Iranian state-sponsored cyberwarfare is indistinguishable from script kiddies

[Peter Gutmann]

Pretty much every news report I've seen so far that mentions any kind of
Iranian connection is claiming that it's Iranian state-sponsored hacking.  If
what's happened with the certs so far (someone grabbed a few sample certs for
high-profile domains, and there was a report of one of them briefly appearing
on a test server in Iran) is an indication of their competence then we really
have nothing to fear from them.

Let's look at what would have happened if *I'd* figured out a way to 
compromise a CA.  First, I'd get a few test certs issued for high-profile 
domains, Microsoft, Google, Yahoo, and perhaps a CA cert just for giggles.  
Then I'd set up a server somewhere and install one of the sample certs to see 
whether any web browser noticed a problem.

Gosh, this sounds awfully like what actually happened.  New Zealand must have
a state-sponsored cyberwar program!  The only difference in my case is that
after a day or so of inviting security people to have a giggle at the test
server with my "genuine" cert, I'd notify the CA about the problem.  If I was
an Iranian script kiddie I probably wouldn't have much motivation to do that.

So what we have here is either (a) the world's most incompetent state-
sponsored cyberwar program, who get the keys to the kingdom and then have no
idea what to do with them, or (b) a bunch of script kiddies having fun.
What do you reckon the odds are?

(And in all this I haven't seen any mention of the Al Kai-yee-da angle.  What 
happened, is everyone asleep?).

Peter.