to customers, Samsung blamed “legal” barriers for the move, though there isn’t much detail beyond that.

There are a few theories, however. Farhad Alavi, a lawyer whose practice focuses on international trade issues, says the move is all about covering up what he calls the “exposure points” in Samsung’s Iran operation.”The problem that you have with something like an app store is that lots of those apps are probably made by Americans,” he said.

While the US imposes a blanket ban on exporting American-made devices to Iran, devices like the iPhone are still popular there.

There’s also the server question. Samsung may be a Korean company, but if any of the servers housing its services or apps are in the U.S., dealing with Iran could expose it to significant blowback from the U.S. government. It’s hard to say for sure.

Jamal Abdi, policy director at the National Iranian American Council, also points to the financial concerns companies like Samsung face when dealing with sanctioned countries.

“There’s a huge chilling effect that the sanctions have had on companies. If you do business with Iran, it’s often tougher to do business with the U.S.,” Abdi said. Current sanctions also place restrictions on what kinds of financial transactions come out of Iran, which also complicates things for Samsung.

That’s a lot to take in and worry about, which is why it’s not all that surprising that Samsung decided to give up on its app store in Iran rather than try to hash through its legality.

We’ve reached out to Samsung for more details on the situation, but the company has yet to respond.

With the move, Samsung joins companies like Huawei and Nokia-Siemens, which began winding down its operations in Iran last year. At the time, Nokia said that the sanctions against Iran made it almost impossible to do business in the country, and it’s probably fair to assume Samsung has been under similar pressure.

Notably, Samsung is unique among tech companies in its localized support for Persian, which is spoken by 110 million people. U.S. export restrictions prevent companies like Apple and Microsoft from selling their products in Iran at all, as Apple’s corporate policy on export sales notes. (Not that that prevents Iranians from getting their hands on Apple products.)

Iran remains a significant market for Samsung, which is why it’s unlikely that the company is going to completely give up on the country anytime soon.

Photo:Devindra Hardawar/VentureBeat

As The Telegraph reports, Tehran scientist Ali Razeghi has invented a device about the size of a personal computer that will predict details of your future for the next five to eight years. He’s registered the device with the state-run Centre for Strategic Inventions, the Iranian version of the USPTO.

Apparently, no one there has ever heard of a magic 8-ball.

Razeghi intends to mass produce the device and use it to help Iran “prepare for challenges that might destabilize it,” as well as perhaps manipulate foreign currencies for fun and profit.

But he’s not releasing his time machine — which he says the U.S. has spent “millions” trying to invent — just yet. And the reason has nothing to do with whether or not the device works.

Rather, it’s for self-protection:

“The reason that we are not launching our prototype at this stage is that the Chinese will steal the idea and produce it in millions overnight.”

Razeghi is apparently a serial entrepreneur with more than 179 inventions to his credit. I only wish we could see them all. He is clearly one creative individual.

photo credit: Stéfan via photopin cc

A group of legal experts invited to study at NATO’s Cyber Defense Center of Excellence released a report over the weekend that names 2010 Stuxnet cyberattack on Iran’s nuclear power plants as an illegal “act of force.”

The study is called The Tallinn Manual on the International Law Applicable to Cyber Warfare and is supposed to act as a “textbook,” as one of its writers Michael Schmitt explained to the Washington Times. It shows how traditional international law and cyberwar can be interpreted together.

It outlines an act of force as anything that kills or injures humans or otherwise destroys or damages objects. The Stuxnet virus, which infects SCADA systems, or the computers that control industrial infrastructure, infected Iran’s Natanz nuclear power plants. Specifically, it critically damaged the section of the plant that released an important gas into its centrifuges.

The malware is suspected to be a joint effort between the governments of the U.S. and Israel, though neither have accepted responsibility.

As Schmitt noted, however, the U.N. states that acts of force can be used by countries in self-defense, whether that’s in response to an act of force or a preemptive strike against anticipated danger. Though the manual states this attack is probably considered illegal under traditional law, the U.S. and Israel fear nuclear attacks from Iran, making it plausible that the “act of force” was in self-defense. That is, if these two countries are behind the attacks as is suspected.

How other countries should react, however, is up to them. The manual is not intended to be law or an outline of rules. Rather, it is a proposed way of putting existing law into action around cyber attacks. However, some say that the current laws aren’t good enough for cyberwar given the lack of experience we’ve had with real, war-time cyberattacks.

hat tip Wired; Iran nuclear plant image via President.ir

SAN FRANCISCO — Symantec uncovered a new, earlier version of Stuxnet today, the malware that attacked Iran’s nuclear systems in 2010. This version, Stuxnet 0.5, predated the Stuxnet we all know, and it was created four years earlier than we expected.

Stuxnet 0.5 was active between 2007 and 2009, though Symantec researchers were able to trace its origins back to 2005. The Stuxnet we are familiar with was first created in 2009.

“We are now entering close to the end of the first decade of weaponized malware,” said Francis deSouza, Symantec’s president of products and services, who spoke at the RSA conference in San Francisco today.

The malware that later attacked Siemens SCADA systems controlling the motors in the Natanz nuclear facility originally attacked the valves that controlled a certain type of gas released into the centrifuges.

