The American Bear

Sunshine/Lollipops

After Profits, Defense Contractor Faces the Pitfalls of Cybersecurity | NYTimes.com

… [F]ew top officials in the intelligence world have become greater authorities on cyberconflict than the 69-year-old [Michael] McConnell … . He began his career as a Navy intelligence officer on a small boat in the backwaters of the Mekong Delta during the Vietnam War. Years later he helped the American intelligence apparatus make the leap from an analog world of electronic eavesdropping to the new age of cyberweaponry.

President Bill Clinton relied on Mr. McConnell as director of the N.S.A., a post he held from 1992 to 1996. He then moved to Booz Allen as a senior vice president, building its first cyberunits. But with the intelligence community in disarray after its failure to prevent the terrorist attacks of Sept. 11, 2001, the fiasco of nonexistent weapons of mass destruction in Iraq and the toll of constant reorganization, President George W. Bush asked him to be the second director of national intelligence from 2007 to 2009.

That was when he made his biggest mark, forcing a reluctant bureaucracy to invest heavily in cybercapability and overseeing “Olympic Games,” the development of America’s first truly sophisticated cyberweapon, which was used against Iran’s nuclear enrichment program. When Mr. Bush needed someone to bring President-elect Barack Obama up to speed on every major intelligence program he was about to inherit, including drones and defenses against electronic intrusions from China, he handed the task to Mr. McConnell.

But Mr. Obama was not interested in keeping the previous team, and Mr. McConnell returned to Booz Allen in 2009. He earned more than $4.1 million his first year back, and $2.3 million last year. He is now vice chairman, and the company describes him as the leader of its “rapidly expanding cyberbusiness.”

But Mr. Obama was interested in Olympic Games (NYT, 6/1/2012):

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.

Oops!

(And don’t forget about Flame and the other “Games” like Gauss, Duqu, and mini-Flame).

Revealed: Stuxnet “beta’s” devious alternate attack on Iran nuke program | Ars Technica

Researchers have uncovered a never-before-seen version of Stuxnet. The discovery sheds new light on the evolution of the powerful cyberweapon that made history when it successfully sabotaged an Iranian uranium-enrichment facility in 2009.

Stuxnet 0.5 is the oldest known version of the computer worm and was in development no later than November of 2005, almost two years earlier than previously known, according to researchers from security firm Symantec. The earlier iteration, which was in the wild no later than November 2007, wielded an alternate attack strategy that disrupted Iran’s nuclear program by surreptitiously closing valves in that country’s Natanz uranium enrichment facility. Later versions scrapped that attack in favor of one that caused centrifuges to spin erratically. The timing and additional attack method are a testament to the technical sophistication and dedication of its developers, who reportedly developed Stuxnet under a covert operation sponsored by the US and Israeli governments. It was reportedly personally authorized by Presidents Bush and Obama.

Also significant, version 0.5 shows that its creators were some of the same developers who built Flame, the highly advanced espionage malware also known as Flamer that targeted sensitive Iranian computers. Although researchers from competing antivirus provider Kaspersky Lab previously discovered a small chunk of the Flame code in a later version of Stuxnet, the release unearthed by Symantec shows that the code sharing was once so broad that the two covert projects were inextricably linked.

“What we can conclude from this is that Stuxnet coders had access to Flamer source code, and they were originally using the Flamer source code for the Stuxnet project,” said Liam O’Murchu, manager of operations for Symantec Security Response. “With version 0.5 of Stuxnet, we can say that the developers had access to the exact same code. They were not just using shared components. They were using the exact same code to build the projects. And then, at some point, the development [of Stuxnet and Flame] went in two different directions.”

[…]

The 600K worth of code found in Stuxnet 0.5 is highly modular, just as it was in the 500K Stuxnet 1.0. The encryption algorithms, string objects, and logging functions in the earlier version are almost identical to those of Flame. In contrast, the later Stuxnet version largely eschewed the development conventions of Flame, as Stuxnet developers adhered more to the so-called tilded platform shared with Duqu, another piece of sophisticated espionage malware that targeted Middle Eastern computer systems.

Most significantly, the earlier Stuxnet version contained an alternate method of sabotaging Iran’s nuclear-enrichment process, the details of which had never been fully understood. It injected malicious code into the instructions sent to 417 series programmable logic controllers (PLCs) made by the German conglomerate Siemens. Natanz engineers used the PLCs to open and shut valves that fed Uranium hexafluoride, or UF6 gas, into centrifuge groupings. Stuxnet 0.5 closed specific valves prematurely, causing pressure to grow as much as five times higher than normal. Under those conditions, the gas would likely turn into a solid and destroy the centrifuges, possibly even the sensitive equipment used to develop them. [continue]

Secret Rules to Let Obama Start Cyber Wars | Jason Ditz

A secret legal review of the even more secret “rules” of the US cyberwarfare capabilities has concluded that President Obama has virtually limitless power to start cyber wars in the name of “pre-emption” of potential attacks coming out of another nation.

