Sunday, September 26, 2010

Siemens Cyber Infection and Revenge

A year ago, Iran's sans culottes saw their Prague Spring dissolve under the clouds of authoritarian might as sanctioned enforcers bulldozed disaffected voters into political silence. For a brief moment, technology seemed to offer a secret weapon to counter state silencers. Twitter enabled angry commoners to assemble en masse before government crowd busters could deploy storm troopers to stop them. Eventually, though, the protests faded. Protest leaders died, disappeared, or were hunted down for imprisonment, beatings, or worse.

Somewhere, as this story unfolded, the Wall Street Journal and other news organs reported that Siemens had supplied Iran with the means of tracking and monitoring telecommunications, like those annoying text and Twitter messages so important for protesting citizens involved in organizing marches and demonstrations.

Isn't it interesting that this year now finds the Iranian government frustrated by the Stuxnet worm targeting another Siemens product? The product, in this case, is Siemens' supervisory control and data acquisition (SCADA) system for Iran's nuclear power facility. While this cyber malware is sophisticated to the point of speculation of state sponsorship, could there be another facet to this attack? Could it be that some disaffected citizen who lost a loved one in last year's protest crackdowns had the sophistication and motivation to strike back not only at the Iranian government but also at a contractor who provided that government with tools to undermine popular resistance? Is there an element of revenge in play, one wonders?

-- Nick Catrantzos