The Invisible War In West Asia – Analysis

By

By Cherian Samuel

Almost imperceptibly, West Asia has become the new frontline of the current manifestation of cyber warfare with various types of cyber weapons being deployed by parties whose identities can only be speculated upon, but presumed to be state and non-state actors from within the region and beyond. Since the discovery of the Stuxnet malware in 2010, no less than five other “cyber weapons” have made their appearance over the past two years. The two recent attacks on energy companies are particularly worrisome since they represent a relentless and rapid escalation in capabilities and intent on the part of the perpetrators.

West Asia
West Asia

Stuxnet was directed against the Iranian nuclear programme, and suspicions of US and Israeli involvement were confirmed by subsequent reports. These suspicions arose in the first place because of the sophistication of the malware, which, experts declared, could only be engineered through the resources available to a nation state. After a lull of a year, the Duqu worm was discovered in September 2011, followed in quick succession by the Mahdi, Gauss and Flame malware. While Flame, Duqu and Gauss were said to share similar digital DNA with Stuxnet, being spread predominantly via USB sticks, their primary purpose seemed to be espionage, with their targets ranging from banking to governmental to energy networks. Flame, in particular, was noted for its modular nature, and its size, averaging 20 MB. Its capabilities ranged from recording Skype conversations and downloading information from smart phones to more mundane activities such as recording audio, screenshots, keystroke and network traffic recording. The Mahdi Trojan seemed to have different godfathers and was spread via phishing emails even though its purpose was also apparently espionage. Infections were reported from Iran, Israel, Afghanistan, the United Arab Emirates, Saudi Arabia, Syria, Lebanon and Egypt.

In April 2012, there were reports of a new virus, Wiper, that was much more malicious, and wiped off the data on all computers that it infected. This virus largely affected networks in Iran. Four months later, the Shamoon virus is reported to have wiped off the data from 30,000 computers of the Saudi Arabian State oil company, Aramco, followed a week later by a similar episode on the networks of the second largest LNG company in the world, Ras Gas of Qatar.

In what has become the norm for such cyber attacks, despite intense investigations by anti-virus companies, the origins of the malware have remained largely in the realm of speculation and inference. While ownership of the Stuxnet (and by inference, its cousins Duqu, Flame and Gauss) malware was claimed by the Obama Administration for electoral purposes, the Shamoon virus is speculated to be a reverse-engineered version of the Wipe virus unleashed by hackers loyal to the Iranian regime. Tit-for-tat attacks look set to become the norm as the countries of the region gird up their cyber loins.

Similarly, existing defences appear to be no match for these malware attacks. The countries of West Asia are among the most pro-active when it comes to controlling cyberspace, with Iran going to the extent of decoupling from the Internet and building its own national Intranet. The energy infrastructure companies that were attacked are among the biggest in the field and would no doubt have had many layered defences against such attacks, to no avail. In their defence, the critical infrastructure itself was not affected by the attacks. It must also be mentioned that the behaviour of some of the malware has been akin to sleeper cells, programmed to awaken on command and carry out instructions sent from command and control servers. As in the case of the modularly designed Flame malware, they can be used for multiple purposes, based on requirement.

From India’s perspective, there is much cause for concern in these developments. With a substantial part of its oil imports coming from the region, attacks on the global energy infrastructure centred in West Asia could have enormous repercussions on India. Unlike physical attacks which have been held at bay through international pressure, the anonymity of cyber attacks and the absence of norms and conventions make it difficult for the international community to restrain such acts. The sudden loss of petroleum supplies can be cushioned through a strategic petroleum reserve but efforts on to build such a reserve since 2004 are yet to bear fruition. Since gas has become a crucial energy component, the feasibility of establishing a Strategic Gas Reserve could also be considered.

Of more immediate concern are the vulnerabilities in Indian critical infrastructure which could render them vulnerable to similar attacks. While prediction and prevention strategies are all to the good, even greater emphasis needs to be placed on effective recovery strategies. All of this calls for greater coordination between the motley government, public and private enterprises that together run the country’s critical infrastructure.

Cyber attacks can have devastating results in terms of loss of livelihood, destruction of the economy and anarchy in society. Loss of life alone can no longer be a barometer of devastation. It is as important to have contingency plans ready to deal with all eventualities, as it is for countries to come together to nip this scourge in the bud, and to call out the rogue actors.

Originally published by Institute for Defence Studies and Analyses (www.idsa.in) at http://www.idsa.in/idsacomments/TheInvisibleWarinWestAsia_csamuel_070912

Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA)

The Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA), is a non-partisan, autonomous body dedicated to objective research and policy relevant studies on all aspects of defence and security. Its mission is to promote national and international security through the generation and dissemination of knowledge on defence and security-related issues. The Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA) was formerly named The Institute for Defence Studies and Analyses (IDSA).

One thought on “The Invisible War In West Asia – Analysis

  • September 8, 2012 at 2:56 pm
    Permalink

    War scenarios?Arayik Sargsyan, academician, President of geopolitical academy. Aryaik Sargsyan discloses details of US, NATO’s war against Serbia During the US and NATO war against Serbia, Russia refused to support the Serbian side, bound by the Chernomyrdin-Gore contract, deputy chairman of the Russian Academy for Geopolitical Issues Araik Sargsyan stated. As he told a news conference in Yerevan, the contract forbade Russia from providing S-300 anti-missile systems, in exchange for a promise of a presidential post to then RF vice president Victor Chernomyrdin. On March 24, 1999, US and NATO forces began an attack on Serbia. The bombing went for 78 days. During 78 days of air strikes approximately 2,500 people died, including 557 civilians, while some 12,500 were wounded. The administration at that time estimated the material damage at USD 100 billion. A massive campaign of ethnic cleansing was cited as the reason for the intervention. The NATO bombing was conducted bypassing the United Nations. =========================== Stop NATOhttp://groups.yahoo.com/group/stopnato

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *