The Wall Street Journal reports: Iran’s powerful Revolutionary Guard military force hacked email and social-media accounts of Obama administration officials in recent weeks in attacks believed to be tied to the arrest in Tehran of an Iranian-American businessman, U.S. officials said.
The Islamic Revolutionary Guard Corps, or IRGC, has routinely conducted cyberwarfare against American government agencies for years. But the U.S. officials said there has been a surge in such attacks coinciding with the arrest last month of Siamak Namazi, an energy industry executive and business consultant who has pushed for stronger U.S.-Iranian economic and diplomatic ties.
Obama administration personnel are among a larger group of people who have had their computer systems hacked in recent weeks, including journalists and academics, the officials said. Those attacked in the administration included officials working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs.
“U.S. officials were among many who were targeted by recent cyberattacks,” said an administration official, adding that the U.S. is still investigating possible links to the Namazi case. “U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others.”
Friends and business associates of Mr. Namazi said the intelligence arm of the IRGC confiscated his computer after ransacking his family’s home in Tehran. [Continue reading…]
Category Archives: cyberattacks
Unheeded cybersecurity threat leaves nuclear power stations open to attack
By Nasser Abouzakhar, University of Hertfordshire
There has been a rising number of security breaches at nuclear power plants over the past few years, according to a new Chatham House report which highlights how important systems at plants were not properly secured or isolated from the internet.
As critical infrastructure and facilities such as power plants become increasingly complex they are, directly or indirectly, linked to the internet. This opens up a channel through which malicious hackers can launch attacks – potentially with extremely serious consequences. For example, a poorly secured steel mill in Germany was seriously damaged after being hacked, causing substantial harm to blast furnaces after the computer controls failed to shut them down. The notorious malware, the Stuxnet worm, was specifically developed to target nuclear facilities.
The report also found that power plants rarely employ an “air gap” (where critical systems are entirely disconnected from networks) as the commercial and practical benefits of using the internet too often trump security.
In one case in 2003, an engineer at the Davis-Besse plant in Ohio used a virtual private network connection to access the plant from his home. While the connection was encrypted, his home computer was infected with the Slammer worm which infected the nuclear plant’s computers, causing a key safety control system to fail. A more serious incident in 2006 at the Browns Ferry plant in Alabama nearly led to a meltdown.
Cyber attack: How easy is it to take out a smart city?
New Scientist reports: When is a smart city not so smart? With cities worldwide racing to adopt technologies that automate services such as traffic control and street lighting, many aren’t doing enough to protect against cyberattacks.
That’s according to security researchers who have hacked into countless pieces of city infrastructure, from ATMs to power grids, looking for weaknesses.
One such researcher is Cesar Cerrudo of security consultancy IOActive Labs, based in Seattle. Inspired by how hackers switched traffic lights at will in Die Hard 4.0, Cerrudo decided to see if he could do the same to a smart traffic control system in use around the world. He found that the devices didn’t use any encryption or authentication, and he could feed fake data to their sensors from a drone flying overhead.
Cerrudo was so alarmed by his discovery that he joined with others to set up the Securing Smart Cities initiative, which plans to bring together governments, security firms and technology companies. [Continue reading…]
Hackers remotely hijack a Jeep on the highway — with me in it
Andy Greenberg writes: I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting, chilling the sweat on my back through the in-seat climate control system. Next the radio switched to the local hip hop station and began blaring Skee-lo at full volume. I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.
As I tried to cope with all this, a picture of the two hackers performing these stunts appeared on the car’s digital display: Charlie Miller and Chris Valasek, wearing their trademark track suits. A nice touch, I thought.
The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
To better simulate the experience of driving a vehicle while it’s being hijacked by an invisible, virtual force, Miller and Valasek refused to tell me ahead of time what kinds of attacks they planned to launch from Miller’s laptop in his house 10 miles west. Instead, they merely assured me that they wouldn’t do anything life-threatening. [Continue reading…]
Cyber attack on U.S. power grid could cost economy $1 trillion: report
Reuters reports: A cyber attack which shuts down parts of the United States’ power grid could cost as much as $1 trillion to the U.S. economy, according to a report published on Wednesday.
Company executives are worried about security breaches, but recent surveys suggest they are not convinced about the value or effectiveness of cyber insurance.