The reports come from officials involved in the review, and are impossible to verify since the rules themselves are classified, and the review is being conducted entirely in secret.

The current rules, to the extent anyone understands them, say that the Pentagon can openly attack targets in nations during wartime, but that doesn’t explain things like Stuxnet, the US-made computer worm that attacked Iran and subsequently much of the planet, doing massive damage to industry when it escaped Iranian computers and went worldwide.

The US sees “pre-emptive” attacks on nations like Iran in a cyber-context much as they do in a military context, although without all of the questions asked afterwards since the attack and indeed much of the cyber war can be conducted in relative secrecy. The 2003 US invasion of Iraq, and its calamitous occupation are being used as a model for the president being able to unilaterally start not just physical wars, but wars involving attacks on industrial computers of rival nations.

Broad Powers Seen for Obama in Cyberstrikes | NYT

More powers for the president, new and exciting military-industrial markets, and, likely, legal cover for the cyberweapons that have already been unleashed:

A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.

That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.

The rules will be highly classified, just as those governing drone strikes have been closely held. John O. Brennan, Mr. Obama’s chief counterterrorism adviser and his nominee to run the Central Intelligence Agency, played a central role in developing the administration’s policies regarding both drones and cyberwarfare, the two newest and most politically sensitive weapons in the American arsenal.

Cyberweaponry is the newest and perhaps most complex arms race under way. The Pentagon has created a new Cyber Command, and computer network warfare is one of the few parts of the military budget that is expected to grow. Officials said that the new cyberpolicies had been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyberweapons. Officials spoke on condition of anonymity because they were not authorized to talk on the record.

Under current rules, the military can openly carry out counterterrorism missions in nations where the United States operates under the rules of war, like Afghanistan. But the intelligence agencies have the authority to carry out clandestine drone strikes and commando raids in places like Pakistan and Yemen, which are not declared war zones. The results have provoked wide protests.

Mr. Obama is known to have approved the use of cyberweapons only once, early in his presidency, when he ordered an escalating series of cyberattacks against Iran’s nuclear enrichment facilities. The operation was code-named Olympic Games, and while it began inside the Pentagon under President George W. Bush, it was quickly taken over by the National Security Agency, the largest of the intelligence agencies, under the president’s authority to conduct covert action.

As the process of defining the rules of engagement began more than a year ago, one senior administration official emphasized that the United States had restrained its use of cyberweapons. “There are levels of cyberwarfare that are far more aggressive than anything that has been used or recommended to be done,” the official said.

The attacks on Iran illustrated that a nation’s infrastructure can be destroyed without bombing it or sending in saboteurs.

While many potential targets are military, a country’s power grids, financial systems and communications networks can also be crippled. Even more complex, nonstate actors, like terrorists or criminal groups, can mount attacks, and it is often difficult to tell who is responsible. Some critics have said the cyberthreat is being exaggerated by contractors and consultants who see billions in potential earnings.

One senior American official said that officials quickly determined that the cyberweapons were so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander in chief.

[…] Under the new guidelines, the Pentagon would not be involved in defending against ordinary cyberattacks on American companies or individuals, even though it has the largest array of cybertools. Domestically, that responsibility falls to the Department of Homeland Security, and investigations of cyberattacks or theft are carried out by the F.B.I.

But the military, barred from actions within the United States without a presidential order, would become involved in cases of a major cyberattack within the United States. To maintain ambiguity in an adversary’s mind, officials have kept secret what that threshold would be …

Read on

Pentagon's new massive expansion of 'cyber-security' unit is about everything except defense | Glenn Greenwald

[…] It is the US - not Iran, Russia or “terror” groups - which already is the first nation (in partnership with Israel) to aggressively deploy a highly sophisticated and extremely dangerous cyber-attack. Last June, the New York Times’ David Sanger reported what most of the world had already suspected: “From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons.” In fact, Obama “decided to accelerate the attacks … even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet.” According to the Sanger’s report, Obama himself understood the significance of the US decision to be the first to use serious and aggressive cyber-warfare:

“Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons - even under the most careful and limited circumstances - could enable other countries, terrorists or hackers to justify their own attacks.”

