Iran

The BBC is reporting that websites belonging to the Iranian oil ministry and national oil company are offline after suffering a malware infection this weekend. Iran has disconnected all of its oil processing facilities as a precaution, including the facility at Kharg Island which processes more than 90% of Iran’s exports. The semi-official news agency, Mehr, reported that information about users of the websites had been stolen, but no sensitive data had been accessed. ...

As I said in the other post, Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers. The hacker was identified as Khosro Zare’, a former bank-system specialist in Iran who recently left the country. Zare’ claimed in a blog that he hacked the PIN codes to highlight the vulnerability of Iran’s banking system. ...

An Iranian hacker published the information about some 3 million debit cards of 10 Iranian banks, including codes and passwords. The information has been published by someone named “Khosrow Zare Farid” who was the manager of a company which operates SHETAB payment network in Iran and produces and installs POS devices. “Around one year ago I found a critical bug in the system. Then I wrote and sent a formal report to all the CEO of banks in Iran but none of them replied to me. Now I decided to publish the information. Governments tried to catch me by Iran Cyber Army but they failed,” he said, according to Kabir News website ...

Washington Post wrote: TEHRAN — Whenever an Iranian blogger, connects to the Internet from his office, they switches on a special connection that for years would bypass the Islamic republic’s increasingly effective firewall. But recently the software, which allowed them to go online through portals elsewhere in the world, stopped working. When it sporadically returns, speeds are so excruciatingly slow that sites such as Facebook become unusable. [SNIP] Many fear that the disabling of the software used to bypass the state-run firewall heralds the coming of what authorities have labeled the National Internet. The government’s technology officials have announced the construction of a domestic Internet network comparable to an office intranet, which would block many popular sites. They have hinted the National Internet can be launched at any time, and have said it will gradually start working over the coming three years. ...

The H-Security: The online privacy and security service Tor was blocked by the Iranian government late evening (local time) 13 September. This was done by adding a filter rule to the Iranian border routers which identified Tor traffic and blocked it. The blocking was quickly discovered by Tor and the project released a fix a few hours later. The fix consists of a new version of the Tor software, Tor 0.2.3.4-alpha, and once this is installed on relays and bridges, the company expects normal service to be resumed for users in Iran. ...

Google: Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate. ...

A security man stands next to an anti-aircraft gun as he scans Iran’s nuclear enrichment facility in Natanz, 300 kilometers [186 miles] south of Tehran, Iran, in April 2007. Wired: In what appears to be the first confirmation that the Stuxnet malware hit Iran’s Natanz nuclear facility, Iranian President Mahmoud Ahmadinejad said Monday that malicious computer code launched by “enemies” of the state had sabotaged centrifuges used in Iran’s nuclear-enrichment program. ...

The Stuxnet Trojan is very well covered in the media as more and more details about its sophisticated code become public. It abuses four previously unknown security vulnerabilities in Windows to enter the system and is specialized on attacking Siemens processing systems. An interesting information which didn’t get much attention yet comes from heise Security: The nuclear plant in Busheer isn’t really the target of the worm as rumours say, as the attacked systems aren’t approved for usage in nuclear plants. ...