The report from the University of Cambridge Centre for Risk Studies and the Lloyd’s of London insurance market outlines a scenario of an electricity blackout that leaves 93 million people in New York City and Washington DC without power.
The scenario, developed by Cambridge, is technologically possible and is assessed to be within the once-in-200-year probability for which insurers should be prepared, the report said. [Continue reading…]
Constructing a cyber superpower
DefenseNews reports: The site of an Army golf course named for US President Dwight Eisenhower, one long drive from the National Security Agency, is an active construction site, the future of US military cyber.
Where there were once bunkers, greens and tees is a large gray building due to become an NSA-run 600,000-square-foot, state-of-the-art server farm, a skeletal structure that will one day house US Cyber Command’s joint operations center, with plots reserved for individual Marine Corps and Navy cyber facilities.
The plans reflect the growth in ambition, manpower and resources for the five-year-old US Cyber Command. One measure of this rapid expansion is the command’s budget — $120 million at its inception in 2010 rising to $509 million for 2015.
Another measure is the $1.8 billion in construction at Fort Meade, much of it related to Cyber Command. Though Cyber Command’s service components and tactical teams are spread across the country, the headquarters for Cyber Command, the NSA and Defense Information Systems Agency make Fort Meade a growing hub for military cyber.
Earlier this year, Defense Secretary Ash Carter announced a new cyber strategy that acknowledges in the strongest terms that the Pentagon may wage offensive cyber warfare. The strategy emphasizes deterrence and sets up a reliance on the commercial technology sector, hinging on a push to strengthen ties between Silicon Valley and the Pentagon. [Continue reading…]
Inside the hack of the century
Peter Elkind writes: On Monday, Nov. 3, 2014, a four-man team from Norse Corp., a small “threat-intelligence” firm based in Silicon Valley, arrived early for an 11:30 a.m. meeting on the studio lot of Sony Pictures Entertainment, in the Los Angeles suburb of Culver City. They were scheduled to see Sony’s top cybersecurity managers to pitch Norse’s services in defending the studio against hackers, who had been plaguing Sony for years.
After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network.
The visitors found their way to a small sitting area outside the office of Jason Spaltro, Sony’s senior vice president for information security, settled in, and waited. Alone. For about 15 minutes.
“I got a little shocked,” says Tommy Stiansen, Norse’s co-founder and chief technology officer. “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department.” Adds Mickey Shapiro, a veteran entertainment attorney who helped set up the meeting and was present that day: “If we were bad guys, we could have done something horrible.”
Finally Spaltro, who’s worked at Sony since 1998, showed up and led them to a nearby conference room, where another studio information security executive was waiting. The meeting began, and as Stiansen described how Norse scopes out potential threats, Spaltro interrupted: “Boy, that could really help us with that North Korean film!” According to the four Norse representatives, Spaltro explained that he was worried about a Seth Rogen comedy called The Interview that the studio was preparing to release on Christmas Day. It featured a plot to assassinate Kim Jong-un, the country’s actual leader. Recalls Stiansen: “They said North Korea is threatening them.” (Sony denies any mention of a North Korean cyberthreat.)
After about an hour the Sony team declared the session “very productive,” according to the Norse team, and promised to be in touch. They departed, leaving the visitors to find their own way out.
Three weeks later — starting at about 7 a.m. Pacific time on Monday, Nov. 24 — a crushing cyberattack was launched on Sony Pictures. Employees logging on to its network were met with the sound of gunfire, scrolling threats, and the menacing image of a fiery skeleton looming over the tiny zombified heads of the studio’s top two executives.
Before Sony’s IT staff could pull the plug, the hackers’ malware had leaped from machine to machine throughout the lot and across continents, wiping out half of Sony’s global network. It erased everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. To make sure nothing could be recovered, the attackers had even added a little extra poison: a special deleting algorithm that overwrote the data seven different ways. When that was done, the code zapped each computer’s startup software, rendering the machines brain-dead.
From the moment the malware was launched — months after the hackers first broke in — it took just one hour to throw Sony Pictures back into the era of the Betamax. The studio was reduced to using fax machines, communicating through posted messages, and paying its 7,000 employees with paper checks.
That was only the beginning of Sony’s horror story. [Continue reading…]
When secret government talks are hacked it shows no one is secure in the connected age
By Carsten Maple, University of Warwick
Hotel rooms aren’t as private as they used to be. Recent reports suggest luxury hotels may have been targeted by national intelligence services trying to spy on negotiations over Iran’s nuclear programme.
