• Home
• About
• In the news / Citations
• Articles & Works
• Picture Gallery
• Contacts

Israel Blamed for Fueling Flame Cyber Weapon in Middle East May 29, 2012

The day after its discovery, there are few doubts that the infamous malware dubbed Flame (or sKyWIper) has been developed by a government with significant budget and effort. The complexity of the malware suggests that it has been used for a huge cyber-espionage campaign and, easily predictable, Israel is listed as the main culprit, even if in good company if it is true, as argued by some bloggers, that the malware was created by a strict cooperation coproduction between CIA and Mossad.

Israeli vice Premier Moshe Ya’alon has contributed to fuel the Flame: speaking in an interview with Army Radio, Ya’alon has hinted that Jerusalem could be behind the cyber attack, saying “Israel is blessed to be a nation possessing superior technology. These achievements of ours open up all kinds of possibilities for us.” In light of this statement, it does not appear a simple coincidence the fact that the main victims of the cyber weapon, as reported by Kaspersky Lab, are nations who may not be just considered in good neighborhood relations with Israel.

Consequently it is not that surprise the fact that the same interview has been readily reported by the Iranian News Agency Fars (which has interpreted it as a sign of liability and has hence blamed Israel for waging cyber war in Iran) as well as it is not that surprise the tone of several comments to an article posted on the Haaretz newspaper’s Web site (“Nice One Israel, Proud of You!!!!”).

Of course it is too soon to jump to conclusion,in any case, whether Israel (and U.S.) is behind Flame or not, I could not help but wonder how it is possible that a malware has been able to go undetected for at least 5 years. Are endpoint protection technologies really dead, leaving us at the mercy of a (cyber)world ruled by APTs?

If you want to have an idea of how fragile our data is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @paulsparrows on Twitter for the latest updates.

Related Articles

• “Flame” malware infiltrating Middle East computers: the most complex Cyber Weapon, ever! (theaviationist.com)

Largest U.S. exercise in Middle East furtively taking place in Jordan. Involving 19 countries and 12,000 military May 19, 2012

Almost ignored by some media outlets, a major strategic theater cooperation exercise including 19 countries and more than 12,000 participants is currently taking place in Jordan.

U.S. Central Command (CENTCOM) says that the Eager Lion 2012 is “the largest annual exercise in the Central Command area of operations” whose is aim is “to strengthen military-to-military relationships of participating partner nations through a joint, whole-of-government, multinational approach, integrating all instruments of national power to meet current and future complex national security challenges.   The exercise scenarios are designed to portray realistic, modern-day security challenges.  The scenarios are designed years in advance to fulfill collaborative training goals.”

Although “annual”, this year’s Eager Lion seems to be a bit different from 2011 edition: what does not pass unnoticed is that the drills are no longer bilateral (U.S. – Jordan) but involve the military of 17 different countries.

Participating countries are Australia, Bahrain, Brunei, Egypt, France, Italy, Iraq, Jordan, Kingdom of Saudi Arabia, Kuwait, Lebanon, Pakistan, Qatar, Spain, Romania, Ukraine, United Arab Emirates, United Kingdom and United States.

Image credit: U.S. Army via CENTCOM

Even if officials strongly denied the drills are aimed at any realistic threats in the region, the fact that the U.S. is amassing forces in Middle East seems to be a sign that Washington (along with several close and less close partners) is preparing to manage a large crisis response operation in that part of the globe.

In fact, there are fears that the Syrian uprising will force thousands refuge into Jordan across Syria’s southern border. And, there is also a specific concern that Assad regime could lose control of some its chemical and biological weapons stocks, that could illicitly smuggled into Jordan, as reported by the CNN.

Eager Lion, headquartered at Kasotc (King Abdullah II Special Operation Training Center), in Amman, focuses on irregular warfare, special operations, counterinsurgency and crisis response.

Little is known about the participating units. Just a few press releases and some images published on Flickr days after the exercise kicked off give an idea of what is currently operating in Jordan whilst there is almost no or little information about the assets and troops brought in by the rest of the coalition partners.

Among the most interesting ones, there are the Marines with the 24th Marine Expeditionary Unit and Iwo Jima Amphibious Ready Group (with the MV-22 Osprey tit rotor aircraft of the VMM-261) and the U.S. Air Force F-15s of the 104th Fighter Wing, Massachusetts Air National Guard, deployed to Mwaffaq Al Salti Air Base within the 131 EFS (Expeditionary Fighter Squadron).

