Iran’s cyberattack claims difficult to judge, experts say

Iran’s claim that its domestic Internet system suffered a slowdown from a heavy cyberattack is possible, but knowing for sure would require a lot more details, experts say.

Mehdi Akhaven Behabadi, secretary of Iran’s High Council of Cyberspace, told the state news agency Wednesday that Internet access across the country was disrupted in attack traffic of several gigabytes, Reuters reported.

Iran’s government moved the country last month onto a domestic Internet, claiming a need for better cybersecurity.

“Presently we have constant cyberattacks in the country,” Behabadi said. “Yesterday an attack with a traffic of several gigabytes hit the Internet infrastructure, which caused an unwanted slowness in the country’s Internet.”

Whether the attack was real is hard to determine. Darren Anstee, lead solutions architect for cyberattack mitigation company Arbor Networks, said Thursday he had not seen much change in traffic to Iran over the last week. However, he acknowledged the company’s view was limited. “It would depend on where the attack was coming from as to whether we would see it,” he said in an email.

[See also: Malnets lead the cyberattack pack]

Behabadi’s comments were puzzling in that attacks are usually described in gigabits per second and not gigabytes, a much larger unit of measure.

“It really looks like it was taken out of context,” Neal Quinn, chief operating officer of Prolexic, said of Iran’s official’s quote. “It also looks like it has been translated from another language. Both of those things together make it really, really hard to draw any good conclusions about what was being said.”

In general, an infrastructure attack aimed at routers, firewalls or load-balancers could cause the kind of disruption described by Behabadi, Quinn said. However, Iran is not the only country that has built a domestic Internet in order to filter content from the public Web. China has the most extensive and has not reported nationwide problems from cyberattacks.

“Content filtering can be expensive in terms of [network] resources, and it’s certainly a point that can be exploited in terms of load,” Quinn said. “But I’m not familiar with any of these sources being overwhelmed in an attack in the past.”

Michael Smith, a security evangelist for Akamai, said small countries that do Internet filtering are more prone for outages, particularly if they have limited Internet capacity. “They have an additional fail point in the servers they are using to do content filtering,” he said in an email.

Behabadi said attacks against the nation’s Internet infrastructure are organized and targeted at the country’s nuclear, oil and information networks. Western nations have accused Iran for sometime of pursuing a nuclear program bent on building an atomic bomb. Iran claims its uranium enrichment facilities are for creating fuel for power plants.

In 2010, the facilities were struck by the Stuxnet computer malware that experts believed damaged centrifuges used to enrich uranium. The New York Times reported that the U.S. and Israel were behind the attack. Israel has warned Iran of a military strike if it does not halt its nuclear program.

While Iran claims its domestic Internet is to protect against cyberattacks, critics within the country claim it’s to prevent the use of social media to organize anti-government protests. In 2009, Facebook and YouTube were used to organize demonstrations against the re-election of President Mahmoud Ahamdinejad.