The talks weren’t bugged in the traditional way of hiding microphones in the room. Instead, hackers infected hotel computers with a computer virus that its discoverers say may have been used to gather information from the hotels’ security cameras and phones.
The virus was discovered by cyber-security firm Kaspersky Labs when the company itself was infected by a sophisticated worm known as Duqu2. Kaspersky went about investigating which other systems around the world might have been attacked. Among the huge range of systems they checked, thousands of hotel systems were analysed. Most of these had not been subjected to an attack, but three luxury European hotels had also been hit by Duqu2.
Each was compromised before hosting key negotiations between Iran and world leaders regarding the country’s nuclear programme. Having previously been accused by the US of spying on the talks, Israel – which was not involved in the discussions – is now under suspicion of (and denies) deploying the virus.
France probes Russian lead in TV5Monde hacking
Reuters reports: Russian hackers linked to the Kremlin could be behind one of the biggest attacks to date on televised communications, which knocked French station TV5Monde off air in April, sources familiar with France’s inquiry said.
A French judicial source told Reuters that the investigators are “leaning towards the lead of Russian hackers,” confirming a report in French magazine L’Express.
Hackers claiming to be supporters of Islamic State caused the public station’s 11 channels to temporarily go off air and posted material on its social media feeds to protest against French military action in Iraq.
But the judicial source said the theory that Islamist militants were behind the cyber attack was no longer the main lead in the investigation.
U.S. cybersecurity company FireEye, which has been assisting French authorities in some cases, said on Wednesday that it believed the attack came from a Russian group it suspects works with the Russian executive branch. Relations between Paris and Moscow have suffered over the crisis in Ukraine, leading France to halt delivery of two helicopter carriers built for Russia. [Continue reading…]
Israel thought to be behind new malware found by Kaspersky
Der Spiegel reports: For the employees of the Russian firm Kaspersky Lab, tracking down computer viruses, worms and Trojans and rendering them harmless is all in a day’s work. But they recently discovered a particularly sophisticated cyber attack on several of the company’s own networks. The infection had gone undetected for months.
Company officials believe the attack began when a Kaspersky employee in one of the company’s offices in the Asia-Pacific region was sent a targeted, seemingly innocuous email with malware hidden in the attachment, which then became lodged in the firm’s systems and expanded from there. The malware was apparently only discovered during internal security tests “this spring.”
The attack on Kaspersky Lab shows “how quickly the arms race with cyber weapons is escalating,” states a 45-page report on the incident by the company, which was made available to SPIEGEL in advance of its release. The exact reason for the attack is “not yet clear” to Kaspersky analysts, but the intruders were apparently interested mainly in subjects like future technologies, secure operating systems and the latest Kaspersky studies on so-called “advanced persistent threats,” or APTs. The Kaspersky employees also classified the spy software used against the company as an APT.
Analysts at Kaspersky’s Moscow headquarters had already been familiar with important features of the malware that was being used against them. They believe it is a modernized and redeveloped version of the Duqu cyber weapon, which made international headlines in 2011. The cyber weapons system that has now been discovered has a modular structure and seems to build on the earlier Duqu platform.
In fact, says Vitaly Kamluk, Kaspersky’s principal security researcher and a key member of the team that analyzed the new virus, some of the software passages and methods are “very similar or almost identical” to Duqu. The company is now referring to the electronic intruder as “Duqu 2.0.” “We have concluded that it is the same attacker,” says Kamluk. [Continue reading…]
Big U.S. data breaches offer treasure trove for hackers
Reuters reports: A massive breach of U.S. federal computer networks disclosed this week is the latest in a flood of attacks by suspected Chinese hackers aimed at grabbing personal data, industrial secrets and weapons plans from government and private computers.
The Obama administration on Thursday disclosed the breach of computer systems at the Office of Personnel Management and said the records of up to 4 million current and former federal employees may have been compromised.
U.S. officials have said on condition of anonymity they believe the hackers are based in China, but Washington has not publicly blamed Beijing at a time when tensions are high over Chinese territorial claims in the South China Sea. [Continue reading…]
The ‘ISIS cyberwar’ hype machine is doing more harm than good
Lorenzo Franceschi-Bicchierai writes: Last week, hackers claiming to be affiliated with the extremist group known as the Islamic State released an Anonymous-style video making vague threats of “electronic war” against Europe and the US.