The US isn’t the vulnerable victim of cyber-attacks. It’s the leading perpetrator of those attacks. As Columbia Professor and cyber expert Misha Glenny wrote in the NYT last June: Obama’s cyber-attack on Iran “marked a significant and dangerous turning point in the gradual militarization of the Internet.”

Indeed, exactly as Obama knew would happen, revelations that it was the US which became the first country to use cyber-warfare against a sovereign country - just as it was the first to use the atomic bomb and then drones - would make it impossible for it to claim with any credibility (except among its own media and foreign policy community) that it was in a defensive posture when it came to cyber-warfare. As Professor Glenny wrote: “by introducing such pernicious viruses as Stuxnet and Flame, America has severely undermined its moral and political credibility.” That’s why, as the Post reported yesterday, the DOJ is engaged in such a frantic and invasive effort to root out Sanger’s source: because it reveals the obvious truth that the US is the leading aggressor in the world when it comes to cyber-weapons.

This significant expansion under the Orwellian rubric of “cyber-security” is thus a perfect microcosm of US military spending generally. It’s all justified under by the claim that the US must defend itself from threats from Bad, Aggressive Actors, when the reality is the exact opposite: the new program is devoted to ensuring that the US remains the primary offensive threat to the rest of the world. It’s the same way the US develops offensive biological weapons under the guise of developing defenses against such weapons (such as the 2001 anthrax that the US government itself says came from a US Army lab). It’s how the US government generally convinces its citizens that it is a peaceful victim of aggression by others when the reality is that the US builds more weapons, sells more arms and bombs more countries than virtually the rest of the world combined. [++]

FBI is increasing pressure on suspects in Stuxnet inquiry | The Washington Post

Federal investigators looking into disclosures of classified information about a cyberoperation that targeted Iran’s nuclear program have increased pressure on current and former senior government officials suspected of involvement, according to people familiar with the investigation.

The inquiry, which was started by Attorney General Eric H. Holder Jr. last June, is examining leaks about a computer virus developed jointly by the United States and Israel that damaged nuclear centrifuges at Iran’s primary uranium enrichment plant. The U.S. code name for the operation was Olympic Games, but the wider world knew the mysterious computer worm as Stuxnet.

Prosecutors are pursuing “everybody — at pretty high levels, too,” said one person familiar with the investigation. “There are many people who’ve been contacted from different agencies.”

The FBI and prosecutors have interviewed several current and former senior government officials in connection with the disclosures, sometimes confronting them with evidence of contact with journalists, according to people familiar with the probe. Investigators, they said, have conducted extensive analysis of the e-mail accounts and phone records of current and former government officials in a search for links to journalists.

The people familiar with the investigation would speak only on the condition of anonymity because of the sensitivity of the matter. The Justice Department declined to comment.

The Obama administration has prosecuted six officials for disclosing classified information, more than all previous administrations combined. But the Stuxnet investigation is arguably the highest-profile probe yet, and it could implicate senior-level officials. Knowledge of the virus was likely to have been highly compartmentalized and limited to a small set of Americans and Israelis.

The proliferation of e-mail and the advent of sophisticated software capable of sifting through huge volumes of it have significantly improved the ability of the FBI to find evidence. A trail of e-mail has eased the FBI’s search for a number of suspects recently, including John Kiriakou, the former CIA officer who was sentenced Friday to 30 months in prison for disclosing to a journalist the identity of a CIA officer who had spent 20 years under cover.

Late last year, retired Gen. David H. Petraeus resigned as CIA director after the FBI discovered e-mails in one of his private accounts showing that he had an extramarital affair with his biographer.

Holder appointed Rod J. Rosenstein, the U.S. attorney for Maryland, to lead the Stuxnet inquiry after a New York Times article about President Obama ordering cyberattacks against Iran using a computer virus developed in conjunction with Israel. Other publications, including The Washington Post, followed with similar reports about Stuxnet and a related virus called Flame. [++]

What’s missing from the story is that by the White House’s own rules, unleashing Stuxnet, Flame, and Duqu against Iran was an “act of war" (and that Stuxnet is out on the open internet now), but, of course, when the U.S. does something, it is done only with benevolent intent.

Better to focus on scaring potential whistleblowers and journalists away from providing any information to the public about our defense activities. Plausible deniability is all that matters.

State-Sponsored Malware 'Flame' Has Smaller, More Devious Cousin | Kim Zetter

Researchers have uncovered new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a “high-precision, surgical attack tool” targeting victims in Lebanon, Iran and elsewhere.