Image credit: U.S. Air Force via CENTCOM

Middle East Cyber War: Revenge Of The Drones April 23, 2012

In the same hours in which I was publishing my post on Cyber Weapons, news agencies all around the world have begun to release (few) details about a new alleged Cyber Attack targeting the Iranian Oil Ministry, the National Iranian Oil Company and several other state-owned businesses.

The attack has been confirmed by a spokesman of the Iranian Oil Ministry, who also stressed that critical data have not been damaged or lost in the attack. Anyway, as a consequence of the Cyber Attack albeit as a precaution Internet access to several oil refineries has been cut off.

Of course Iran is not new to Cyber Attacks targeting Critical Infrastructures (do you remember Stuxnet and the possible hoax of Duqu Stars?), in any case it is too soon to draw any connection with Stuxnet or any other kind of State-Sponsored Attack, even because, according to the scant information available, only a server providing public information has been harmed.

Probably this malware has nothing to deal with cyber weapons but, just for fun, I cannot help but notice that this alleged Cyber Attack came in the same day in which, among many doubts, Iran has announced to have reverse-engineered the U.S. stealthy RQ-170 Sentinel drone captured by Iran in December 2011.

The revenge of the reverse-engineered drone?

[tweet https://twitter.com/paulsparrows/status/194494174488313856 align='center']

Obviously it’s ironic, but what if the drone was actually a Trojan horse?

[Read also: Captured U.S. stealthy drone in Iran: the simplest solution solves the mystery]

The mysterious hatch possibly housing a recovery chute. Image courtesy: Dave Krakow

Related articles

• What is a Cyber Weapon? (theaviationist.com)
• Iran claims it has decoded the U.S. stealthy RQ-170 Drone Intel but provides unsubstantiated evidence to prove it. (theaviationist.com)

After latest F-35 hack, Lockheed Martin, BAe Systems, Elbit under multiple cyber attacks….right now. March 14, 2012

I have just published a timeline covering the main Cyber Attacks targeting Military Industry and Aviation, but it looks like the latest events will force me to post an update, soon.

Although perpetrated with very different timelines, origins and motivations behind them, the last three days have seen a new wave of attacks against military industry that has unexpectedly become the point of intersection between cybercrime and cyberwar.

The first clamorous attack was disclosed a couple of days ago, when the Sunday Times revealed that alleged Chinese Hackers were able to penetrate into computers belonging to BAE Systems, Britain’s biggest defence company, and to steal details about the design, performance and electronic systems of the West’s latest fighter jet, the costly F-35 Joint Strike Fighter. The hacking attack has raised concerns that the fighter jet’s advanced radar capabilities could have been compromised and comes few weeks after papers about the future British-French drone were stolen in Paris.

Apparently, once again, an APT-based attack, or maybe one of its precursors, since it was first uncovered nearly three years ago. In any case, according to the sources and the little information available, it lasted continuously for 18 months, exploiting vulnerabilities in BAE’s computer defences to steal vast amounts of data. A fingerprint analogous to other similar cyber operations, allegedly generated from China such as Operation Aurora or the controversial operation Shady RAT.

Details of the attack have been a secret within Britain’s intelligence community until they were disclosed by a senior BAE executive during a private dinner in London for cyber security experts late last year.

Curiously the F-35 seems to be a very attracting prey for hackers as it was already the victim of a Cyber Attack in 2009; once again the latest attack is believed to be originated from China, who is showing a restless cyber activity.

Although completely different for impact and motivations, a second attack has just been announced by the infamous hacking collective Anonymous, which, in name of the #OpFreePalestine operation, has published the contact details for senior staff at BAE (hit once again), Lockheed, Gulfstream Aerospace, a division of General Dynamics, and the United States Division Of Israeli Owned Arms Company Elbit Systems. An attempt to embarrass military industry considered involved in the events happening in Palestine.

Although the data dumps apparently contain little valuable information (according to V3.co.uk many of the telephone numbers listed are for company headquarters, while several of the names appear to be out of date), the latest attacks represent a quantum leap in the Middle East Cyber War, after the “reign of terror” threatened by Anonymous against Israel.