There is no proof or evidence that the video actually comes from the group, nor there is any evidence the group, also known as ISIS, has any ability to do anything damaging online other than taking over Twitter feeds or random media sites with their “cyberattacks.”
Yet, that didn’t stop a new round of breathless hype. On Sunday, The Hill wrote that ISIS was preparing for “cyberwar” and an “all-out cyber crusade.”
Looks like ISIS wannabes successfully hacked the media once again. [Continue reading…]
TV5 Monde take-down reveals key weakness of broadcasters in digital age
By Laurence Murphy, University of Salford
In what was one of the most severe outages of its kind, French national television broadcaster TV5 Monde was recently the target of a well-planned and staged cyberattack that took down its 11 television channels, website, and social media streams.
The hacker group responsible claimed to support the Islamic State, and proceeded to broadcast pro-IS material on the hijacked channels, while also exposing sensitive internal company information, and active military soldiers details.
It took TV5 three hours to regain control of its channels. The scale and completeness of the attack, and that it involved hijacking live television broadcast channels, has shocked the industry and prompted heated discussion on what steps might prevent or at least limit the likelihood of this reoccurring.
Cyberattacks alleged to be coming from Iran may be increasing — or diminishing
The New York Times reports: In the report, to be released Friday, Norse — which, like other cybersecurity firms, has an interest in portraying a world of cyberthreats but presumably little incentive in linking them to any particular country — traced thousands of attacks against American targets to hackers inside Iran.
The report, and a similar one from Cylance, another cybersecurity firm, make clear that Iranian hackers are moving from ostentatious cyberattacks in which they deface websites or simply knock them offline to much quieter reconnaissance. In some cases, they appear to be probing for critical infrastructure systems that could provide opportunities for more dangerous and destructive attacks.
But Norse and Cylance differ on the question of whether the Iranian attacks have accelerated in recent months, or whether Tehran may be pulling back during a critical point in the nuclear negotiations.
Norse, which says it maintains thousands of sensors across the Internet to collect intelligence on attackers’ methods, insists that Iranian hackers have shown no signs of letting up. Between January 2014 and last month, the Norse report said, its sensors picked up a 115 percent increase in attacks launched from Iranian Internet protocol, or I.P., addresses. Norse said that its sensors had detected more than 900 attacks, on average, every day in the first half of March.
Cylance came to a different conclusion, at least for Iran’s activities in the past few months, as negotiations have come to a head. Stuart McClure, the chief executive and founder of Cylance, which has been tracking Iranian hacking groups, said that there had been a notable drop in activity over the past few months, and that the groups were now largely quiet. [Continue reading…]
CISA security bill: An F for security but an A+ for spying
Andy Greenberg writes: When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance. On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence. [Continue reading…]
‘Ex-Israeli agents’ threatened cyber attack on S Africa
Al Jazeera reports: A group claiming to be former agents of Israel’s Mossad threatened to unleash a devastating cyber attack on South Africa unless its government cracked down on the growing campaign to boycott Israel, according to intelligence documents leaked to Al Jazeera’s Investigative Unit.
According to the reports, then-Finance Minister Pravin Gordhan received a note from “unknown sources” on June 28, 2012, threatening a cyber attack “against South Africa’s banking and financial sectors.” The hand-delivered letter gave the government just 30 days to achieve the “discontinuation of the Boycott Divestment and Sanctions (BDS) campaign and the removal and prosecution of some unidentified individuals linked to BDS”.
South Africa’s ruling African National Congress has historically aligned itself with the Palestinian national struggle, and the BDS campaign there involves some high profile anti-apartheid struggle figures such as Nelson Mandela’s close friend and fellow Robben Island prisoner Ahmed Kathrada. [Continue reading…]
Privacy experts question Obama’s strategy to tackle cyber threats
The Guardian reports: Cybersecurity and digital privacy experts are questioning the need for Barack Obama’s latest bureaucratic initiative, a new agency spurred by the massive Sony hack that critics fear will expand the government’s role into monitoring online data networks on security grounds.
White House security adviser Lisa Monaco planned to unveil on Tuesday the Cyber Threat Intelligence Integration Center, the name of which speaks to its position within a US intelligence community whose ongoing, surreptitious reach over the internet has attracted global skepticism.
