Deterring Iran's Use of Offensive Cyber
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Guardian Politics in Iran: a Comparative Inquiry Into the Dynamics of Regime Survival
GUARDIAN POLITICS IN IRAN: A COMPARATIVE INQUIRY INTO THE DYNAMICS OF REGIME SURVIVAL A Dissertation submitted to the Faculty of the Graduate School of Arts and Sciences of Georgetown University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Government By Payam Mohseni, M.A. Washington, DC June 22, 2012 Copyright 2012 by Payam Mohseni All Rights Reserved ii GUARDIAN POLITICS IN IRAN: A COMPARATIVE INQUIRY INTO THE DYNAMICS OF REGIME SURVIVAL Payam Mohseni, M.A. Thesis Advisor: Daniel Brumberg, Ph.D. ABSTRACT The Iranian regime has repeatedly demonstrated a singular institutional resiliency that has been absent in other countries where “colored revolutions” have succeeded in overturning incumbents, such as Ukraine, Georgia, Serbia, Kyrgyzstan and Moldova, or where popular uprisings like the current Arab Spring have brought down despots or upended authoritarian political landscapes, including Egypt, Tunisia, Yemen, Libya and even Syria. Moreover, it has accomplished this feat without a ruling political party, considered by most scholars to be the key to stable authoritarianism. Why has the Iranian political system proven so durable? Moreover, can the explanation for such durability advance a more deductive science of authoritarian rule? My dissertation places Iran within the context of guardian regimes—or hybrid regimes with ideological military, clerical or monarchical institutions steeped in the politics of the state, such as Turkey and Thailand—to explain the durability of unstable polities that should be theoretically prone to collapse. “Hybrid” regimes that combine competitive elections with nondemocratic forms of rule have proven to be highly volatile and their average longevity is significantly shorter than that of other regime types. -
Duqu the Stuxnet Attackers Return
Uncovering Duqu The Stuxnet Attackers Return Nicolas Falliere 4/24/2012 Usenix Leet - San Jose, CA 1 Agenda 1 Revisiting Stuxnet 2 Discovering Duqu 3 Inside Duqu 4 Weird, Wacky, and Unknown 5 Summary 2 Revisiting Stuxnet 3 Key Facts Windows worm discovered in July 2010 Uses 7 different self-propagation methods Uses 4 Microsoft 0-day exploits + 1 known vulnerability Leverages 2 Siemens security issues Contains a Windows rootkit Used 2 stolen digital certificates Modified code on Programmable Logic Controllers (PLCs) First known PLC rootkit 4 Cyber Sabotage 5 Discovering Duqu 6 Boldi Bencsath Announce (CrySyS) emails: discovery and “important publish 25 page malware Duqu” paper on Duqu Boldi emails: Hours later the “DUQU DROPPER 7 C&C is wiped FOUND MSWORD 0DAY INSIDE” Inside Duqu 8 Key Facts Duqu uses the same code as Stuxnet except payload is different Payload isn‟t sabotage, but espionage Highly targeted Used to distribute infostealer components Dropper used a 0-day (Word DOC w/ TTF kernel exploit) Driver uses a stolen digital certificate (C-Media) No self-replication, but can be instructed to copy itself to remote machines Multiple command and control servers that are simply proxies Infections can serve as peers in a peer-to-peer C&C system 9 Countries Infected Six organizations, in 8 countries confirmed infected 10 Architecture Main component A large DLL with 8 or 6 exports and 1 main resource block Resource= Command & Control module Copies itself as %WINDIR%\inf\xxx.pnf Injected into several processes Controlled by a Configuration Data file Lots of similarities with Stuxnet Organization Code Usual lifespan: 30 days Can be extended 11 Installation 12 Signed Drivers Some signed (C-Media certificate) Revoked on October 14 13 Command & Control Module Communication over TCP/80 and TCP/443 Embeds protocol under HTTP, but not HTTPS Includes small blank JPEG in all communications Basic proxy support Complex protocol TCP-like with fragments, sequence and ack. -
Wahied Wahdat-Hagh Iran
Wahied Wahdat-Hagh Iran: Eine islamistische Diktatur Über Menschenrechtsverletzungen, Anti-Bahaismus, Antisemitismus, Anti-Amerikanismus, über das Raketen- und Atomprogramm und über Terrorismus Eine Dokumentation von Medienanalysen und Übersetzungen aus der persischen Sprache (2008-2011) 2 Inhalt: Einleitung ..................................................................................................................... 3 I. Islamistische Diktatur ............................................................................................... .4 II. Iran und seine Nachbarn ....................................................................................... 84 Iran und seine arabischen Nachbarn ..................................................................... 98 III. Islamistische Wirtschaftspolitik und Öl ................................................................ 134 IV. Das iranische Raketen- und Atomprogramm und Terrorismus .......................... 187 V. Menschenrechte .................................................................................................. 282 VI. Geschlechtsspezifische Apartheid ..................................................................... 423 VII. Antiamerikanismus ............................................................................................ 442 VIII. Antisemitismus ................................................................................................. 470 Bibliografische Information der Deutschen Nationalbibliothek Die Deutsche Nationalbibliothek verzeichnet -
