Downed Drone Proof of Secret War in Iran?

Iran steps up preparations for military conflict after a remarkably intact American RQ-170 Sentinel stealth reconnaissance drone is displayed on Iranian TV. But is the find proof of an impending invasion or just another clue to an effective covert war already being fought in Iran?

The evidence for a secret war is overwelming:

  • Stuxnet – Active since as early as 2006, destroyed more than 1,000 centrifuges in 2010
  • Duqu – Collected valuable information for future Stuxnet-like attacks and may have provided intel that led to several “mysterious explosions”
  • Some explosions targeted Iran’s Nuclear Scientists at their homes
  • An explosion at a secret missile base near Tehran killed the head of Iran’s long-range missile program along with 17 top members of Iran’s Revolutionary Guard
  • And an explosion rocked the  uranium conversion plant in Isfahan

Cyber attacks, numerous explosions and now a stealth reconnaissance drone captured, all unrelated coincidences? I think not. Neither does a retired senior Israeli General:

“There aren’t many coincidences,” retired Major-General Giora Eiland told Israel’s army radio, noting that it was the second attack on an Iranian nuclear site in a month.

“When there are so many events, there is probably some sort of guiding hand, though perhaps it’s the hand of God,” said Eiland, who is Israel’s former national security chief.

Iran hasn’t been completely silent in responding to these incidents. Several rockets struck near Israel’s border with Lebanon just hours after the explosion in Isfahan. And Iran has been increasing military production including shallow water submarines, presumably in preparation for an invasion.

Even the “US Virtual Iranian Embassy“, created to “reach out” to Iranians was blocked within hours of it’s launch.

Are you waiting for an attack on Iran by US and Israeli forces? The evidence is overwhelming, it has probably already been going on covertly for years.

Iran Cyber Commandos down US Stealth Drone? – Probably Not

Several news stories are floating around about the alledged downing of a US RQ-170 stealth drone in Iran. According to the Washington Post, Iran claimed that they not only had a largely undamaged state of the art US stealth drone, but that it was taken over and brought down by Iran’s Cyber Warfare unit.

The RQ-170 Sentinel (artists rendition above) is really a pretty interesting aerial platform. Although most of the specs have not been released, the “flying wing” unmanned stealth drone most likely carries a mixture of electronic sensors, communication and video equipment for use in reconnaissance and electronic warfare. At least one was probably used to record images and monitor Pakistani communications during the Navy SEAL’s raid on Osama Bin Laden’s hideout.

I have mentioned before about drones being affected by the IED jammers used on US military ground vehicles, but did Iran’s “cyber army” really bring one down? And could it be tied to the recent malware infection of drone mission support systems at Creech Air Force Base?

Not Likely.

According to the Wall Street Journal, a statement released by NATO’s International Security Assistance Force earlier today states that Iran may be referring to a drone that they lost communication with late last week, that most likely developed a mechanical issue:

“U.S. and NATO officials wouldn’t say what kind of American drone had disappeared, but U.S. officials said there was no indication that the aircraft had been shot down by the Iranians. One American official said the drone likely suffered from a mechanical failure.”

Apparently Iran has claimed to have shot down drones before, but no evidence has ever been brought forth and US has denied that they have lost drones to Iran in the past. So far in this instance, the only “evidence” that Iran has produced is a stock photo of an RQ-170.

Time will tell, but with all the news about mystery explosions in Iran, maybe Stuxnet and its variants aren’t the only active threats to Iran’s nuclear ambitions.

Combined Endeavor 2011: World’s Largest Communications Exercise

Combined Endeavor 2011: World’s Largest Communications Exercise – Back in September, 23 NATO nations and 17 partner nations completed an annual interoperability exercise bringing together Command & Control, Communication and Networked Computer systems.

Cyber Endeavor 2011 is a cyber security collaboration, familiarization and engagement program designed to strengthen partner nation cyber defense capabilities through seminars, events and exercises. This exchange of ideas builds cyber defense partnerships with NATO, partner nations, academia and industry.” – US Army Europe

This is a great way to get nations working together on the Cyber Security issues that the US and it’s allies are facing.

HP Printer Hack Video shows Tweeting Sensitive Data, not just “Burning Paper”

The “HP Printer Paper Burning Hack” has made headline news, but the actual video from the Intrusion Detection Systems Group at Columbia University paints a totally different story.

In the video, Professor Salvatore J. Stolfo and a senior graduate research assistant shows how a maliciously formed print job could cause an HP printer’s firmware to be reprogrammed so it acts like a copy machine – sending an exact print job to any place in the world, but also as a pivot point to attack computers on the local network.

A print job specially crafted with a replacement firmware (operating system code for printers) is sent to the printer. The original printer firmware is erased automatically, without user intervention, the malicious firmware installed and the printer comes back online. Then when a print job is sent to the printer, in this case a tax return, an exact duplicate is sent to the attackers printer (which could be located anywhere in the world). There is no notification that the extra print job is being created or where it is sent.

But that is not all, the attackers also get a tweet on their twitter page showing sensitive information parsed from the print job!

In this instance, a copy of the user’s social security number is pulled off of the printer page and sent to the attackers Twitter page. Again without notification to the end user who is just printing their tax return.

Next, the graduate student shows how the reprogrammed printer could be used as a pivot point and used to attack computers on the users local network. In this case, the simulated internet based attacker uses the printer to create a tunnel across the internet and into the local network. The student then uses the popular penetration tester tool Backtrack to send an exploit to an internal Windows XP system while pivoting through the printer and gains an administrator shell into the PC.

They do mention briefly that they could get a brown line on the paper, but state that the built in thermostat prevented the paper from actually catching fire. I just don’t get how the media focused on this part of the presentation and not on the other more serious security issues brought forth in the presentation.

According to the Columbia University research team, this type of attack would be very hard to detect or deter. There is no anti-virus or built in security feature on the printer to stop the malicious firmware update to take place. Or notification that the printer has been compromised. But the problem does not end there. They mention that this type of problem is inherent in numerous embedded devices including VoIP phones, routers, webcams etc.

Access to the devices need to be filtered and programs that monitor and record network traffic for malicious activity are always a good idea in a corporate environment.

Check out the video for yourself at

*** Update – HP has released a security document explaining recommended steps to take to secure HP printers – One of the recommended steps is to disable remote firmware update until you need to use it.