The remit of the new center, subordinate to the office of the director of national intelligence and modelled on the National Counterterrorism Center, is said to be the combination of the various intelligence, security and law enforcement agencies’ understanding and analysis of new or emerging malicious cyber-attacks.
Over the past five years, the administration has stood up new entities, such as the National Security Agency’s military twin US Cyber Command, or expanded the remit of others, like the Department of Homeland Security, to safeguard government – and increasingly civilian – networks.
“Given the number of other agencies that have cybersecurity threat integration responsibilities, it’s not clear that a new agency is needed,” said Greg Nojeim of the Center for Democracy and Technology. [Continue reading…]
NSA on and off the trail of the Sony hackers
After cybersleuth Barack Obama saw the evidence pointing at North Korea’s responsibility for the cyberattacks against Sony, “he had no doubt,” the New York Times melodramatically reports.
He had no doubt about what? That his intelligence analysts knew what they were talking about? Or that he too when presented with the same evidence was forced to reach the same conclusion?
I have no doubt that had Obama been told by those same advisers that North Korea was not behind the attacks, he would have accepted that conclusion. In other words, on matters about which he lacks the expertise to reach any conclusion, he relies on the expertise of others.
A journalist who tells us about the president having “no doubt” in such as situation is merely dressing up his narrative with some Hollywood-style commander-in-chief gravitas.
When one of the reporters in this case, David Sanger, is someone whose cozy ties to government extend to being “an old friend of many, many years” of Ashton Carter, whose nomination as the next Secretary of Defense is almost certain to be approved, you have to wonder whose interests he really serves. Those of his readership or those of the government?
Since Obama and the FBI went out on a limb by asserting that they had no doubt about North Korea’s role in the attacks, they have been under considerable pressure to provide some compelling evidence to back up their claim.
That evidence now comes courtesy of anonymous officials briefing the New York Times and another document from the Snowden trove of NSA documents.
Maybe the evidence really is conclusive, but there are still important unanswered questions.
For instance, as Arik Hesseldahl asks:
why, if the NSA had so fully penetrated North Korea’s cyber operations, did it not warn Sony that an attack of this magnitude was underway, one that apparently began as early as September.
Officials with the NSA and the White House did not immediately respond to requests for comment about the report. A Sony spokeswoman had no comment.
On the one hand we’re being told that the U.S. knew exactly who was behind the Sony attacks because the hackers were under close surveillance by the NSA, and yet at the same time we’re being told that although the NSA was watching the hackers it didn’t figure out what they were doing.
If Hollywood everyone decides to create a satire out of this, they’ll need to come up with a modern-day reworking of the kind of scene that would come straight out of Get Smart — the kind where Maxwell Smart, Agent 86, would be eavesdropping on conversation between his North Korean counterparts, the only problem being, that he doesn’t understand Korean.
The Times report refers to the North Korean hackers using an “attack base” in Shenyang, in north east China. This has been widely reported with the somewhat less cyber-sexy name of the Chilbosan Hotel whose use for these purposes has been known since 2004.
If the attackers wanted to avoid detection, it’s hard to understand why they would have operated out of a location that had been known about for that long and that could so easily be linked to North Korea.
It’s also hard to fathom that having developed its cyberattack capabilities over such an extended period, North Korea would want to risk so much just to try and prevent the release of The Interview.
Michael Daly claims that the regime “recognizes that Hollywood and American popular culture in general constitute a dire threat” — a threat that has apparently penetrated the Hermit Kingdom in the “especially popular” form of Desperate Housewives.
Daly goes on to assert:
a glimpse of Wisteria Lane is enough to give lie to the regime’s propaganda that North Koreans live in a worker’s paradise while its enemies suffer in grinding poverty, driven by envy to plot against Dear Leader.
Of course, as every American who has watched the show knows, Wisteria Lane represents anytown America and the cast could blend in unnoticed at any Walmart or shopping mall.
OK. I won’t deny that American propaganda is much more sophisticated than North Korea’s, but when an American journalist implies that Desperate Housewives offers ordinary North Koreans a glimpse into the lives of ordinary Americans, you have to ask: which population has been more perfectly been brainwashed?
In reality, the dire threat to the North Korean regime in terms of social impact comes not from American popular culture but from much closer: South Korean soap operas.