Engaged in an escalating cyber-war with Iran, the United States has enlisted the help of allies, notably Britain and Israel, to counter Tehran’s cyber-attacks, The New York Times reported today. Citing a paper prepared for then-director of the National Security Agency, Gen. Keith B. Alexander, in 2013, the Times reported:
It detailed how the United States and Britain had worked together to contain the damage from “Iran’s discovery of computer network exploitation tools” — the building blocks of cyberweapons. That was more than two years after the Stuxnet worm attack by the United States and Israel severely damaged the computer networks at Tehran’s nuclear enrichment plant.
The document, which was first reported this month by The Intercept, an online publication that grew out of the disclosures by Edward J. Snowden, the former N.S.A. contractor, did not describe the targets. But for the first time, the surveillance agency acknowledged that its attacks on Iran’s nuclear infrastructure, a George W. Bush administration program, kicked off the cycle of retaliation and escalation that has come to mark the computer competition between the United States and Iran.
The document suggested that even while the high-stakes nuclear negotiations played out in Europe, day-to-day hostilities between the United States and Iran had moved decisively into cyberspace.
In addition to Britain’s Government Communications Headquarters (GCHQ), the Times reports that the N.S.A. paper, “hints that both the N.S.A. and GCHQ ‘have agreed to continue to share information gleaned from the respective bilateral relationships’ with Israel’s Unit 8200, also known as the Israeli Sigint National Unit.” Sigint is short for signal intelligence.
Claudia Rosett described How Iran and North Korea Became Cyber-Terror Buddies, which was published in the January 2014 issue of The Tower Magazine.
Sources less invested in downplaying Iranian abuses have raised the intriguing prospect that Iran and North Korea might be collaborating on cyber-warfare. A lengthy report released last August by Hewlett-Packard’s security research unit, titled “Profiling an Enigma: The mystery of North Korea’s cyber-threat landscape” explored the possibility. In a section on North Korea’s “Important political and military ties,” HP’s researchers noted, “While this report focuses on North Korea’s cyber-warfare capabilities, these capabilities cannot be fully separated from the implications of partnerships with countries known to deal in illegal weapons trade with the regime.” Noting that cyberspace has now become “an arena for warfare,” the HP report listed five nations that already have a record of weapons trafficking with North Korea, and are now “potential allies in the cyber realm”: China, Russia, Syria, Cuba, and Iran.
Among these candidates, the most natural partner is Iran. The governments of China and Russia might be willing to host North Korean hackers, but they are hardly in dire need of munitions and technology from Pyongyang. Syria and Cuba might be more interested, but have less to offer in return.
Iran, on the other hand, has flourishing cyber-warfare capabilities and substantial oil supplies. As such, it would seem to offer many opportunities for mutual gain. Iran and North Korea have long been involved in illicit trade, Pyongyang is short on cash and long on munitions, and Iran has oil wealth to spend, as well as a documented appetite for North Korean goods.
HP’s suspicions were echoed in an early December report by a California-based security consulting firm, Cylance. The report focuses on a group of Iranian hackers believed to be working out of Tehran. Their attacks were dubbed Operation Cleaver, after a word that appears repeatedly in the hackers’ coding. Calling Iran “the new China,” Cylance described Iranian cyber skills as rapidly evolving and targeted at critical infrastructure around the world.
Both reports also note that North Korea and Iran have burgeoning ties. For example, a scientific and technological cooperation deal signed in September 2012. Cylance describes it as an “extensive agreement,” which could translate into “collaboration on various efforts including IT and technology.”
[Photo: TAKA@P.P.R.S / Flickr ]