Last week the New York Times took time out of its busy schedule advertising Apple products to run a yarn about a report of how Iran had conducted hundreds of thousands of cyberattacks against American industrial targets.
The article was based on a report penned by Norse, a prominent cybersecurity firm but they were working with the American Enterprise Institute, which is politely called a conservative think tank, or less politely a bunch of right wing nut jobs who think that the US can rule the world by bombing the Islam out of it.
According to the Daily Dot the Iran report was inaccurate, politically motivated, and a transparent marketing ploy to take advantage of headline-making international relations between the US and Iran.
Robert Lee, a US Air Force cyberwar officer and the cofounder of Dragos Security wrote an article pulling apart the Norse statistics.
The Norse and AEI report claims that over the last year, hundreds of thousands of cyberattacks have been launched by Iranian IP addresses on American industrial control systems. That number is up 128 percent.
Handshake counts
However that vastly overestimates the actual number of attacks. The Norse report identifies network scans and network handshakes as "sophisticated attacks" when they were not attacks at all. Lee said if handshakes were an attack you would be "attacking" Google.com every time you searched.
Even the attribution to Iran was highly questionable. Even though the authors admit that an Iranian IP address is not enough to convict Iran as they are trivial to fake.
Lee said that the report uses 'non-traditional use of industry terms' as a way to cover up for the fact that they are fudging.
Lee wrote. "I can't speak to Norse's intentions but my personal opinion is this is all marketing. It's hard to sell 'our unregistered IP addresses detect network scans that could be correlated with other data in a useful way.' It's easy to sell 'our platform of sensors detect cyber-attacks.' It is very misleading."
A 2014 attack originating from Iranian IP was described by Norse as an "Iranian effort to establish cyberbeachheads in crucial US infrastructure systems" but the attribution of the attack to actual Iranian state-backed actor as opposed to the Chinese hackers who targeted the company in 2012—was guess work.
Jeffery Carr of Taia Global, another cybersecurity firm, wrote: "No government is stupid enough to engage in cyber-attacks which can be easily traced back to them. That kind of stupidity only resides with security researchers who have a vested interest—often a monetary interest—in placing the blame for an attack on a given nation state."
Stuart Mcclure of Cylance told NPR that Iran's activities dropped-off dramatically over the last couple of months to the point where they've basically been shut down,".
Basically the involvement of right-wing political motivation is to paint Iran as a threat.
"People build this narrative that Iran is on the war path and Russia, China, and Iran are constantly these adversaries that want to kill all our cyberz," Lee wrote.
This makes it harder to accept the reality that all countries including the US and its allies, are increasing their ability to use cyber capabilities as a normal progression of states and militaries.
"The answer is in technical solutions for security and foreign policy recommendations to decrease confusion and establish international norms on the use of these capabilities. The answer is not in hype and marketing attempts."
