Iranian hackers against NASA,isolated attack or cyber warfare act?

Pierluigi Paganini May 23, 2012

Exactly on week ago a group of Iranian hackers named Cyber Warriors Team claimed to have compromised an SSL certificate issued to the Research and Education Support Services of NASA.  The press released by the Cyber Warriors Team said that hackers have written an HTTPS protocol scanner to find weaknesses in the NASA website.  A NASA spokesman hasn’t denied the hack declaring that the agency is currently investigating on the event.

Why steal a certificate?

Last year I wrote an article on the main reasons behind the theft of a digital certificate, let’s remind the principal motivations:

Malware production – Installation for certain types of software could needs that its code is digitally signed with a trusted certificate. By stealing the certificate of a trusted vendor reduces the possibility that the malicious software being detected as quickly. That is exactly what happened for Stuxnet virus.

Cyber warfare – Criminals or governments could use the stolen certificates to conduct “man-in-the-middle” attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly tampered and intercepted. That is for example what occurred in the DigiNotar case … companies like Facebook, Google and also agencies like CIA, MI6 were targeted in Dutch government certificate hack.

Economic Frauds – digital signature give a warranty on who signed a document and you can decide if you trust the person or company who signed the file and if you trust the organization who issued the certificate. If a digital certificate is stolen we will suffer of an identity theft, let’s imagine which could be the implication.

In the specific case the hackers have motivated the attack, in a message published on Pastebin, declaring that the certificate is necessary to perform a man-in-the-middle attack.

Our main work and we target Is in use.Our target was not Internet sabotage , Our Target was Do “MAN IN THE MIDDLE” attack.

( with using Confirmation obtained ) and also Clear the track after each connection in the network For Hide and Disclosing my presence in Two-way communication between.

But the problem still exists And its use isn’t Hard For We (CW.T) [ ] <<<<

we obtain User information for thousands of NASA researcher With Emails and Accounts of other users.Send For You soon Videos of Man in the middle attack and Stealing relationship ( Addressing security managers at NASA ).

Analyzing the screenshot published by the hackers the certificate was utilized on the site of NASA’s Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES). The hackers have exploited the authentication process obtaining the administrator’s credentials.


In the message is reported that the hackers have exploited thousands of NASA researcher’s accounts, and they have promised that will release a video of the operation, anyway it’s clear the intent of cyber espionage of the group.

What it is interesting to investigate is the real origin of the attack, is it an isolated operation made by a group of Iranian hackers or is it an act of cyber warfare?

To  hazard hypotheses let’s remind the content of significant report “The Iranian Cyber Threat to the U.S. Homeland” Statement before the U.S. House of Representatives Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies and Subcommittee on Counterterrorism and Intelligence. In the document are analyzed the growing Iranian capabilities, the country expanding exploitation of cyberspace can be attributed to two principal geopolitical drivers:

  1. The first are the Iranian regime’s efforts to counter Western influence and prevent the emergence of a “soft revolution” within its borders. That digital barrier has grown exponentially over the past three years, as Iran’s leadership has sought to domestic dissent and curtail the ability of its opponents to organize.
  2. The second geopolitical driver of Iran’s interest in cyberspace relates to the expanding conflict with the West over its nuclear ambitions.

The report clarify the position of Teheran that is considering itself engaged in a cyber war with West, due this reason the Iranian regime is mobilizing in response launching an ambitious $1 billion governmental program to boost national cyber capabilities, acquiring new technologies, investing in cyber defense, and creating of a new army of cyber experts.

Iranian Government is working on different fronts in my opinion, on one side it’s recruiting internal hackers in the name of religious motivations, on the other hand it is acquiring knowledge from mercenaries hackers coming from East Europe and also from Asia. It will no difficult for Iran to prepare its own cyber arsenal, and these cyber weapons could hit vulnerable western critical infrastructures.

I personally think that the cyber attack is linked to the Iranian government.

It’s not the first time that the NASA is hacked, in the beginning of the year several attacks revealed that the agency is unprepared for cyber attacks.

The situation is worrying, we must consider the strategic importance of intellectual property exposed due to these accidents. We have repeatedly stressed the attention of foreign governments in strategic technology solutions in industries such as aerospace. In these areas it is extremely high the contribute in term of research and innovation made by new technologies that are introduced in later years in the traditional sectors. Be able to steal these information means bridging a gap of technology and research for decades with disastrous consequences in economic terms.

NASA Inspector General Paul K. Martin declared that in 2011 the agency was the target of 47 cyber attacks known as advanced persistent threats (APTs) surely made by group of expert hackers with deep knowledge of their target and of the information to search and steal, this is the proof that we are facing with cyber intelligence operations made by hostile governments. Martin admitted:

“the attackers had full functional control over these networks.”

Since the declaration of the official, a number of security experts claimed that some actions were done to improve security of the infrastructures of the agency, but the events seems demonstrate that they are not sufficient.

Pierluigi Paganini


you might also like

leave a comment