How Iran Would Apply Its Asymmetric Naval Warfare Doctrine in the F
Occasional Paper Series Obsolete Weapons, Unconventional Tactics, and Martyrdom Zeal: How Iran Would Apply its Asymmetric Naval Warfare Doctrine in a Future Conflict By Jahangir Arasli GEORGE C. MARSHALL EUROPEAN CENTER FOR SECURITY STUDIES No. 10 April 2007 ISSN 1863-6039 The George C. Marshall European Center for Security Studies The George C. Marshall European Center for Security Studies is a leading trans- atlantic defense educational and security studies institution. It is bilaterally sup- ported by the U.S. and German governments and dedicated to the creation of a more stable security environment by advancing democratic defense institutions and relationships; promoting active, peaceful engagement; and enhancing enduring partnerships among the nations of North America, Europe, and Eura- sia. The Marshall Center Occasional Paper Series The Marshall Center Occasional Paper Series seeks to further the legacy of the Center’s namesake, General George C. Marshall, by disseminating scholarly essays that contribute to his ideal of ensuring that Europe and Eurasia are de- mocratic, free, undivided, and at peace. Papers selected for this series are meant to identify, discuss, and influence current defense related security issues. The Marshall Center Occasional Paper Series focus is on comparative and interdisci- plinary topics, including international security and democratic defense manage- ment, civil-military relations, strategy formulation, terrorism studies, defense planning, arms control, peacekeeping, crisis management, regional and coop- erative security. The Marshall Center Occasional Papers are written by Marshall Center faculty and staff, Marshall Center alumni, or by individual, invited con- tributors, and are disseminated online and in a paper version. The views expressed in this publication are those of the author(s) and do not necessarily reflect the official policy or position of the George C. -
Challenges in Critical Infrastructure Security
Challenges in Critical Infrastructure Security Corrado Leita Symantec Research Labs Cybersecurity in CPS Workshop - CRISALIS FP7 project 1 Symantec Research Labs • CARD (Collaborative Advanced Research Department) group – Sophia Antipolis, FR – Culver City, CA – Herndon, VA • Relevant recent work: – SGNET: distributed honeypot deployment for the study of code injection attacks based on ScriptGen – HARMUR: dataset providing a historical perspective on client-side threats – TRIAGE: multi-criteria decision analysis for the study of security datasets (Olivier Thonnard) – WINE: Worldwide Intelligence Network Environment (http://www.symantec.com/WINE) Cybersecurity in CPS Workshop - CRISALIS FP7 project 2 Convergence between IT and OT technologies • Interconnection of standard computer systems with industrial control systems • An opportunity? – Lower costs and increased system efficiency – Opportunity to leverage standard IT techniques (intrusion detection, file scanning, standard hardening techniques, …) – Opportunity to enable OT suppliers to manage and support OT devices at scale • A threat? – Enable attacks and incidents that are typical of standard IT environments – Enable attacks on critical infrastructures and environments such as energy, gas, medical – Privacy violations from data being more widely available Cybersecurity in CPS Workshop - CRISALIS FP7 project 3 What are the challenges in the protection of ICS environments? Cybersecurity in CPS Workshop - CRISALIS FP7 project 4 Off-the-shelf suitability to ICS Challenges Threat IT VS -
Iran – UNHCR – Human Rights – Universities
Refugee Review Tribunal AUSTRALIA RRT RESEARCH RESPONSE Research Response Number: IRN33262 Country: Iran Date: 7 May 2008 Keywords: Iran – UNHCR – human rights – universities This response was prepared by the Research & Information Services Section of the Refugee Review Tribunal (RRT) after researching publicly accessible information currently available to the RRT within time constraints. This response is not, and does not purport to be, conclusive as to the merit of any particular claim to refugee status or asylum. This research response may not, under any circumstance, be cited in a decision or any other document. Anyone wishing to use this information may only cite the primary source material contained herein. Questions 1. Please provide information on the presence of the United Nations High Commissioner for Refugees (UNHCR) in Iran and the government’s attitude to the UNHCR and persons working for it. 2. Please provide information on Azad University and any incidences of dissidence at the University. 3. Please provide information on the “Human Law Firm” website. 4. Please advise if there are human rights advocacy groups in Iran? Is there information to indicate the extent of solitary as opposed to network activism? 5. Please provide information on Iranian dissident or human rights groups operating in Australia. 6. Please provide background information on political and human rights issues over the past five years in Iran and, in particular, the context of speaking out on human rights issues in 2006? RESPONSE 1. Please provide information on the presence of the United Nations High Commissioner for Refugees (UNHCR) in Iran and the government’s attitude to the UNHCR and persons working for it. -
