Okay, so it's an unsophisticated attack, used for data gathering purposes directed at the police(not the military mind you). And it's obviously Iran. Really?
I'm not saying it's not Iran, it might be for all I know. I'm just interested in knowing why it's so obvious to that guy and how this is not propaganda to counterbalance the whole "stuxnet" debacle?
What could Iran possibly stand to gain from snooping on Israeli police? How about organized crime?
"What could Iran possibly stand to gain from snooping on Israeli police?"
I can think of lots of things, starting with information that is shared by Mossad. Even identifying the police officers who liaise with the intelligence service might be useful. If you can grab that info along with maybe the code names for a few projects, you can follow up with another email that sounds more plausible "Hey this is Moishe, can you shoot me the latest on the XYZ investigation?"
I guess I'm a bit surprised some of them fell for this. That's a pretty typical/textbook/well-known attack vector. Given that they're a police department I'm surprised they didn't have some kind of training on that. Not necessarily even anything super-sophisticated, but enough to know not to click on an unexpected attachment in a suspicious looking email.
It sounds to me like an utterly manufactured incident. Getting an email attachment bit of malware is not the hallmark of state-sponsored hack attacks. The people who are saying that it is are liars, plain and simple. It is not a mistake, it is an intentional lie. This is pretty clear when you consider that they immediately jump to blame Iran, who has done an astonishing amount of 'attacking' for not having any casualties or injuries or damages of any form, real or imagined, if you listen to the Israeli government. Like 'terrorism' in the West, 'Iran' is the magic word to get increased funding in Israel.
Viruses like this spread in corporations and government organizations every day in the US, Israel, and every other country on the planet. Today, it was convenient for them to pretend like it was a big deal in Israel because they want more money. So, they lie to a public that, on the majority, knows nothing about technical matters and is scared by them, and they claim that some ridiculous weak sauce malware was almost the end of the universe.
It's just pricking the amygdala of an ignorant public in order to urge the herd in a desired direction, and nothing else. The bottom line with cyber-security is that governments are the last organizations that should be involved in trying to research it. It is a matter of complexity, exact precision, and delicacy. You can NOT compromise on ONE single aspect of it. If you do, for any reason whatsoever, then you've destroyed all the other work done on security. Political organizations cannot stomach the exactness, the tolerance for failure necessary, to get real work done. They weren't designed for it, and they can't just magically get it done by accident. That won't stop them from telling everyone the boogieman is stuffing hacker 'wares' in all their holes and that if they just shovel enough gold into the magic pockets of the tax collector that everything will be alright, of course.
"... numerous people apparently clicked on the file, releasing the virus into the police department’s computer system, said Bachar. “Closing off the department’s computers to the Internet is a complicated matter, and police would have done so only if they felt that there as an acute need to go offline.” Among the measures police have reportedly taken to prevent future attacks is to ban any outside media — USB drives, CDs, etc.– from connecting with systems."
Does it make sense to anyone to ban physical media but not connecting to the Internet?
Probably not, I'd like to know how many of them have Dropbox now :).
But at lest they can try to filter aggressively all the internet traffic (probably it is not possible to do right, and probably the people will complain because the filter block many innocent sites). It's (almost) impossible to put some guard at the door and force everyone to scan all the physical drives they have (and remember to scan the mp3, and smartphones, and ...).
So, can someone please explain me why "Closing off the department’s computers to the Internet is a complicated matter"? I mean is it so hard to have sensitive databases on an internal network, that is disconnected from the outside world and only has a limited white list of media devices that can be connected to it?
I'm not saying it's not Iran, it might be for all I know. I'm just interested in knowing why it's so obvious to that guy and how this is not propaganda to counterbalance the whole "stuxnet" debacle?
What could Iran possibly stand to gain from snooping on Israeli police? How about organized crime?