While the US and Iran pursue a nuclear arms deal, their cyberwar continues

The World
US Secretary of State John Kerry shakes hands with Iranian Foreign Minister Mohammad Javad Zarif before a meeting in Geneva on January 14, 2015.

While there's optimism that a nuclear deal with Iran is within reach, the battle between Tehran and Washington in cyberspace is only heating up.

That's according to a National Security Agency document from 2013 that was recently published by The Intercept.

"What the document has shown really, is that they are making contingency plans," says University of Surrey Professor Alan Woodward, a cybersecurity analyst and advisor to Europol, the international police agency. "What happens if the talks don't work? What else could we do?"

Woodward says many cyberweapons are attractive to use because they have an element of plausible deniability. "We still don't really know who launched Stuxnet," he points out. "Everyone assumes it was some or all of the United States, Israel and Great Britain — but actually no one really knows."

But, naturally, there are some down sides. If countries don't know the origins of the attacks, that allows other countries to stir the pot with what Woodward calls "false flag operations." For instance, if Country A wants Country B and C to go at it, it might launch an attack against Country B that looks like it came from Country C.

Woodward says such activities are commonplace in cyberwar and espionage activities conducted online. "It's horribly easy to do," he says. "Launch it from a site that seems to be well-known as being used by a country. All of a sudden you get circumstantial evidence, even though it's not a smoking gun, that starts to build up. And then you have confirmation bias. If you are already slightly against another country and there's some circumstantial evidence that starts to look like it was them then you are going to start believing that it was them."

The problem of tracing attacks is only one of many inherent to cyberweapons. For instance, any virus can be reverse-engineered by its target and used in turn against the attacker. "It's like biological warfare," Woodward says. "If you can capture the germ, you can grow it yourself and throw it back. Indeed, we saw it with Stuxnet. You can go on YouTube now and find videos on how to reengineer Stuxnet and send it back against some enemy."

And that capability is well within the reach of the US's potential enemies, Woodward warns. "You only need to put 30 clever guys in the room and give them laptops."

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.