Researchers at Kaspersky Lab, who discovered the malware, are calling the new malware miniFlame, although the attackers who designed it called it by two other names – “SPE” and “John.” MiniFlame seems to be used to gain control of and obtain increased spying capability over select computers originally infected by the Flame and Gauss spyware.

It is the fourth piece of nation-state malware discovered in the last year that appears to have been created by the same group behind Stuxnet, the groundbreaking cyberweapon that sabotaged Iran’s nuclear program and is believed to have been created by the U.S. and Israeli governments. The others – all designed for espionage rather than destruction – are DuQu, Flame, and Gauss.

The new malware adds to the arsenal of cyber tools that are quickly becoming the mark of nation-state intelligence gathering and warfare methods and provides new clues into how such operations are conducted. [continue]

Coders Behind the Flame Malware Left Incriminating Clues on Control Servers | Threat Level

The attackers behind the nation-state espionage tool known as Flame accidentally left behind tantalizing clues that provide information about their identity and that suggest the attack began earlier and was more widespread than previously believed.

Researchers have also uncovered evidence that the attackers may have produced at least three other pieces of malware or variants of Flame that are still undiscovered.

The information comes from clues the attackers inadvertently left behind on two command-and-control servers they used to communicate with infected machines and steal gigabytes of data from them.

Flame, also known as Flamer, is a highly sophisticated espionage tool discovered earlier this year that targeted machines primarily in Iran and other parts of the Middle East. It’s believed to have been created by the United States and Israel, who are also believed to be behind the groundbreaking Stuxnet worm that aimed to cripple centrifuges used in Iran’s nuclear program.

The new clues show that work on parts of the Flame operation began as early as December 2006, nearly six years before Flame was discovered this year, and that more than 10,000 machines are believed to have been infected with the malware. [++]

For more on Flame and other cyberattacks, check my tag, here.

Stuxnet Will Come Back to Haunt Us | Misha Glenny

"Once the logic of cyberwarfare takes hold, it is worryingly pre-emptive …"

THE decision by the United States and Israel to develop and then deploy the Stuxnet computer worm against an Iranian nuclear facility late in George W. Bush’s presidency marked a significant and dangerous turning point in the gradual militarization of the Internet. Washington has begun to cross the Rubicon. If it continues, contemporary warfare will change fundamentally as we move into hazardous and uncharted territory.

It is one thing to write viruses and lock them away safely for future use should circumstances dictate it. It is quite another to deploy them in peacetime. Stuxnet has effectively fired the starting gun in a new arms race that is very likely to lead to the spread of similar and still more powerful offensive cyberweaponry across the Internet. Unlike nuclear or chemical weapons, however, countries are developing cyberweapons outside any regulatory framework.

There is no international treaty or agreement restricting the use of cyberweapons, which can do anything from controlling an individual laptop to disrupting an entire country’s critical telecommunications or banking infrastructure. It is in the United States’ interest to push for one before the monster it has unleashed comes home to roost.

Stuxnet was originally deployed with the specific aim of infecting the Natanz uranium enrichment facility in Iran. This required sneaking a memory stick into the plant to introduce the virus to its private and secure “offline” network. But despite Natanz’s isolation, Stuxnet somehow escaped into the cyberwild, eventually affecting hundreds of thousands of systems worldwide.

This is one of the frightening dangers of an uncontrolled arms race in cyberspace; once released, virus developers generally lose control of their inventions, which will inevitably seek out and attack the networks of innocent parties. Moreover, all countries that possess an offensive cyber capability will be tempted to use it now that the first shot has been fired.

Read the rest

U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, "officials say" | The Washington Post

The United States and Israel jointly developed a sophisticated computer virus nicknamed Flame that collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon, according to Western officials with knowledge of the effort.

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.

The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The emerging details about Flame provide new clues to what is thought to be the first sustained campaign of cyber-sabotage against an adversary of the United States.

“This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.”

Flame came to light last month after Iran detected a series of cyberattacks on its oil industry. The disruption was directed by Israel in a unilateral operation that apparently caught its American partners off guard, according to several U.S. and Western officials who spoke on the condition of anonymity.

There has been speculation that Washington had a role in developing Flame, but the collaboration on the virus between the United States and Israel has not been previously confirmed. Commercial security researchers reported last week that Flame contained some of the same code as Stuxnet. Experts described the overlap as DNA-like evidence that the two sets of malware were parallel projects run by the same entity. [++]

Some Flame code found in Stuxnet virus: expert | Reuters

A leading computer security firm has linked some of the software code in the powerful Flame virus to the Stuxnet cyber weapon, which is believed to have been used by the United States and Israel to attack Iran’s nuclear program.

