 Cyber Conflict, Module 12, Iranian Cyber Operations. Once you have completed the readings, lecture, activity, and assessment, you will be able to identify the target associated with Operation Olympic Games, articulate how and what type of equipment was affected by the Stuxnet virus at the Natanz, Iran nuclear site. Welcome to Cyber Conflict, Module 12. In the last lecture, we looked at two pillars of Iranian cyber defense strategy. One pillar includes ensuring regime survival through surveillance and information blocking. The other pillar is training a cyber workforce and building cyber defenses and offenses. We will discuss these training and building operations in this lecture. After Stuxnet, the year 2011 and 2012 saw additional malware intrusions into Iranian networks. The Duke malware discovered in 2011 is believed to be related to the Stuxnet worm. It exploited vulnerabilities in Microsoft Windows and likely was engineered to spy on computer systems. The flame malware discovered in 2012 likely also was engineered for spying, but it was much more sophisticated, with abilities to capture audio recording, keyboard activity, and network traffic, and possibly even grab contact information from nearby Bluetooth-enabled devices. The flame malware infected computer systems throughout the Middle East, but Iran suffered the most. In response to these malware intrusions, the Supreme Leader of Iran ordered the creation of a Supreme Council of Cyberspace to pull the country's cyber talent and stem the damage from the onslaught of malicious attacks. The Islamic Revolutionary Guard Corps, or IRGC, is an organization of elite military personnel with the capability to conduct various types of special warfare tactics, both on ground and in the cyber world. Although initial training in computer science and malware takes place within Iran's universities, the IRGC cultivates selected individuals into highly skilled, offensive and defensive cyber warriors, conducting such operations as the intrusion into a flood control dam in New York, noted in the last lecture. Experts are that the IRGC cyber warfare program employs nearly 2,400 people. In addition to the IRGC program, Iran has created a Mahir Center for Information Security that operates as part of its Information Technologies Ministry. The Mahir Center defends Iranian governmental and military networks and conducts research into malware engineering, possibly for use in future attacks. In an offensive move, Iran launched multiple network reconnaissance campaigns to gain proprietary information about the critical infrastructure systems of more than a dozen countries. These efforts targeted oil and gas production, major defense contractors, airports, telecommunications and even U.S. military installations. In August 2012, Iran initiated a massive counterattack against Saudi Arabia. Using the Shemun virus, which was partially reverse engineered from the flame virus, Iran corrupted more than 30,000 computers in the Saudi oil company, or Aramco. A month later, Iran slightly disrupted multiple U.S. banks and even the New York Stock Exchange via distributed denial of service, or DDoS, attacks. And another example of revenge, as noted earlier, occurred in 2013 when Iranian hackers attempted to shut down a large dam in New York state. Although executing the revenge attacks was somewhat impressive in terms of ingenuity, none seemed to require an exceptional degree of sophistication. However, experts are now concerned that Iran may develop its offensive cyber capability quickly and markedly. In January 2016, the United States, along with the international community, reached a deal with Iran on its nuclear program. As part of the deal, the majority of previous economic sanctions on Iran were lifted, including its ability to export oil and import advanced technologies. Because the country had already conducted damaging cyber attacks during the sanctions period, and with the effects of decades-long economic sanctions quickly dissipating, Iran will likely be a cyber force to be reckoned with within the near future. True or false? Operation Olympic Games was a cyber attack targeting United Nations offices in Iran. The answer is false. Which of the following does not describe how the Stuxnet worm affected the Iranian nuclear facility? A. Stuxnet affected the speed with which the uranium centrifuges spun. B. Stuxnet spoofed the telemetry associated with the uranium centrifuges. C. Stuxnet lowered the temperature of the water in the Natanz nuclear reactor. D. Stuxnet worked in conjunction with the Duke malware to exploit vulnerabilities in the Microsoft operating system used at Natanz. The answer is C. Stuxnet lowered the temperature of the water in the Natanz nuclear reactor. The activity for this module asks that you research the Stuxnet worm. How many lines of code did the worm comprise? What vulnerabilities did the four zero days exploit? Besides knowing the types of centrifuges and industrial control systems that were used at Natanz? What would the Stuxnet's creators have needed to know to produce the worm?