The earlier version was disseminated through infected USBs and sought out Siemens Step 7 project files. The malware was officially taken offline January 2009 when it stopped communicating with its command-and-control servers, but traces of it can still be found within Step 7 files on computers around the world.

It was built in part on the Flamer platform, the same one built, of course, Flame. The Russian security firm Kaspersky Lab discovered Flame last year and quickly called it one of the most sophisticated cyber-espionage tools ever.

The later version of Stuxnet was moved to the Tilded platform, relating it to Duqu.

Further differentiating itself, this Stuxnet 0.5 was slightly less sophisticated in that it didn’t move from system to system exploiting a vulnerability in Windows.

Nuclear plant image via Shutterstock

While Yahoo Mail may not be the most popular email service in the world, it is widely preferred to all other services in Iran, according to a new study by Conovi.

Iran is an especially interesting place to look at digital trends, considering the country actively blocks its citizens from sites it doesn’t agree with. A previous surprising trend was that 58 percent of Iranians use Facebook despite some blocks by the government.

The latest study was conducted by Chimigi, an online reasearch panel owned by Conovi. It surveyed 800 respondents. One of the most interesting trends was that 63 percent of respondents preferred Yahoo mail to all other email services, including Gmail and Hotmail. Gmail is preferred by 32 percent while Hotmail has only a 2 percent preference.

“Iran remains one of Yahoo’s leading markets,” Conovi managing partner Amir‐Esmaeil Bozorgzadeh said in a statement. “Although the general idea is that the more tech-­savvy users prefer Gmail, and the trend we’re seeing is certainly moving in Google’s direction.”

A few other interesting points of note in the study:

• The most popular web security apps among respondents is ESET’s NOD32 (48%), Kapersky (18%), and Microsoft Security Essentials (9%)
• 69% of respondents spend between 30 minutes and 2 hours on email each day
• The most-used Google service among respondents is Google Translate at 53%

Check out the infographic below for surprising stats on digital Iran:

Photo illustration via Sean Ludwig/VentureBeat
Original Iran map image via Aleksandar Mijatovic/Shutterstock

The United States has been watching Iran for cyber activity for some time now with a fear that cyber espionage and war tactics are getting even stronger. One Air Force commander is jumping on board with this concern, saying Iran in particular is a “force to be reckoned with.”

U.S. Air Force Space Command General William Shelton told Reuters he believes Iran was provoked by the Stuxnet attacks in 2010, and has been building up its cyber war tactics ever since. In order to prevent future attacks, Shelton explained that the Defense Department plans on expanding the number of civilian Air Force employees working on network security by 1,000. This adds to its current 6,000 employees, as Ars Technica notes.

Stuxnet, the virus that Shelton says may have caused Iran to increase its cyber warfare development, attacked the country’s Natanz nuclear plants in 2010. The virus attacks SCADA systems, or the computers that control industrial, physical equipment such as nuclear fueling infrastructure, all the way down to prison doors. The attacks did just that, and reportedly damaged the fueling equipment used in this nuclear facility.

It was later uncovered that Stuxnet was a joint effort between the United States and Israel.

Defense Secretary Leon Panetta warned of more of these attacks in a recent speech saying we can expect a “cyber Pearl Harbor” on our hands. He pointed out how connected devices, water supplies, and electrical grids can all be tampered with and that we need to prepare for cyber war in the future.

Air Force image via Shutterstock

U.S. “intelligence officials” believe Iran could be the force behind a number of attacks on banking institutions in the United States, according to the New York Times. The attacks, which started in September 2012, focus not on stealing money, but on knocking the bank websites offline.

Financial institutions have had reinstate their websites after cyber attacks overload them, knocking them offline. The affected banks include Bank of America, Wells Fargo, Capital One, HSBC, and Citigroup.

When VentureBeat reached out to Bank of America, the institution said it had no comment on the suggestion that Iran could be behind the attacks.

But James A. Lewis, the director and senior fellow for the technology and public policy program at the Center for Strategic and International Studies, told the Times, “There is no doubt within the U.S. government that Iran is behind these attacks.”

Lewis previous served as an official within the U.S. State Department and the Commerce Department.

The cyber aggression comes in the form of denial of service attacks. These attacks send packets of information at a rate much higher than a server’s ability to process them, overloading the server, and shutting down the website. It’s a fairly common attack since the onset of Anonymous, a group of hackers known for taking political stances and for their propensity to protest using denial of service attacks.

As Forrester analyst John Kindervag notes to the Times, however, the suspected hackers are using more sophisticated methods in their DDoS attacks. Where these attacks are usually launched from individual computers, it seems the attackers have rallied whole cloud networks to send off huge amounts of traffic to the bank servers.

That means Iran, if it is the culprit behind the attacks, could either be building its own private cloud network or somehow stealing less secure, but already established private clouds from other companies. With networks being used to launch the DDoS attacks, that banks are being hit by a substantial force.

Officials also believe the attackers are using a new form of DDoS called encryption denial of service. Since banks process a number of encrypted transactions dealing with the type of data they do, attackers can send hundreds of thousands of encryption requests to overload the servers.

Tactics as complex as these support the idea that the attacks are state sponsored.

A number of groups have come forward to claim the attacks, such as Izz ad-Din al-Qassam Cyber Fighters, who say they attacked the banks because of an offensive video. Others such as a cyber criminal known by the handle “vorVzakone,” posted intent to hack the banks in a campaign called “Project Blitzkrieg” on a Russian forum in September. VorVzakone , however, suggested attackers would hit the banks with malware and actually steal information rather than just knock down websites. Still, McAfee gave weight to vorVzakone’s post, saying Project Blitzkrieg is a “credible threat.”

It seems officials think the former group may just be a front for state sponsored attacks out of Iran, which could be retaliating for recent cyber attacks believed to be joint efforts by the U.S. and Israel. The attacks could also be connected to economic sanctions against the country in recent years.

Bank image via Shutterstock

Iran is claiming that Stuxnet, the powerful virus that infected its nuclear power facilities in 2010 is back on the attack, targeting other power and governmental systems in the past few months.

The reports come out of Iranian news organization ISNA, according to the Associated Press, which quoted Iran’s provincial civil defense chief Ali Akbar Akhavan as confirming the events. Akhavan reportedly went on to say that the attacks were focused on Iran’s province of Hormozgan, including a power plant located there. The issue was supposedly mitigated by Iran, and suspected to be of U.S. and Israeli origin given that the virus Stuxnet is the suspected culprit.

Iran’s Culture Ministry may have also been a target, according to the New York Times.

Stuxnet is a computer virus that attacked Iran’s nuclear power plants systems in 2010, specifically the computers that controlled the fueling of its nuclear power plants. The attack was later believed to be a joint U.S. and Israel project as a result of growing fears that Iran was building nuclear weapons.

The virus attacks “SCADA” systems, or supervisory control and data acquisition. These systems control major physical infrastructure such as power plants, prison door systems, and electrical grids more. Stuxnet attacks SCADA specifically, shutting down the processes they control. SCADA systems are a scary target, as they control very important entities. For example, one researcher discovered that by hacking a SCADA system, he could open all the prison doors on a maximum security prison.

It is not uncommon to see malware reappear in the wild with slight tweaks that help it fool barriers put up against it. It has not been confirmed, however, whether the Stuxnet virus was behind these attacks.

Power plant image via Shutterstock

U.S. Defense Secretary Leon Panetta is freaked out, and for good reason. He advised America today that the country is in danger of a cyber attack that could end in civilian death.

According to the New York Times, Panetta aired his concern during a speech in New York City saying we may experience a “cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.”

Specifically, he referenced the growing potential for hacks on critical infrastructure, energy grids, and other smart devices. He mentioned derailing trains and contaminating water supplies. There’s evidence to support his concerns, starting with the Stuxnet attacks in Iran in 2010. Stuxnet infected the fueling systems of Iran’s nuclear power plants, causing them to malfunction. The malware attacked “SCADA” systems used to control infrastructure used in all different kinds of businesses including oil facilities to prisons. Indeed, researchers already believe the prison doors to maximum security prisons could be opened due to a similar attack.

Other than to warn the American public about it’s future doom, Panetta was also there to pull support for a cybersecurity bill. Panetta wants a new kind of communication between private businesses and the government sector, so that law enforcement can find out about and assess new viruses quickly.

“Attackers only need to find one weak point in any target, and every major target that Secretary Panetta is concerned about has a truly massive attack surface to check. The need for automation has gone from high to extreme – every critical organization must automate their assessment of whether their attack posture is weak,” said RedSeal Networks chief technology officer Dr. Mike Lloyd in an email to VentureBeat. “However, the Federal Government cannot defend all the private infrastructure we depend on – the banks, the power companies, the transportation infrastructure. These companies have to appreciate the threat to their shareholders and the general public, and this is why Secretary Panetta is making clear how serious the situation is.”

The U.S., according to Panetta, should be watching countries such as Russia, China, and Iran as well. This week the United States Congress Intelligence Committee issued its own warning against Chinese telecommunications vendors Huawei and ZTE stating that they couldn’t be trusted to be out of the influence of the Chinese government. The committee also urged any U.S. companies working with the two should find new partners.

Leon Panetta image via Official U.S. Navy Imagery/Flickr

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The U.S. Congress Intelligence Committee and telecommunications vendor Cisco are agreed on one thing: Chinese networking equipment companies can’t be trusted.

Whether that’s just political posturing and jingoistic protectionism or the plain simple facts of global geopolitics depends a lot on who you believe.

According to Reuters, this morning Cisco killed a seven-year partnership with Chinese networking manufacturer ZTE after investigations reportedly showed that ZTE sold banned technology to Iran. Sending U.S.-developed technology that could allow Iran to monitor and control Internet usage violates U.S. sanctions against that country — and could put Cisco’s U.S. business in jeopardy.

According to Cisco’s financial statements, more than half of its revenue is from North and South America, and most of that will be from the U.S. Cisco had partnered with ZTE, licensing Cisco technology to the up-and-coming company in an attempt to fight larger and more dangerous competitor Huawei in emerging markets.

Coincidentally, perhaps, the U.S. House of Representatives’ Intelligence Committee released a draft report saying, in part, that both Huawei and ZTE “cannot be trusted to be free of foreign state influence,” and therefore, U.S.-based Internet service providers and telecommunications companies should “seek other vendors” for infrastructure projects.

This is not new.

