top | item 26772011

(no title)

> Compared to 90% of the other nation-states out there Iran is a _very_ competent cyber-actor.

> Given your exposure in this geography can you name any of it's neighbors

Saudi Arabia targetted at least Bezos' phone

discuss

tptacek|4 years ago

This is all pretty silly, isn't it? For the dollar figures involved in pulling off a highly-sophisticated attack (one that chains multiple zero days, including some in obscure products that imply the commissioning of vulnerabilities and not just their purchase off the black-market shelf as well as some in mainstream products with a real bidding interest), you're still talking about amounts of money so low that Cape Verde could be a _very_ competent cyber-actor if they wanted.

lovedswain|4 years ago

Seems we're both triggered by this emphasis on "_very_", or even use of that word at all. Obviously Iran has a variety of technical capabilities, such as evidenced by their national firewall and internal infrastructure, but are there any documented offensive campaigns successfully mounted against a foreign target?

The only attacks I know of are low brow phishing, DoS and web site defacements.

drexlspivey|4 years ago

Saudi Arabia bought the iphone exploit to hack Bezos from an Israeli company.

Fun fact, the text message with the malicious link was sent to Bezos by MBS himself

ajcp|4 years ago

> Again what is this based on

~170 nations that don't have the capability. Just because a 14-year old in Thailand can mount an attack doesn't mean Thailand's government or civil institutions have or utilize that capability. That makes them less than _very_ competent at it.

> Saudi Arabia targetted at least Bezos' phone

And a coup that was, likely using off-the-shelf software from an Italian company composed of engineers from two _extremely_ competent nation-states. That certainly shows how easy it is to acquire the capability, if not the competency. The KSA has been doing it for years with it's armed forces munitions and equipment.