Have you played with Metasploit? Typing commands in to msfconsole is a little hard to dramatize on screen. About the closest we've come to making the command line sexy was having Trinity from The Matrix run an nmap scan and a fictitious SSH exploit, and Trinity did it wearing a leather outfit (article and YouTube clip*). The real perpetrator may be doing it unshaven and in a bathrobe.Originally Posted by AdamG
Definitely strikes me as an amateur--although who knows. If the Iranians are shutting down key parts of their network (I don't know how vital the automation bits mentioned in Mikko's piece are) to do forensics to figure out how the attacker is getting in, maybe blasting "Thunderstruck" is the next best thing to some fancy exploit to ruin centrifuges. Or, perhaps, some group who wants to disrupt Iran's nuclear program is flooding them with garbage attacks to overwhelm Iranians attempts to analyze their more 'long-term,' targeted malware. That analysis takes time and personnel who are in short supply even in the U.S.
However, these types of attacks seem every bit as likely to disrupt professional intelligence agencies' access as help them in some way. That's why I think there is another motive at work here. The reported worm and Metasploit hijinks may even be two separate actors.
--
* - Funny enough, that little 1:09 clip dramatizes pretty much every policy maker's fear of an infrastructure attack on the U.S.
Bookmarks