The Stars Virus: cyberwar is coming because it is necessary
Now I don’t know for certain since I am your bog-standard average monolingual Englishman, but am reliably told (by the Washington Post and Today) that this article on the Iranian website paydarymelli.ir describes a second virus (Stars) specifically targeting Iran (and probably targeting the Iranian nuclear programme).
The United States and Israel are the usual suspects, but it does come just a few weeks after the UK announced that the head of the new Defence Cyber Security Group (which will “also be responsible for developing, testing and validating cyber techniques as a complement to traditional military capabilities”) will be a senior military figure. So if the peace-loving, tree-hugging, morris-dancing Brits are gearing up for offensive cyber capabilities, you can guarantee the rest of the world is doing same.
But the problem is two-fold. Firstly, western governments have already cried wolf once too often and I no longer automatically believe anything I am told. Secondly, government corrupts, and absolute government corrupts absolutely – which means that the Iranian government is probably just a little bit more corrupt than ours. Probably.
So where is the truth? Is this an example of cyberwar in action? Is it the Iranian government making up stories to garner more sympathy from existing or potential sympathisers? Is it the first putative foray of the new Defence Cyber Security Group? Is it the CIA and/or Mossad in action? Is it more designed to increase western cyber security budgets than do serious damage to Iran? Or is it all of these and more.
The western security industry is watching and waiting for more information. PandaLabs’ Technical Director Luis Corrons is somewhat circumspect:
Right now nobody in the security industry has been able to take a look at this piece of malware. As long as there has been a public confirmation of the attack, there are 2 different scenarios:
- It is a real targeted attack, so only a very limited set of people has received the attack, and this explains why nobody in the security industry has seen it. This is something that happens – sadly – on a daily basis, so it is plausible this is the case.
- It is not a real targeted attack, but some specific “VIP” has received the typical malware attack through a spam message, which could contain any kind of malicious code (such as Zeus, Spyeye, some kind of downloader) and there has been an overreaction.
Frank Coggrave, General Manager EMEA, Guidance Software, is less circumspect:
The news that the Iranian government has uncovered an ‘espionage’ virus points to the growing trend of targeted attacks. Whilst the Star virus, and its purpose are still being investigated, the reports from officials that it was intended to target government institutions highlights the effort taken to inflict damage on one particular institution, in one country.
Worryingly, it comes less than a year since the Stuxnet worm was uncovered and the ramifications of this were huge, far beyond the direct damage it inflicted. It highlighted that this new breed of targeted threats were a reality, which poses new challenges for governments and organisations in establishing adequate defences against an ‘unseen’ enemy.
But of one thing we should be certain: cyberwar is coming. It is coming because governments want it and need it and will use it to keep us quiet and acquiescent. And whenever there is war, there is collateral damage. When we take physical war over there, the collateral damage is to them, and all we have to do is witness and cry over the television images. But in a cyberwar, the battle will come to us; and we shall experience collateral damage ourselves. It will be to our data and our networks; and no-one will hear or care when our disk drive screams in cyberspace.