Congress has been concerned about China electronically spying on the U.S. for some time now. The concern is that, since Chinese companies either have close ties to the Chinese government or can be compelled to allow significant amounts of government access to their technology, products used in the sensitive telecom industry could contain backdoors or intentional security holes to facilitate espionage.

Very similar, of course, to what the FBI wants Facebook, Twitter, and Skype to grant it. Or to what the NSA was rumored to have built into various version of Windows.

China has been accused of industrial espionage many times, as well as of spying on activists and political dissidents, and very recently was reported to be attempting to access military systems in the White House itself (not for the first time). So it’s hard for China to wear the white cape here.

But that doesn’t stop the country from trying, and a spokesman for China called upon Congress to “set aside prejudices and respect the facts,” according to Reuters, as well as offering a veiled threat, saying the U.S. should “do more that is beneficial to Sino-American economic and trade ties, rather than the contrary.”

The story won’t end here.

But if it continues in the current path, this war of words threatens to become something more substantial, potentially involving trade sanctions on both sides.

photo credit: ukaszSie via photopin cc

A purported Iran scientist working for the Atomic Energy Organization of Iran e-mailed an SOS to F-Secure Chief Research Officer Mikko Hypponen this weekend, saying the AEOI was under a cyber attack.

Hypponen, who is well-regarded in the security community, published a blog post this morning saying he can’t confirm the details, or even existence of the attack, but he can confirm that the e-mails were being sent from within the AEOI.

It sounds like the AEOI may have been hit with an infrastructure-targeting malware attack, similar to those that have plagued the Middle East since 2010 starting with Stuxnet. However, there’s no independent confirmation of this attack’s existence.

According to the e-mail, the malware shut down the AEOI “automation network” in its Natanz and Fordo facilities. The “scientist” specifically mentions Siemens hardware, which could be a reference to SCADA systems, or control systems that electronically monitor and power various pieces of industrial infrastructure. These systems were targeted by the Stuxnet virus that brought down part of Iran’s nuclear fuel systems in 2010. He also mentions that the malware turned on computer’s volumes to high and blasted what appeared to be ‘Thunderstruck’ by AC/DC. Cyber criminals have to have a little humor too.

Iran has been the target of quite a few new pieces of malware this year, including the latest Flame malware that many describe as one of the biggest advancements in cyber espionage to date. The virus comes with 20 different modules that, when unpacked, spy on the infected computer, sending data back to its command and control servers. It detects when you’re using a communications app such as IM or Gmail, and takes screenshots to record your conversation. It can also turn on the computer’s microphone and record audio in the vicinity, sniff network traffic, log your keystrokes, and more.

Some say the U.S. and Israel came together to create Flame — the same is said of Stuxnet.

A similar piece of malware called Madi was also uncovered recently. Madi enters the system through phishing e-mails. When an attachment in the e-mail is opened and installed, Madi opens up a decoy Word Document or PowerPoint presentation, while quietly downloading the malware in the background. Like Flame, the trojan knows when a communications app is open and takes screenshots, as well as records audio, and logs keystrokes.

Both Flame and Madi attack critical infrastructure firms and government entities.

Whether or not this new attack is real, whether it is associated with either malware, and whether this is a new strain, are all still unknown. See the full e-mail below:

I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.

We have reached out to Hypponen and F-Secure and will update with more information upon hearing back.

Image via Shutterstock

A team from the University of Texas at Austin showed Homeland Security just how detrimental GPS spoofing can be to our drones program. The group hacked a school-owned drone using a cheap, home-made spoofing tool.

With Homeland Security officials standing by, the team confused a hovering drone from nearly a mile away using GPS spoofing. GPS spoofing is the act of hacking into a GPS system and tricking it into believing it’s somewhere it’s not. From here, a hacker could provide new coordinates for the drone to follow and eventually ground the aerial vehicle in their desired location. While the process seems complicated, Professor Todd Humphreys from the University of Texas at Austin created a spoofer for less than $1,000 that could execute the necessary instructions.

“In 5 or 10 years you have 30,000 drones in the airspace,” Humphreys told Fox News. “Each one of these could be a potential missile used against us.”

The spoofer convinces the target drone into believing all the information it is being fed is legitimate — that nothing is unusual. He then is able to change the drone’s course to his liking.

In 2011, Iran captured a U.S. drone. It was believed that engineers in the country had detected the drone and used GPS spoofing to bring it down. At the time, the American Civil Liberties Union called for more restrictions on drone usage in U.S. airspace, as many begin to fear how these drones could turn on us.

via Fox News; Drone image via AN HONORABLE GERMAN/Flickr

While security researchers have uncovered many things about the Flame malware, one big question has remained unresolved: Who created it?

They might not be surprised by the answer. According to anonymous Western officials, Flame was the work of the governments of the United States and Israel, reports The Washington Post.

The goal of Flame was just as researchers had initially suspected: Espionage. The US and Israeli governments wanted to thwart the nuclear efforts of Iran, and to do that they needed as much information as they could get their hands on. The CIA, NSA, and Israeli military were all involved in the creation of the malware, sources say.

This confirmation follows a story from The New York Times that reported the U.S. and Israel were also responsible for Stuxnet, which attacked Iran’s nuclear facilities in 2010.