The F-35 JSF is not only the most advanced stealthy fighter plane of the next future. It is also the most expensive. That’s why some partners have been compelled to downsize their initial requirements because of cuts imposed by the increasing unit price (with the new contract the total unit cost for an LRIP 5 jet is 205.3 million USD!!).

Apparently these cuts are interesting even the IT Security budgets of the manufacturers.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @paulsparrows on Twitter for the latest updates.

Related articles

• Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry (theaviationist.com)

Unknown hatch on captured U.S. stealth drone raises questions December 19, 2011

The amout of contribution I receive each time I publish a blog post on the stealth drone now part of Iran’s asset is amazing. For instance, yesterday, few minutes after publishing the Infographic that I used to explain how the drone was captured (a theory based on the known facts to date), I got an email from Dave Krakow with an interesting drawing he sent me to show how the mysterious hatch on the top of the RQ-170 Sentinel, it’s not up to the typical American Aerospace standards. “The details are imprecise, nothing like Lockheed Martin products.”

Image courtesy: Dave Krakow

Dave believes the thing shown by Iranians was possibly constructed previously, for radar signature research, with details added in a hurry for cameras. “A lot of the commentary on the web regarding general accuracy assumes Iranian intelligence has only the same photos we have on the internet, and thus they could only know certain details if they had an original.  I don’t think this is a reasonable assumption” he wrote to me.

For sure, as highlighted in the above image, the mysterious “top hatch” (that I supposed could be used to deploy a recovery chute) features some oddities. Some of them in particular, raise questions. However the angle of the camera, the effect of the zoom, and many other contributing factors (lights, shadows, image compression etc) may have affected the quality of the footage shown on Iran State TV rendering, for example, fasteners seemingly randomly spaced.

Furthermore, there’s still a chance that Iranians worked on the Sentinel after they recovered it: maybe they tried to get access to the internal hardware, removed panels to inspect lenses, memories to look for interesting data or to disable any self-destruction mechanisms or Emergency Locator-like systems, in order to prevent the Americans from locating or destroying it.

Nevertheless, we can’t rule out the possibility that the one showcased in what looked like a school in Kashmar was actually obtained by melting pieces belonging to various wrecked Sentinels that Iran has downed in the past, even if this would imply that the U.S. have already lost two or more “Beast of Kandahar” robots in Iran! By the way, Iran has recently announced it will show the remains of three U.S. and four Israeli drones downed in the last years while spying on Iran’s nuclear program.

Someone argued that a deployed recovery chute would have confirmation only if hatch doors were opened but I’ve already given a possible explaination for the fact that they were closed.

Someone suggested the drone is too clean for a crash landing, however, if a recovery chute made its crash landing soft, I would expect a damaged belly, as the hidden bottom of the drone seems to confirm.

Stay tuned.

• Subscribe to Blog via Email

  Enter your email address to subscribe to this blog and receive notifications of new posts by email.

• Facebook page

• The Aviationist patch

  

  Send me an email if you want to support this site buying the original TheAviationist.com patch, only available through this website!

  4.33 inch (11-cm) patch on velcro.

• Donations

  Support this website by making a donation

  
• 
• 
• 
• 
• 

• Blog Authors

  

  

  

  

  

  

  

• Categories

  Select Category 9-11 Aircraft Carriers airships Airshow Airspace violations Armed Forces Day Aviation Aviation Safety Bizarre Books Calendar Captured Stealth Drone China Crime & Homeland Security Digital Photography Drones F-104 Farnborough 2012 Flight Simulation Giornata Azzurra Grosseto Hacking Helicopters Information Security Information Warfare Iran ItAF Museum Italian Air Force Italian Navy Libyan Uprising Mali Maritime Security Military Aviation    494FS Deci    F-35    Spring Flag    Vega 2010    Winter Hide 2011 Military History    Falklands War Museums NH90 crash non-military aviation North Korea Operation Odyssey Dawn Operation Unified Protector Osama Bin Laden raid Panoramic Photography Patches Photography Pillars of Defense Podcast Satellite Season's greetings Space Special Operations Stealth Black Hawk Swiss Air Force Syria Turkish RF-4E shot down Uncategorized weapons Yearly summary

