Feeds:
Posts
Comments

Posts Tagged ‘HD Moore’

As I tweeted a day ago, Mikko Hypponen had an interesting blog post in which he discusses an email from a scientist working at the Atomic Energy Organization of Iran.  The details are a little unclear, but the claim is that some mix of a worm, Metasploit, and hacked computers blasting AC/DC at all hours of the night has been disrupting two nuclear facilities within Iran.  The AC/DC bit–“Thunderstruck,” as a matter of fact–has attracted the most attention.

It is hard to get a clear picture of what is going on, because there’s really two separate issues:  this worm and the possible use of Metasploit. Metasploit, of course, is not a virus; it’s an exploitation framework. Download it here if you’re curious. HD Moore, Metasploit’s creator, tweeted:

definitely a confused individual, Metasploit isn’t a worm and doesn’t ship with AC/DC’s Thunderstruck :)” (source)

However, you can indeed load an MP3 with Metasploit.  Moore explained:

you can do it today (msf> load sounds) & copy mp3 (source)

If the e-mail to Mikko Hyponnen is truthful and accurate, this strikes me as the act of an amateur–not a state, much less the US. Moreover, the fact that there is no effort to be covert makes me think this is a grand middle finger to US and other intelligence agencies. It is as if the perpetrator is saying, “You developed malware and cryptographic attacks over the course of years to penetrate computers relevant to the Iranian nuclear program; I did it downloading an app freely available to anyone.” They probably even used a commonly available exploit, too. I can’t see someone burning a 0-day to blast “Thunderstruck” to some Iranian engineers just for, as the kids say, “the lulz.”

If I had to ‘profile’ the perpetrator, I would suggest a lone male with a grudge or grievance with one or more US intelligence agencies (perhaps a past applicant). If there is a political motive, I would suggest someone affiliated with Anonymous or other like-minded group who might think disrupting Iranian networks would mean disrupting any ongoing US intelligence operation. Either way, the objective in my view is disrupting or discrediting US efforts rather than Iran’s nuclear program. That’s pure speculation, but that is the impression I get.

Advertisements

Read Full Post »