Charles Jeter who interviewed me in the SC Magazine story 'win2008-servers-pwned-by-the-jarhead-clan' broke a major story late yesterday about San Diego based anti-virus vendor ESET apparently assisting the county of IRAN.  IRAN is currently covered by U.S. sanctions so this would be a major violation if the reports are true.  You can read more about it here.

The Times reported that Charles Jeter, cybercrime expert and former ESET employee at ESET’s San Diego office, presented executives of the company with evidence, in December of last year, that their software was being downloaded and installed on large numbers of computers in Iran. Iran, an Islamic republic, is being targeted by the international community for its failure to abandon its nuclear development program which represents a threat to regional and global security.

The primary issue with downloading security software revolves around concerns that Iran continues to expand its nuclear program in defiance of worldwide sanctions. Computer-based operations are central to the manufacturing process within any nuclear program. United Nations sanctions as well as U.S. law prohibit providing the Islamic republic with this technology. Currently, Iran’s exposure to technology - “viruses” - threatens progress toward the development of their nuclear facilities.

In April of this year, a senior Iranian official admitted that the Stuxnetmalware, designed to infiltrate and sabotage the control systems of industrial sites such as power plants, infected tens of thousands of computers and servers within Iran’s nuclear weapons complex, inflicting serious damage to the program. Some of the computers affected by the virus controlled operations at uranium-enrichment centrifuge farms. Others were controlling operations at the Bushehr nuclear reactor where Iran will be producing plutonium for potential use in nuclear weapons.

“It was being downloaded at a tremendous rate,” Jeter told The Times. “Traffic to ESET’s website (from Iranian web addresses) was five times the level it was to any of our competitors,” Jeter said, citing an analysis of internet traffic he had conducted for the company. The ESET website itself provides updates for its anti-virus products. Jeter told The Times that the updates being downloaded from Iranian IP addresses were specifically those that would help maintain the effectiveness of ESET’s software against the Stuxnet virus.

“The evidence pointed to a much bigger problem: That this activity was part of Tehran’s cyber-defense program,” Jeter told The Times. He also told The Times that the timing of the updates and the logarithmic increase in their number indicated that the ESET software was going to be used to prevent further attacks on the computers used to control Iran’s key nuclear facilities. He said, “Third party sources showed that we (ESET) received more traffic from Tehran than we did from New York and Los Angeles combined.” ESETexecutives could have chosen to block all downloads from IP addresses in Iran, which Jeter described as a relatively straightforward procedure. They chose not to. In January of 2011, Jeter conducted a follow-up investigation and determined that ESET executives had still not chosen to take steps to stop the flow of this technology.

CASTCorp International – Press Release

August 25, 2011

According to Jeter, his suspicions and findings were never acted upon by the company. Instead, he found himself terminated by ESET, leaving him to speculate that he was the victim of whistleblower retaliation.

In mid-2010, prior to his separation from ESET, Jeter accepted an advisory position as with CASTCorp International, a San Diego based security and investigations consulting group (www.castcorpint.com). He currently holds the position of Chairman of CASTCorp International’s Cyber Security Advisory Board. He can be reached for comment at charles.jeter@castcorpinternational.com.