Information Warfare: The Mahdi Mystery

News Categories

Books of Interest

Kabul: The Untold Story of Biden’s Fiasco and the American Warriors Who Fought to the End

Four Battlegrounds: Power in the Age of Artificial Intelligence

Spies, Lies, and Algorithms: The History and Future of American Intelligence

Chip War: The Fight for the World's Most Critical Technology

From Amazon
As an Amazon Associate I earn from qualifying purchases

Next:INTELLIGENCE: Stopping The Future From Crashing

Information Warfare: The Mahdi Mystery

Archives

Latest
Most Read

RUSSIA: The Survival Plan

PROCUREMENT: Turkey Developing a Stealth Fighter

BOOK REVIEW: Fighting in the Dark: Naval Combat at Night: 1904-1944

ATTRITION: Russian Military Recruiting Methods

FORCES: Global Air Superiority

SUPPORT: Ukraine Deals with the Aftermath

BOOK REVIEW: To the Last Extremity: The Battles for Charleston, 1776-1782

Forces: Global Air Superiority

Attrition: Russian Military Recruiting Methods

Support: Ukraine Deals with the Aftermath

Information Warfare: Death by OPSEC

Leadership: And Then There Was One

WARS Libya: An Epic Flood of Water and Oil Income

Surface Forces: LCS Program Terminated

Murphy's Law: Cheap Ukrainian Improvisations Rule the Battlefield

Air Defense: Japanese ASEVs

WARS Mali: The North Is Lost

WARS India-Pakistan: Broke and Broken on the Borders

Space: Reusability and Speed-of-Launch

Information Warfare: North Korean Cyber War Efforts

Warplanes: Israel Introduces a New UAV

Warplanes: Nimble Versus Surprise

Attrition: Russian Goals and Costs in Ukraine

August 2, 2012: Since mid-June someone has been conducting Internet based attacks against specific civilian, military, and government officials in Iran and other Middle Eastern countries. This attack delivers a secret software program that monitors PCs it gets into, passing back keyboard activity, video and audio recordings (activity around the infected PC), and documents. This bit of "malware" is being called Mahdi and examination of it seems to indicate that it comes from Iran. This is interesting, as about half the computers infected are in Iran but seven percent are in Israel and just about every nation in the region has a few infected computers (according to computer security firms). So far, less than a thousand PCs appear to have been infected.

This kind of attack is usually carried out in the form of official looking email, with a file attached, sent to specific individuals at business, academic, military, or government organizations. It is usually an email they weren't expecting. This is known in the trade as "spear fishing" (or "spear phishing"), which is a Cyber War technique that sends official looking email to specific individuals with an attachment which, if opened, secretly installs a program that sends data from the email recipient's PC to the spear fisher's computer. In the last few years an increasing number of military, corporate, and government personnel have received these official-looking emails with a PDF document attached and asking for prompt attention. Mahdi used a number of different deceptive file types to deliver its malware.

By early July it was believed that Mahdi was dead, especially for those with anti-virus software, since the security firms know what Mahdi looks like and its control servers in Iran had been shut down. But by late July another version of Mahdi was detected, with several improvements.

Examination of the viruses and related bits of computer code indicate that most of this stuff was created by Farsi (Iranian) speaking programmers and all movement of command and stolen data led back to servers in Iran. This, however, could have been part of a deception to hide the real source of Mahdi, as the main target appears to have been Iran.

Make A Comment View Comments (2)

ATTRITION: The Fat Barrier

Article Archive

Information Warfare: Current 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..

Subscribe Contribute Close

News Categories

Ground Combat

Air Combat

Naval Operations

Special Operations

Human Factors

Special Weapons

Warfare by Numbers

Logistics

Tools

Information Warfare: The Mahdi Mystery

Leave a Comment:

ATTRITION: The Fat Barrier

INTELLIGENCE: Stopping The Future From Crashing

Article Archive