This connection wasn’t lost on researchers, who last week discovered a code-level connection between Stuxnet and Flame. Seeing the strong similarities in certain segments of the workings of both Stuxnet and Flame, researchers concluded that the programs’ creators were working together. The Washington Post‘s sources confirmed this: Both Stuxnet and Flame were developed as a part of a program known as Olympic Games.

According to the report, Iran discovered Flame as a result of a viral strike Israel made on Iran’s Oil Ministry and oil-export facilities in April. The attack, which Israel carried out without warning the U.S., allowed Iran to uncover Flame’s infiltration.

Not that the discovery of Flame and Stuxnet have deterred the NSA and CIA: Both agencies are still hard at work on follow ups.

It’s been rumored for some time that the Stuxnet virus, which attacked Iran’s nuclear facilities in 2010 before escaping and wreaking havoc on the public Web, was a joint effort between the U.S. and Israel. But, aside from security firm reports, their connection was mostly speculation — until today.

A lengthy New York Times report this morning confirms that Stuxnet was indeed an American and Israeli project, and it also reveals some fascinating details about the first major cyberwar effort in the world.

According to the NYT, the cyberwar campaign, dubbed “Olympic Games,” began under President Bush in 2006 as a way to stall Iran’s nuclear ambitions. After virtually mapping Iran’s Natanz plant, the U.S. worked with an Israeli team to create an early variant of Stuxnet, which was programmed to target Siemens equipment and destroy centrifuges being used to purify uranium.

Given that the U.S. was in the middle of several ground efforts in the Middle East, it was tough to rally international support for a physical strike against Iran as well. A cyber-strike made more sense at the time, and it seems President Obama agreed, as he accelerated the cyberwar effort during his first few years in the White House.

“From his first days in office, he was deep into every step in slowing the Iranian program — the diplomacy, the sanctions, every major decision,” a senior administration official told the NYT. “And it’s safe to say that whatever other activity might have been under way was no exception to that rule.”

All was going well until an updated version of the virus made its way out of the Natanz plant. The new version of the virus had an error in its code that allowed it to spread to an Iranian engineer’s laptop, and it spread to the Internet when he left the plant.  White House officials blamed Israel for the mistake, according to the NYT.

Once the virus began replicating itself on the Web and attacking Siemens equipment worldwide, security companies ended up calling it Stuxnet.

Flame, the most recent virus targeting computers in the Middle East, wasn’t a part of Olympic Games, American officials told the NYT. They didn’t comment on whether the U.S. was behind Flame.

There are plenty of advantages to cyberwarfare: it involves practically no human casualties and lengthy ground campaigns, to name just a few. But it’s not a panacea, as relying too much on cyberwar efforts will inevitably make the U.S. a bigger target for cyber-strikes. That’s something that President Obama kept in mind as he accelerated the Olympic Games effort, the NYT reports.

Photo via President.ir

Update: The United Nations is sending out a warning to member countries about cyberwar tool Flame.

Iran has confirmed the presence of a new and highly complex piece of malware targeted at Middle Eastern countries. The virus, called Flame, is said to be as worrisome as Stuxnet, which plagued Iranian nuclear systems in 2010.

“This malware is a platform which is capable of receiving and installing various modules for different goals,” Iran’s CERTCC said in a blog post. “The research on these samples implies that the recent incidents of mass data loss in Iran could be the outcome of some installed module of this threat.”

Iran says that it has created an anti-virus tool that can detect Flame, as well as a removal tool, which is being distributed.

The New York Times is reporting that this virus has hit high-ranking Iranian officials. Russian security company Kaspersky Lab first unveiled the virus yesterday, saying it was one of the most complex cyberwar tools it has ever seen. It may have been running unchecked for at least two years, and was attacking a number of household computers around the Middle East. The firm found Flame while researching another virus called Viper, which was deleting hard drives in the Middle East and recently caused Iran to shut down Internet access to its oil infrastructure.

The United Nations is sending out a warning about Flame to its member countries agreeing that it may be a state-sponsored attack, according to news site Aljazeera.

“This is the most serious [cyber] warning we have ever put out,” said UN cyber security coordinator Marco Obiso, cyber security told Aljazeera.

Flame has the ability to turn on a computer’s microphone and record audio of conversations happening around the computer. It can listen for when you open up “interesting” communications programs, such as an instant message box, and take screenshots to record the conversation. It can also watch for your keystrokes, and listen in on your network, all the while sending this information back to its many command and control servers.

Both Iran’s CERT and Kaspersky note that it is similar to Stuxnet, a state-sponsored virus that was used to attack infrastructure that provided fuel to Iran’s nuclear program. Flame does not attack these types of systems, or SCADA systems. However, Kaspersky believes that like Stuxnet, Flame is a state-sponsored attack, and according to the New York Times, Israel may be hinting its involvement.

“Anyone who sees the Iranian threat as a significant threat, it’s reasonable that he will take various steps, including these, to harm it,” said Moshe Yaalon, Israel’s vice prime minister and strategic affairs minister, on Army Radio Tuesday. “Israel was blessed as being a country rich with high-tech, these tools that we take pride in open up all kinds of opportunities for us.”

via The New York Times; Flame image via Shutterstock

Iran shut down Internet access to its oil terminals today following a cyber attack that is said to have begun on Sunday afternoon.

