Iran

COVID-19 and denial

Fighting SARS Memorial, Hong Kong

Today seems to be the day in which the words and numbers that international organizations and national governments used to describe the COVID-19 pandemic increasingly diverged from facts. To begin there was an overall context in which the virus rapidly spread in the Middle East, while cases dramatically climbed in Korea (833). In the Middle East, there were new cases in Afghanistan, Bahrain, Egypt, Iraq, Israel, Lebanon, and the United Arab Emirates. Most of these cases were tied to Iranian travelers.  In Italy the number of cases rose sharply. Venice ended the remaining days of Carnival. Italians in northern Italy rushed to stores, some of which were cleaned out and left with empty shelves. In the United States, ongoing problems with testing for SARs-CoV-2 has meant that health authorities have been unable to test at scale, as in Korea, Singapore and Canada. Finally, in China the rate of increase has slowed, but the nation still has over 77,000 cases. But neither the rising number of cases nor other problems caused corresponding expressions of concern by WHO or the Iranian government.

First, Dr. Tedros at the World Health Organization (WHO) said at a press conference that the WHO would not call COVID-19 a pandemic. Indeed, the WHO has stated that it no longer uses “pandemic” as a category. At the current time, there is ongoing transmission of a novel virus in multiple world regions, with a case fatality rate of perhaps two percent. If this is not a pandemic, what would be? The goal of deleting the term pandemic seemed to be more to avoid causing fear than to accurately describe reality. If the WHO does not play the role of declaring a pandemic, then who does? The risk of this is that the public in different nations may begin to lose confidence in the WHO. The pandemic exists even if the category does not.  …

Flu, Protest and Iran

While many factors are driving the current protests in Iran, Michael Coston has pointed out that a significant outbreak of avian influenza in that country has driven up the cost of poultry and eggs, which has likely contributed to peoples’ food insecurity. His blog post is an interesting attempt to tie influenza to economic factors, which in turn may be connected to politics.

Shawn Smallman, 2018

Security, fear and Stuxnet

Roman Poroshyn’s brief book (156 pages) provides an excellent overview of Stuxnet within the larger context of cyber-warfare and espionage in the Middle East. Unlike another book on the same topic, Kim Zetter’s Countdown to Zero, it is not based on extensive interviews, nor does it focus in as great a depth upon the process through which the virus was investigated by global cyber security firms. Instead, with Stuxnet: the true story of Hunt and Evolution, Poroshyn tries to place Stuxnet into a broader context of espionage and cyber-warfare directed against not only Iran, but also other institutions in the Middle East, such as the Lebanese banking system. The book is an engaging read (despite the awkward wording of its subtitle), and Poroshyn shares a number of intriguing insights, of which the most interesting was that Stuxnet’s creators ultimately may have allowed it to be revealed to the world as an act of psychological warfare (33-35, 154-155). One of Poroshyn’s other arguments is that Stuxnet is only one chapter in a much longer struggle, which is convincing given his detailed analysis of successive software tools (Flame, Gauss, Narilam, and perhaps Stars) that Israel and the United States likely used against Iran and other regional actors.

One of the book’s strengths is its ability to convey the intelligence of the software design behind this particular cyberweapon. For example, Stuxnet entered into the Iranian nuclear enrichment network through USB sticks, because the network was air-gapped (lacked an internet connection) to the outside world. The level of deceit entailed is chilling: “After the third infection the original Stuxnet worm commits suicide. It deletes itself from the USB stick without leaving a trace” (18). Perhaps most impressive was the fact that it used the very tools for securing machines to infect them: “The perfect match for all of Stuxnet’s requirements is a computer scan process, generated by antivirus software. Stuxnet injects its clone into a variety of processes generated by anti-virus programs from BitDefender, Kaspersky, McAfee, Symantec, and many others” (19). The program was so effective that it briefly shut down the entire Iranian enrichment program (22). Of course, the Iranians ultimately were able to return to significant production. What is impressive, however, was that it achieved this goals which would have been difficult to achieve even with a conventional airstrike against such a hardened site as the Iranian enrichment facility. It also had dangerous implications: “Russia, which is involved in the reconstruction of the Iranian nuclear reactor in Busher, immediately accused Stuxnet of problems associated with the reactor’s reconstruction, and blamed Stuxnet for all delays” (37). There seems to be little evidence for this allegation, but once the attack is made, other actors may also view themselves as being threatened (or that the attack represents a convenient excuse).

There is reason to believe, as Poroshyn suggests, that there are other versions of this particular weapon in existence, only biding their time to be unleashed (53). This book is currently in its third edition. It will be interesting to learn what has happened when the fourth edition is released.

If you are interested in cyber-warfare you might want to read my review of the novel Ghost Fleet.

Shawn Smallman, 2016

Security and a strange cyberattack

The Natanz nuclear facility in Iran. This photo was taken by Hamed Saber, and was posted to http://www.flickr.com/photos/hamed/237790717, and downloaded from Wikipedia Commons
The Natanz nuclear facility in Iran. This photo was taken by Hamed Saber, and was posted to http://www.flickr.com/photos/hamed/237790717. I downloaded the image from Wikipedia Commons

In Countdown to Zero Kim Zetter describes a 2010 cyberattack on the Iranian nuclear program. In a brilliant piece of computer engineering, the control units for centrifuges that enriched uranium were forced to slow and fail. The attack was so carefully planned that even after it began the Iranians were initially unable to diagnose the problem. The book itself is well written and carefully researched. Zetter did extensive interviews in the cybersecurity community, to understand how people identified and studied this particular worm. This work is detailed in extensive footnotes, which will lead a curious reader down interesting paths. Zetter carefully describes the technical issues involved in the attack, without letting this detail impede the storyline. Overall, this is a masterful work of narrative non-fiction, which engages the reader in a highly complex topic. …

Privacy & Cookies: This site uses cookies. See our Privacy Policy for details. By continuing to use this website, you agree to their use. If you do not consent, click here to opt out of Google Analytics.