Eugene Kaspersky, chief executive of Moscow-based Kaspersky Lab, which uncovered Flame last month, said his researchers have since found that part of the Flame program code is nearly identical to code found in a 2009 version of Stuxnet.

The new research could bolster the belief of many security experts that Stuxnet was part of a massive U.S.-led cyber program that is still active in the Middle East and perhaps other parts of the world.

Although Kaspersky did not say who he thought built Flame, news organizations including Reuters and the New York Times have previously reported that the United States and Israel were behind Stuxnet, which was uncovered in 2010 after it damaged centrifuges used to enrich uranium at a facility in Natanz, Iran.

Instead of issuing denials, authorities in Washington recently launched investigations into the leaks about the highly classified project.

On Stuxnet and Flame, “there were two different teams working in collaboration,” Kaspersky said at the Reuters Global Media and Technology Summit in London on Monday.

Crypto breakthrough shows Flame was designed by world-class scientists | Ars Technica

Quick background: Flame is the third of three cyberattacks launched against Iran. Stuxnet, the first, was unleashed under Bush and accelerated under the Obama administration to trip up industrial controllers (PLC’s), making the centrifuges used for uranium enrichment go batshit, thus slowing down Iran’s program. Duqu was the second. It was based on Stuxnet, but apparently was only used to record information (logins,keystrokes,etc.). Duqu and Flame have not yet been claimed by anyone, although Israel and/or the United States are considered the likely culprits.

Dan Goodin from Ars describes how the malware enters a machine and speculates that only a wealthy state could have funded the research required for such a sophisticated bit of code:

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world’s foremost cryptography experts said.

“We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack,” Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. “The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications.”

“Collision” attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized. But it wasn’t until late 2008 that a team of researchers made one truly practical. By using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm—and exploiting weaknesses in the way secure sockets layer certificates were issued—they constructed a rogue certificate authority that was trusted by all major browsers and operating systems. Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Weger, of the Technische Universiteit Eindhoven were two of the driving forces behind the research that made it possible.

Flame is the first known example of an MD5 collision attack being used maliciously in a real-world environment. It wielded the esoteric technique to digitally sign malicious code with a fraudulent certificate that appeared to originate with Microsoft. By deploying fake servers on networks that hosted machines already infected by Flame—and using the certificates to sign Flame modules—the malware was able to hijack the Windows Update mechanism Microsoft uses to distribute patches to hundreds of millions of customers.

According to Stevens and de Weger, the collision attack was unlike any that cryptographers have seen before. They arrived at that conclusion after using a custom-designed forensic tool to analyze Flame components.

“More interestingly, the results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant,” Stevens wrote in astatement distributed on Thursday. “This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis. Further research will be conducted to reconstruct the entire chosen-prefix collision attack devised for Flame.”

The analysis reinforces theories that researchers from Kaspersky Lab, CrySyS Lab, and Symantec published almost two weeks ago. Namely, Flame could only have been developed with the backing of a wealthy nation-state. Stevens’ and de Weger’s conclusion means that, in addition to a team of engineers who developed a global malware platform that escaped detection for at least two years, Flame also required world-class cryptographers who have broken new ground in their field.

“It’s not a garden-variety collision attack, or just an implementation of previous MD5 collisions papers—which would be difficult enough,” Matthew Green, a professor specializing in cryptography in the computer science department at Johns Hopkins University, told Ars. “There were mathematicians doing new science to make Flame work.”

And, This just in:
Microsoft contains Flame with Windows Update revamp

In the past four years alone, Iran has been directly attacked by three cyber-weapons, each designed to cause havoc and siphon off data in their own unique ways. Stuxnet, Duqu, and Flame, the latest of the three, have astonished the cyber-security industry. For experts, the coding and function of these viruses have signified the beginnings of an ‘early age of cyber-warfare’, one that could become ‘a common trend in everyday life’ in the near future.

Flame: Opening a New Weapons Cache

You should read this whole piece. This, like the normalization of drone warfare as foreign policy, is happening way too fast.

Just How Many Cyberattacks Will Iran Take Sitting Down? | FPIF

At the New York Times, Thomas Erdbrink reported on the latest cyberattack on Iran via a virus known Flame. “Iran’s Computer Emergency Response Team Coordination Centre,” he writes, “fears that it’s potentially more harmful than the 2010 Stuxnet virus. … In contrast … the newly identified virus is designed not to do damage but to secretly collect information from a wide variety of sources.” [++]