The Oil Ministry shut down Internet access to all of its oil facilities, operations, and rigs soon after finding the virus, dubbed “wiper”, according to an anonymous Oil Ministry employee who spoke with The New York Times. According to this individual, Iran’s oil production and exports were not affected.

The virus was responsible for some wiped hard drives within the ministry, appropriately earning its name. Related websites such as the National Iranian Oil Company and the National Iranian Gas Company were also shut down, according to the Times, though whether they were shut down by the virus or the Ministry remains unclear.

This virus isn’t the first of its kind to hit Iranian infrastructure. In 2010, a virus called Stuxnet affected Iran’s nuclear program by attacking its control system called SCADA or supervisory control and data acquisition. The SCADA system controls various processes (both hardware and software oriented) within the nuclear program, including those responsible for creating fuel for potential nuclear weapons.

“Attacks on critical infrastructure are more common than many think,” said McAfee security director Brian Contos in an e-mail to VentureBeat, “Because of a lack of disclosure in these industries, many incidents ranging from sabotage and intellectual property theft to extortion go unreported.”

Other SCADA systems, including those on U.S. soil are flagged as being vulnerable to cyber attack. John Strauchs, who owns a security consulting firm, flagged prison doors controlled by SCADA systems as a potential target. He came to the conclusion soon after receiving a call about a prison’s death-row doors popping open. In that case, the doors were triggered by a faulty wire.

via The New York Times; Oil pump image via Shutterstock

Anyone who helps the governments of Iran and Syria obtain technology to track dissenters through social media will soon find their U.S. assets frozen, thanks to sanctions announced today by the White House.

President Barack Obama signed a new executive order Sunday that freezes U.S. assets linked to people who have aided satellite, computer, and phone network monitoring in Syria or Iran, reports Reuters.

Social networks like Twitter and Facebook were a key factor in helping many groups overseas organize democratic protests against their governments, and helped facilitate efforts to overthrow repressive authorities, as demonstrated during the Arab Spring. However, it’s believed that the Iranian and Syrian governments are now using tools to mine data from the very same social network to search for dissenters, which “facilitate(s) serious human rights abuses,” said one administrative official.

The executive order identifies several organizations guilty of aiding Iran and Syria, including Syrian General Intelligence Directorate, Syrian cell phone company Syriatel, Iran’s Ministry of Intelligence and Security, Iran’s Islamic Revolutionary Guard Corps, Iran’s Law Enforcement Forces, and the Iranian ISP Datak Telecom. The Reuters report also indicates that the order identifies a number of individuals as well.

“The United States condemns the continuing campaigns of violence and human rights abuses against the people of Syria and Iran by their governments and provides a tool to hold accountable those who assist in or enable such abuses through the use of information and communications technology,” Obama states in the executive order.

Photo via Clive Chilvers /Shutterstock

Update 4/10/2012: Iran has denied the report that it plans to cut itself off from the Internet, according to a more recent story in the International Business Times.

Iran plans to disconnect itself from the Internet and replace popular services like Google, Yahoo, and Hotmail with homegrown, Iranian services, according to a report in the International Business Times today.

The IBT writes that Reza Taghipour, the Iranian minister for Information and Communications Technology, announced the plans in a statement. According to the statement, the first phase of the project will begin in May, when the government will block access to Google, Hotmail, and Yahoo, replacing them with government services like “Iran Mail” and “Iran Search Engine.” Within five months, the country will effectively have lost all Internet access to the outside world, and Iranian residents will have access only to a government-controlled intranet.

The government is already accepting applications for Iran Web Mail accounts, which require you to enter a first and last name, postal address, and phone number. (Here’s an English version of that form via Google Translate.) We can guess that Iranians aren’t thrilled about the prospect of giving up Gmail for a state-sponsored (and presumably monitored) alternative.

Taghipour said the Internet “promotes crime, disunity, unhealthy moral content, and atheism” and that the government plans to eliminate these net-based “scourges.” Ars Technica adds that the country is also concerned about digital espionage and sabotage, a possible reference to the Stuxnet worm that damaged Iranian nuclear facilities in 2011.

At the beginning of what would become known as the Arab Sprint, Egypt took the then-unprecedented step of cutting off all Internet access. It was a short-lived move, however, with access restored after five days. Other countries have temporarily shut down SMS text messaging or limited Internet access for regions or cities, the advocacy group Reporters Without Borders states. “Shutting down the Internet is a drastic solution that can create problems for the authorities and can hurt the economy. Slowing the Internet connection speed right down is more subtle but also effective as it makes it impossible to send or receive photos or videos. Iran is past master at this,” Reporters Without Borders adds.

This isn’t the first time that the country has curtailed Internet access. In February, Iran cut off access to all secure web (HTTPS) connections.

The country has also detained and sentenced to death the creator of a photo-sharing site, Saeed Malekpour, an Iranian citizen and resident of Canada. A website and Twitter campaign to release Saeed Malekpour has drawn international attention, but it has not been updated since March 11, so Saeed’s fate is not known.

That’s a discouraging thought, especially on a day when the creator of another photo-sharing site, in a far less repressive country, earned a reported $400 million for his efforts.

Barbed wire photo: grendelkahn/Flickr

Updated with charts from Google.

Google confirmed today that its users in Iran are being blocked by a new regulation against access to secure browsing, or HTTPS websites. The block has been in action since February 10.

In celebration of the overthrow of its monarchy in 1979, Iran decided to block Internet access to all encrypted websites using the “HTTPS” format. That means anyone using the Internet in Iran won’t be able to connect to sites such as Google, Facebook, banking and finance websites, or Yahoo. Iran is severely tightening the reigns on Internet usage overall, and not just on the digital front. Physical Internet cafes are now being forced to install cameras and record the faces of everyone who uses their services.

Google confirmed the block to Bloomberg. More than 30 million are unable to connect to their Gmail and Hotmail accounts. Other Google services such as YouTube and Google Videos have also fallen due to the new regulations.

Google pointed us to its Transparency Reports to see the flow of traffic to its different services. In the case of Gmail, traffic from Iran took a nose dive on February 9th and flat-lined for the following few days. Though, it does look as if some traffic is coming back. This may be in relation to work-arounds that some developers have been posting to forums such as Hacker News. YouTube has generally been dead for Iran since 2009, except for a small spike in 2011 when Google “changed how it classified some traffic.”

Because Iran is sanctioned by the US, Google cannot try to contact the Iranian government and find out why it is no longer allowing people access to HTTPS websites. However, the reason is probably simple. Using HTTPS encrypts the conversation that happens between a person’s computer and the website they are accessing. This is a security measure to make sure sensitive information isn’t intercepted between computers, but it also allows people to interact secretly, without broadcasting their activities. It could be argued that Iran would like to monitor the Internet activity of its people, and allowing them to use HTTPS would block its ability to do so.

Censorship has been the talk of the last six months, with Congress’ proposed SOPA and PIPA bills, which were intended to stop online piracy, but may have used overreaching technology, blocking more than intended. The blocking of social media and Internet access during the Arab Spring in Egypt also caused outcries. In June, the United Nations voted that Internet access was a human right given its ability to connect us and its deep roots into our lives.

Mouth image via Shutterstock

If you live in Iran, however, the government celebrates by blocking access to all websites using the “HTTPS” protocol, which includes sites from Google, Yahoo, Facebook, and basically any banking web service. Essentially, this means the internet is useless. Multiple sources reporting about the new internet restrictions, including Kabir News , believe that its related to the 33rd anniversary of the 1979 overthrow of Iran’s monarch leadership.

The restrictions are speculated to remain in place for the next few weeks at most. It also comes at a time where Iranian government authorities are enacting tougher web restrictions that drastically slow down connection speeds, require all local ISPs to keep records of all subscriber data, and force internet cafe owners to add video surveillance to record the faces of all patrons.

This isn’t this first time Iran has decided to clamp down on public decent by censoring the internet. The government routinely cut off internet access in response to the large amount of protest surrounding the country’s 2009 “elections”, which were believed by many to be little more than a puppet show. The government also recently sentenced U.S.-born Iranian citizen Amir Mizra Hekmati to death for developing games with a pro-westernization stance.

As for the current situation, plenty of code-savvy folks on Hacker News are already suggesting possible workarounds. (Obviously, the Iranian leadership hasn’t seen Serenity or they’d know you can’t stop the signal, Mal.)

[Internet censorship image via ShutterStock]

In 2010, Stuxnet infiltrated Iran’s nuclear program. The highly capable malware targets an industrial control system called SCADA, which operates as a management tool for commercial grade software and hardware. It shut down the equipment responsible for creating fuel for nuclear weapons, which Iranian president Mahmoud Ahmadinejad later admitted. In 2011, the Duqu virus was discovered and named as part of the Stuxnet family of malware, bringing the count up to two highly sophisticated worms.

According to a report by Reuters, Russian security company Kaspersky Labs has identified three others. When originally found, Kaspersky said Stuxnet was so mature it could have been made by an intelligence agency. Later, the United States and Israel were both blamed for its creation and eventual dispersal. Neither country has taken responsibility.

Though we don’t know what lab the worms originated from, the same one gave birth to both Stuxnet and Duqu as well as the three siblings. Kaspersky discovered this after observing the two virus’ attempt to find the other three. Costin Raiu, the firm’s director of global research and analysis, explained that when the two are deployed, they search for registry keys that allow them to fully install their malware. When searching for those keys, however, Kaspersky found Stuxnet and Duqu were both searching for three other keys. This means that the worms have siblings that work in tandem with it, strengthening its damaging power.

“It’s like a Lego set. You can assemble the components into anything: a robot or a house or a tank,” Raiu told Reuters.

Stuxnet specifically attacks equipment running on the Windows operating system. It can erase its tracks, pose as certificate-baring legitimate software and multiply on its own. Duqu, on the other hand, acts as a Trojan, stealing data, potentially acting in the planning stages of an attack.

It’s not yet clear what the siblings can do, but it seems the existing sisters want a reunion.

via Reuters, Malware image via Shutterstock

A U.S. drone that veered off course and landed in Iran last week is said to have been hacked using a GPS spoofing attack, the Christian Science Monitor reported today. Also today, the American Civil Liberties Union called for the U.S. government to tighten restrictions on drone usage in U.S. airways.