• Tags

  Aeronautica Militare Afghanistan aircraft carrier AMI Aviation Safety AWACS Benghazi Decimomannu Electronic Warfare Eurofighter Eurofighter Typhoon F-16 F-2000 helicopter Hornet Iran Israeli Air Force ItAF Italian Air Force Libya Libyan uprising Lockheed Martin Lockheed Martin F-35 Lightning II Military Aviation Mirage 2000 NATO Pratica di Mare Rafale Royal Air Force Sentinel SIGINT Sigonella Spanish Air Force Surface to Air Missile Syria Tornado Tornado ECR Trapani Turkish Air Force Typhoon U.S. Air Force UAV United States Air Force Unmanned Aerial Vehicle USAF

• Top Posts

• Archive of previous posts

  Select Month May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 May 2006 March 2006 November 2005
• 
• 
• 

• Blogroll

  • 102° Gruppo CBOS Virtuale
  • 916 Starfighter
  • Air Devils
  • Airplanes Magazine
  • Associazione culturale 4° Stormo Gorizia
  • Aviopress
  • Decimomannu airbase
  • Flightstats
  • Google Globetrotting
  • Great Circle Mapper
  • Hackmageddon
  • Military Aviation Blog
  • My pics on A.net
  • My pics on JetPhotos.net
  • SAF 21 a website dedicated to the Contemporary Swiss Air Force
  • Scramble
  • Wings over Iraq

• Resources

  • 
  • Aviationintel.com
  • Flight24.com
  • Flightradar24
  • 
  • Information Dissemination
  • LiveATC.net
  • Mil Mode S
  • Mysteryship
  • Planefinder

• On Air

  Click on the thumbnails below to watch the videos of my TV interviews:

  

  

  

• Comments policy

  Visitors can add a comment to every post in the blog. However a few rules must be followed:
  Comments must be signed: Anonymous comments will no longer be accepted. You can use your initials or a nickname, but email addresses are required for commenting even if they will not be published on the blog, nor shared. Comments without email address will not be approved.
  Language and Manners: you can criticize posts and articles in this blog, but comments which include offensive or inappropriate language, or considered by the blog owner to be rude and offensive, will be edited or deleted. Play nice.
  How the Author will respond: comments on this blog will only be responded to in direct response to the blog comment. If you need a private reply by the author, send him an email.
  Blocked Commenters: Anyone who violates this Comments Policy may be blocked from future access and/or commenting on this blog.
  All Rights Reserved: The blog author reserves the right to edit, delete, move, or mark as spam any and all comments. He also has the right to block access to any one or group from commenting or from the entire blog.
  Hold Harmless: All comments within this blog are the responsibility of the commenter, not the blog owner. By submitting a comment on this blog, you agree that the comment content is your own, and to hold this site and Author harmless from any and all repercussions, damages, or liability.
  

• OPSec compliant site

  "Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information" (Wiki).
  Hence, OPSec is to mil ops what, more generally speaking, INFOSec is to information (and information systems). Learn more about INFOSec and its impact on mil operations by visiting the Information Securitysection of this site.
  As a journalist belonging to the Italian Journalists Society (Ordine dei Giornalisti) all the information and reports in this site are provided in accordance with a code of ethics based on the freedom of information right (ratified also by the Italian Constitution and made a right of every person by the Universal Declaration of Human Rights and the European Convention for the Protection of Human Rights and Fundamental Freedoms) that takes into proper consideration OPSec implications and sensitiveness of information. Details on which is deemed sensitive in nature is edited, limited or postponedly published; all the information published on this site are carefully checked and were obtained by interviews, researches, studies and analysis of material whose publication was implicitly or explicitly authorized and/or is in the public domain.
  

  
  

  

  

  

• The policy on this site is to credit all images with known sources and to ask specific permission from the original owners of content. The credit and the link should be within the text. If you see an image that you'd like to remove for any reason, or to correct the attribution info - or if you know the source for the "original unknown" images - please send me an email with as much details as possible. When possible, also contents in the Public Domain will be credited. Please consider that all the external contents and images used within a post in this blog are used within the fair use doctrine that allows limited use of copyrighted material without requiring permission from the rights holders for analysis, news reports, studies, etc.
  

• © David Cenciotti

  Contents of this blog/website may not be used withour author's prior written permission. All rights reserved.

• Feeds

• Full
• Comments