Gartner Blog Network

For Those in Glass Houses

by Dan Blum  |  August 1, 2012  |  Submit a Comment

Picture yourself in a large control room watching some computer monitors with centrifuge displays when suddenly loud AC/DC music blares through the room. “Thunderstruck.” You have to watch the video or listen to a cover of the song on Spotify to imagine what it may have been like there in Iran –

“Seriously,” you may ask, “What are the security questions? “

What happened? There’s been reports of another cyberattack on the Natanz nuclear site by parties unknown. The story is still young and could even turn out to be misinformation, but F-Secure has received email reports that malware from Metasploit was used to deliver the raucous AC/DC payload.

Who was responsible? After the Flame and Stuxnet virus revelations, it’s natural that some would point the finger at the U.S. and its allies. But the AC/DC virus hardly sounds like a typical sophisticated and stealthy nation state attack. Has cyberwar – not to put too fine a point on the definition – taken a turn for the bizarre? Has some U.S. defense or intelligence agency developed a sense of humor? Is it a form of psychological warfare? Who knows. The attack could equally have come from a hacktivist group or individual prankster. It’s very important to attribute threats as much as possible but it takes time.

What does it mean? Maybe the reports F-Secure received will turn out to be false and we’ll have been all thunderstruck by a bad song for nothing. But the implications of nation state cyberattacks are so big they’ve brought me out of my cave to write about it anyway.

If the U.S. was behind yet another cyberattack, I think we have to ask what kind of future we’re creating. President Obama himself, according to the New York Times, has repeatedly told his aides that there are risks to cyberattacks on nation states. No kidding! In fact, it may be that no country’s physical, financial and energy infrastructures are more dependent on computer systems, and thus more at risk of cyberattacks, than those of the United States.

As I wrote in Proposing an International Cyberweapons Control Protocol it may be only a matter of time before we’re attacked and the arms race goes into overdrive. Cyberwar is destabilizing, as Bruce Schneir wrote. Shouldn’t the world’s nations attempt to deter military cyberweapons much as they’ve banned chemical weapons and struggled against nuclear weapons proliferation? The actual Chinese-Russian proposals to UN for cyberweapons control are seen by some as yet another state censorship initiative or an attempt to stop the U.S. from developing an area of military advantage. But we have to keep talking.

Recommended Reading and Sources


Dan Blum
Research VP
19 years at Gartner
33 years IT industry

Dan Blum, a VP and distinguished analyst, covers security architecture, cloud-computing security, endpoint security, cybercrime/threat landscape, and other security technologies. Mr. Blum has written hundreds of research… Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.