THE DUQU 2.0 Technical Details
THE DUQU 2.0 Technical Details Version: 2.1 (11 June 2015) www.kaspersky.com THE DUQU 2.0 2 Technical Details CONTENTS EXECUTIVE SUMMARY 3 INITIAL ATTACK 4 LATERAL MOVEMENT 4 ANALYSIS OF A DUQU 2.0 MSI PACKAGE 7 File properties 7 First Layer: ActionDLL (msi.dll) 10 Second Layer: ActionData0 10 Third Layer: klif.dll 11 Attacking AVP.EXE 12 CTwoPENC.dll zero-day and KMART.dll 14 PAYLOAD CONTAINERS AND MIGRATION 15 Payload type “L” 15 Payload run type “G” 16 Payload run type “I” 16 Payload run type “K” 17 Payload run type “Q” 17 PLATFORM PLUGGINABLE MODULES 17 PERSISTENCE MECHANISM 33 COMMAND AND CONTROL MECHANISMS 33 The “portserv.sys” driver analysis 35 SIMILARITIES BETWEEN DUQU AND DUQU 2.0 37 VICTIMS OF DUQU 2.0 42 ATTRIBUTION 43 CONCLUSIONS 44 REFERENCES 45 For any inquiries, please contact [email protected] THE DUQU 2.0 3 Technical Details EXECUTIVE SUMMARY Earlier this year, during a security sweep, Kaspersky Lab detected a cyber intrusion affecting several of its internal systems. Following this finding, we launched a large-scale investigation, which led to the discovery of a new malware platform from one of the most skilled, mysterious and powerful groups in the APT world – Duqu. The Duqu threat actor went dark in 2012 and was believed to have stopped working on this project - until now. Our technical analysis indicates the new round of attacks include an updated version of the infamous 12011 Duqu malware, sometimes referred to as the step-brother of 2Stuxnet. We named this new malware and its associated platform “Duqu 2.0”. -
February 10, Help Net Security – (International) Trojan Steals Bitcoins and Targets OS X. Researchers at Securemac Identified
Cyber News for Counterintelligence / Information Technology / Security Professionals 11 February 2014 Purpose February 10, Help Net Security – (International) Trojan steals Bitcoins and targets OS X. Educate recipients of cyber events to aid in the protection Researchers at SecureMac identified a new trojan dubbed OSX/CoinThief.A which infects of electronically stored systems running OS X and monitors Internet traffic in order to steal login credentials for corporate proprietary, DoD and/or Personally Identifiable Bitcoin wallets and exchanges. The trojan is disguised as an app called StealthBit used to Information from theft, compromise, espionage, and / send and receive Bitcoin payments. Source: http://www.net- or insider threat security.org/malware_news.php?id=2702 Source This publication incorporates February 7, Softpedia – (National) Bank of America customers targeted in massive Bredo open source news articles educate readers on security malware distribution campaign. Researchers at AppRiver identified a large spam campaign matters in compliance with USC Title 17, section 107, Para capable of avoiding filtering engines that is currently targeting Bank of America customers. a. All articles are truncated to avoid the appearance of Spam email messages carry a variant of the Bredo information-stealing malware that was copyright infringement identified by only 11 antivirus engines. Source: http://news.softpedia.com/news/Bank-of- Publisher America-Customers-Targeted-in-Massive-Bredo-Malware-Distribution-Campaign- * SA Jeanette Greene 425067.shtml Albuquerque FBI Editor * CI SA Scott Daughtry February 10, Chicago Sun-Times – (Illinois) Threatening email closes all DeVry University DTRA Counterintelligence campuses. Officials closed all Chicago-area DeVry University campuses February 10 after Subscription the university and the Chamberlain College of Nursing received a threatening email To receive this newsletter February 9. -
Hardware Threat Landscape and Good Practice Guide
Hardware Threat Landscape and Good Practice Guide FINAL VERSION 1.0 OPSEC JANUARY 2017 www.enisa.europa.eu European Union Agency For Network And Information Security Hardware Threat Landscape and Good Practice Guide FINAL | Version 1.0 | OPSEC | January 2017 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For contacting the authors please use [email protected] For media enquiries about this paper, please use [email protected]. Acknowledgements This study has been carried out in collaboration a group of experts in the area of hardware security, namely: Claire Vishik (Intel), David Oswald (University of Birmingham), Georg Sigl (Technical University of Munich), Sergey Bratus (Darthmouth College), Dimitris Pendarakis (IBM), Julien Touzeau (Airbus) and Wolfgang Klasen (Siemens). The group has provided valuable input, has supported the ENISA threat analysis and has reviewed ENISA material. Their support is highly appreciated and has definitely contributed to the quality of the material presented in this report. -
