Monday, March 28, 2011

Stuxnet response from Iranian hacker?

On March 3rd I posed the question, "Is the U.S. ready for a Stuxnet response?" It appears the first anemic volley (anemic because this guy could have done sooooooooo much more) came in the theft of online security certificates (as I posted in point 3 last Thursday on the Cyber war proof-of-concept adventures) by an Iranian hacker. I caught the story in TIME, Inc.'s email posting today, which pointed to the actual confession by the hacker on Pastebin. While the so-called 21-year-old hacker establishes his bona fides by describing how he pulled of the SSL certificate heist, I put a question mark in my headline because I'm not totally convinced this isn't a full-blown Iranian government operation. You'll have to read the letter on Pastebin and make your own decision.

Interestingly, the hacker's letter ends in a Persian quote: “Janam Fadaye Rahbar” which I Googled and got:
“Janam Fadaye Rahbar”… means “I will sacrifice my soul for my leader”. 
 If this was indeed an Iranian operation, then it was just a subtle shot across our bow. And now that I think about it, Iran hasn't established much of a record for subtlety. Which builds a case for the lone-hacker theory.

When I Googled the above quote, I found a blog on which I couldn't resist leaving my own calling card:
Here’s a really dumb comment: “I will sacrifice my soul?” Hey, sacrifice your life. But your soul! Good grief man, a soul is for eternity. Your soul and its salvation is what we slog through this veil of tears to preserve. Let’s hope a better translation is, “I will sacrifice my life…” I’ll give you the benefit of the doubt here, as nobody could be this eternally stupid.
As for the Iranian hacker, if you are who you say you are then you have indeed made monkeys out of the RSA spin doctors.

1 comment:

  1. As of 18 February 2013, the RSA hack was clearly a Chinese operation.


Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?