Network Security, Threat Management

Stoking cyber fears is a useful tool in Iran war cheerleading

The cozy relationship between national security reporting and the United States government was back on full display Wednesday with a story from the New York Times, headlined "Bank hacking was the work of Iranians, officials say."

The article, citing unnamed government sources, claims that a recent spike in distributed denial-of-service attacks against top U.S. banks, in which access to their websites occasionally has been disrupted dating back to the fall, is the work of the Iranian government.

But the article seems nothing more than the craftsmanship of the Pentagon's massive public relations apparatus, as well as the trust it has that reporters who are granted special access for "scoops"  will happily return the favor by dutifully printing the story, even if it turns out that the story is propaganda manufactured for fear.

Because it could be. We have no way of knowing. Six paragraphs in, the writers, Nicole Perlroth and Quentin Hardy, finally dish out that sort-of important fact:

American officials have not offered any technical evidence to back up their claims, but computer security experts say the recent attacks showed a level of sophistication far beyond that of amateur hackers. Also, the hackers chose to pursue disruption, not money: another earmark of state-sponsored attacks, the experts said.

The writers here admit they were shown no proof that what the officials were telling them was true, yet they accept it as fact. Tape, transcribe, send to editor. Quoting an anonymous U.S. official who fails to provide even the slightest bit of technical proof about what he or is she is claiming is dangerous. It's not journalism, it's PR, and it runs counter to the job of a journalist, which is to hold the powerful accountable for their actions.

Imagine if the presenters at the Black Hat conference each took the stage, only to close out PowerPoint and ask everyone in the audience to simply trust that they have found a gaping vulnerability in DNS.

And when talking about Iran, it's even more important that we demand accountability, considering these types of allegations can encourage a nation to support a war in which it shouldn't engage. But, it appears no lessons have been learned from 10 years ago when the media joined President Bush and most lawmakers in lock step to pronounce that Iraq had to be invaded because it housed weapons of mass destruction. And we all know how that turned out.

The NYT story also only briefly touches on why Iran, if it is actually behind the attacks, may be inclined to do so. The 17th paragraph is when the reader is finally introduced to Stuxnet, arguably the most sophisticated piece of malware ever built. It is now widely believed that Stuxnet, designed to destroy Iran's nuclear centrifuges, was the work of the United States and Israel, which in the process potentially set a dangerous precedent.

That was most definitely a hack. Temporarily disrupting access to bank websites – while no doubt a crime under U.S. law, a significant financial imposition for the victim institutions and a great inconvenience for customers – is not.

So I'd probably have changed the headline of this story, as well. Hope it got a lot of page views, though.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.