Iranian Cyber Army To Sell Botnets

The group behind attacks on Twitter and Baidu is now offering to sell access to its botnets.

This group of malicious hackers achieved notoriety in December last year when it hacked Twitter’s DNS (Domain Name System) records and successfully managed to redirect roughly 80 percent of the site’s traffic to another website. Twitter users were redirected to a page that read: “Iranian Cyber Army … This Website Has Been Hacked by Iranian Cyber Army.”

The group has also previously attacked the Chinese search engine Baidu.

Botnets For Rent

Research by Seculert has found that the group could also be running a botnet. Seculert apparently found a page where people can rent the botnet – simply by detailing what they’d like to attack.

Seculert pointed out that in September the website of TechCrunch Europe was hacked after attackers installed a page that redirected the blog’s readers to a crime server, that then executed a script and installed malware.

“While investigating this incident, Seculert Research Lab found what seems to be a connection between the attack against TechCrunch Europe, as well as many other similar worldwide attacks, and the ‘Iranian Cyber Army’ group,” said Seculert in a blog posting. “The crime server involved in these attacks didn’t use a script to exploit only one vulnerability; it was actually using a collection of exploits – aka an exploit kit.”

“There are numerous different exploit kits being sold in underground forums among cyber criminals,” Seculert warned. “Competition in this crowded and lucrative market is driving authors to create exploit kits with sleek and sexy user interfaces, so the product will be more attractive to potential customers.”

Expert Warnings

The news that botnets are being offered for rent has provoked warnings from experts about the increasing sophistication of cyber attacks.

“The Iranian Cyber Army’s decision to sell its botnets is evidence of a more co-ordinated effort than ever before by the hacking community to execute targeted attacks,” said Alan Bentley, VP International at Lumension. “Whilst this is certainly not the first case of malicious code being sold online, with the rise of highly complex attacks like Stuxnet and Zeus the online hacker shops of old seem like child’s play when compared to this new wave of collaborative cyber warfare.”

“Cyber criminals are no longer just intent on stealing personal details for a quick cash hit or on sending inconvenient spam emails. They have much bigger prizes in mind, and are creating mechanisms dedicated at corporate espionage and attacking against real-world infrastructures, such as power stations. These attacks are more targeted, more sophisticated, and more potent,” he added.

Bentley said the Government’s National Security Strategy, which will see upwards of £500 million invested to bolster cyber security efforts, is a ‘step in the right direction’, but he warned that people’s mindsets have to change from focusing on “only preventing the known bad, to preventing anything entering the network unless it is known to be good.”

“Only by applying this level of intelligence, can we be confident that our windows are locked tight and our valuable assets safe,” he said.

“Cybercrime is a business and botnets are the heart of cyber crime infrastructure. The selling of the botnet by the Iranian Cyber Army doesn’t come as any surprise – cyber criminals, just like any other criminals need to find new ways to make money,” said Paul Spencer, general manager at security firm, AEP Networks. “But it’s no longer just about making a quick buck. The potential for the botnet to be used in a targeted attack against critical infrastructure is very real.”

“With the goal of the Iranian Cyber Army to ‘conquer virtual space,’ the move away from defacement attacks against Twitter and Baidu towards malicious botnets sees it aiming to fulfil its powerful objective,” Spencer added. “Whilst it is far easier to identify a vulnerability than to make certain that data is safe from all such vulnerabilities, when it comes to protecting the integrity of critical infrastructure, ensuring the highest levels of security is absolutely paramount.”

Ongoing Cyber Assaults

Earlier this month the boss of GCHQ (the UK agency responsible for gathering intelligence, eavesdropping and breaking codes) warned that the UK is facing ‘real and credible’ threats from cyber attacks on its critical infrastructure. GCHQ director Ian Lobban said that government systems are targeted 1,000 times each month.

He said that such attacks threatened Britain’s economic future and added some countries were already using cyber assaults to put pressure on other nations.

“Cyberspace is contested every day, every hour, every minute, every second,” he said. The Internet lowered “the bar for entry to the espionage game,” he was quoted as saying by Reuters.

In the UK, events like the Cyber Security Challenge, have been created to help create the necessary skills to fight cyber attacks. So far, this challenge has seen almost 4,000 people registering to take part.