The NSA Acknowledges What We All Feared: Iran Learns From US Cyberattacks
BY KIM ZETTER 02.10.15
After the Stuxnet digital weapon was discovered on machines in Iran in 2010, many security researchers warned that US adversaries would learn from this and other US attacks and develop similar techniques to target America and its allies.
A newly published document leaked by Edward Snowden indicates that the NSA feared the same thing and that Iran may already be doing exactly this. The NSA document from April 2013, published today by The Intercept, shows the US intelligence community is worried that Iran has learned from attacks like Stuxnet, Flame and Duqu—all of which were created by the same teams—in order to improve its own capabilities.
The document suggests that such attacks don’t just invite counterattacks but also school adversaries on new techniques and tools to use in their counterattacks, allowing them to increase the sophistication of these assaults. Iran, the document states, “has demonstrated a clear ability to learn from the capabilities and actions of others.”
The document, which was prepared for a meeting between the NSA director and the British spy agency Government Communications Headquarters, doesn’t mention the Stuxnet attack by name, but instead refers to “Western attacks against Iran’s nuclear sector.” Stuxnet targeted machines controlling centrifuges in Iran that were being used to enrich uranium for Iran’s program.
In addition to attacks against Iran’s nuclear sector, however, the document also states that Iran learned from a different attack that struck its oil industry. The report says Iran then replicated the techniques of that attack in a subsequent attack called Shamoon that targeted Saudi Arabia’s oil conglomerate, Saudi Aramco.
“Iran’s destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary,” the NSA document states. “Iran, having been a victim of a similar cyber attack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others.”
How Wiper Inspired Copycat Attacks
More at link