Contemporary Militaristic Philosophy in the Islamic Republic of Iran
The Journal for Interdisciplinary Middle Eastern Studies Volume 4, Spring 2019, pp. 97-121 DOI: https://doi.org/10.26351/JIMES/4/4 ISSN: 2522-347X (print); 2522-6959 (online) Between the IRGC and Neo-conservatives: Contemporary Militaristic Philosophy in the Islamic Republic of Iran Moshe-Hay Hagigat Abstract For almost four decades the Islamic Revolutionary Guardian Corps (IRGC) has been the most powerful organization in the Islamic Republic of Iran. Over the years that have passed since the Islamic revolution, the IRGC considers itself not only the guardian of the Islamic Republic of Iran but also the keeper of the Shiite flame. Nevertheless, every military organization requires a philosophic-strategic “brain” to guide it and to advise it with its theoretical wisdom along with a think tank. This article will present two of the most popular theorists and rhetoricians who give philosophical advice to the IRGC: Hassan Abassi and Saeed Qasemi. In addition, the article will show an overview of their theories regarding Iran’s and the IRGC’s role in our time and lives. Keywords: The Islamic Republic of Iran, Shi’a, The Islamic Revolutionary Guardian Corps, IRGC, Mehdi, Hassan Abassi, Saeed Qasemi Dr. Moshe-Hay Hagigat [email protected] 97 98 Moshe-Hay Hagigat Introduction During the 40 years that have passed since the Islamic Revolution in Iran, and especially in the last decade, the Islamic Revolutionary Guardian Corps (IRGC, Sepah-e Pasdaran-e Enqelab-e Eslami) has been a rising power within the Iranian governmental mechanism. The IRGC turns out to be the dominant color in the Iranian fabric, mostly as a result of functioning as the trusted servant of the supreme leader of Iran, Ayatollah Ali Khamenei. -
The History of Stuxnet: Key Takeaways for Cyber Decision Makers Military Category Cyber Conflict Studies Association
The History of Stuxnet: Key Takeaways for Cyber Decision Makers Military Category Cyber Conflict Studies Association - Call for Papers June 4th, 2012 The History of Stuxnet – Key Takeaways for Cyber Decision Makers 1 History is the witness that testifies to the passing of time; it illuminates reality, vitalizes memory, provides guidance in daily life and brings us tidings of antiquity. — Cicero Introduction In each profession and aspect of daily life there are decision makers who guide from their area of influence. These decision makers exist at every level of civilian and military leadership. It is through their choices, and the understanding of their choices’ impacts, that a nation collectively moves forward. This forward movement also exists in the development of the cyberspace domain. Cyber decision makers dictate tactical and strategic level choices to include capability development, employment, and overall strategies. It is by these choices that the cyberspace domain acts as a national level projection of power. The projection of power through offensive and defensive strategies in cyberspace offers unique challenges compared to the other warfighting domains due to its comparative youth. As a relatively new domain it is imperative to understand the history of key cyber events so that modern day decision makers can capitalize on the lessons learned. It is in this way that the best choices for the vectoring of the domain will present themselves. The Stuxnet cyber attack on the Iranian nuclear enrichment facility at Natanz is seen by many as the first true cyber weapon.1 This makes Stuxnet’s importance as a cyber event unparalleled in modern cyber history and specifically worth understanding. -
Cyber Review 10
ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 10 July – September 2014 International Institute for Counter Terrorism (ICT) Additional resources are available on the ICT Website: www.ict.org.il Highlights This report covers the period of July - September 2014, and covers two main subjects: cyber- terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber- crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: Documentation of training videos and written tutorials on the topics on cyber-security and protection. The discourse concerned intelligence efforts to identify cyber-criminals online and included explanations on how to surf the Web anonymously using various software programs and techniques. A group of hackers called the “Islamic State Electronic Battalions” claimed responsibility for the breach of Twitter accounts belonging to “White Shroud”, an organization that operates against the Islamic State in Syria-Iraq. During Operation ‘Protective Edge’ there was an increase in attempted cyber-attacks against Israeli targets in the framework of the OpIsrael and OpSaveGaza operations, including a breach of the IDF spokesperson’s Twitter account and a fictitious announcement regarding a feared nuclear leak in the Dimona area. There was an increase of cases in which the details of millions of credit cards used at retail chains throughout the United States were leaked, from the start of 2013 and throughout 2014, which caused lasting economic damage. There was an increase on the usage of darknet-based malware in an effort to increase the anonymity of the user in carrying out an attack.