Since the drone showed up in excellent condition on Iranian television, people have been wondering how the U.S. could have lost control of the machine. Now it seems the drone was attacked by hackers who confused its internal GPS system, or spoofed it, making it believe it was in a different place than it actually was. It then landed itself safely in Iran, believing it was landing at its original destination. These details were uncovered when the Monitor spoke with an Iranian engineer who examined the drone.

Compromising the GPS system allowed the drone to “land on its own where we wanted it to, without having to crack the remote-control signals and communications,” the Iranian engineer told the Christian Science Monitor. This attack also hid the operation from U.S. engineers controlling the drone.

According to the engineer, the GPS system is one of the easiest to manipulate, making it a huge vulnerability. However, it appears that the United States was already aware of potential problems with GPS. Papers such as this one pointed out by The Register detail why the GPS is so susceptible to the spoofing attack, including information for both military and civilian attacks.

The attack, while mostly successful, did leave the underbelly of the drone damaged. According to the Iranian engineer’s statement to the Monitor, the landing area for the drone was similar, but obviously not identical, to its programmed landing location in Afghanistan. The landing was off by a few meters, which caused the damage. Once the drone landed, the engineers were elated, likening the experience to getting a new laptop “multiplied many-fold.”

Concerns of drone surveillance is not just an issue for those residing in the Middle East. In the U.S., the American Civil Liberties Union is calling for action from the government to tighten rules on drone usage in U.S. airspace. The concern resides in the increase of drone use cases for criminal surveillance by law enforcement agencies.

The ACLU’s report outlines different uses for drones currently being employed in the US. This includes border surveillance and permission given to the Miami police department to test drones, but only over the Everglades at elevations no higher than 400 feet.

The ACLU stated in its report, “We need a system of rules to ensure that we can enjoy the benefits of this technology without bringing us a large step closer to a “surveillance society” in which our every move is monitored, tracked, recorded, and scrutinized by the authorities.”

[via The Christian Science Monitor, The New York Times]

The future of the open Internet is a delicate dance being played out between democratic governments and despots alike.

This and other surprising nuggets were part of the talk delivered by  Danny Weitzner, deputy CTO of the White House Office of Science and Technology Policy, at the Web 2.0 Summit today.

As we’ve seen with the Arab Spring, and the growing movement known as Occupy Wall Street, the Internet is an unparalleled tool for organizing protests. And without question, there are skittish governments questioning how to clamp down on dissent by restricting Internet freedom. Countries such as Iran and China, who are openly hostile to a wide open Web, are easy targets. But there are less obvious government-led incursions taking place.

“In many cases they’re being discussed by the most progressive and democratic of our allies,” said Weitzner, without elaborating on whom this might be. At times, there are local laws that assign liability to Internet service providers and startups for any harm that happen to users.

And it’s not only foreign governments who threatening people’s freedom of Information. In August the Bay Area Rapid Transit Agency came under fire when they chose to shut down cell phone service at several San Francisco subway stations in order to disrupt a protest planned by the hacktivist group Anonymous.

The other side of the coin is that some governments are very active in protecting the freedom of Internet users. Weitzner said that there is a German word for the right to be pixelated out of digital images, partly in response to the Google Streetview Car recording the front of people’s homes as it traveled through cities.”As a government, if you’re not offering basic protections, you’ve failed,” said Weitzner. The issue, however, is that the legislative process can take years to bring helpful legislation to fruition.
“Six years ago there was no Facebook,” said Weitzner. “Six years before that there was no Google.”

Weitzner said that an ideal solution is when industry groups and regulatory bodies can come together to act in the best interest of consumers. An example he gave was the recent announcement by the  Federal Communications Commission and cellular phone service providers to combat “Bill Shock,” by notifying consumers when they’re about to go over their data limits on their smart phones. Rather than working its way through Congress, the parties involved were able to reach a consensus  in a fraction of the time.

Regulating the Internet for billions of users is not something that one government can or should tackle alone. But Weitzner is optimistic that Internet service providers, startups and governments are capable of working together to keep the Web an open, free and dynamic environment for communication, commerce and more.

The worm attacks industrial control systems. Because of that, officials have wondered whether Iran was targeted because hackers wanted to take down its controversial nuclear reactor, which is feared to be making high-grade plutonium for nuclear weapons. The Stuxnet worm, first discovered in June by Belarus-based security firm VirusBlokAda, might have been an attempt to disable the Bushehr reactor from afar.

Experts from Iran’s Atomic Energy Organization reportedly met this week to discuss how to remove the malware. The worm targets control systems that use Siemens’ SCADA software (supervisory control and data acquisition), which operates all sorts of factories from power plants to military installations. Symantec reported that Iran was hit hardest by Stuxnet, which was spread through universal serial bus (USB) flash memory drives that were left in areas where unsuspecting employees could pick them up and plug them into their computers.

Roughly 60 percent of all incidents related to Stuxnet have been reported in Iran. The question arises as to who created the Stuxnet worm and whether it was a state that doesn’t want Iran to have nuclear weapons.

Stuxnet exploited multiple unpatched vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, and hid its code by using software known as a rootkit. Microsoft hasn’t fully fixed the vulnerabilities. U.S. cybersecurity officials told the Associated Press they didn’t know who created the worm or what its purpose is. Certainly, it can disable more SCADA-based machines than just those in Iran.