Iran

Surge in Iranian Cyber-Attacks on U.S. Officials Prompts Congress to Boost Security Measures

A spike in Iranian hacking attacks on U.S. State Department officials has prompted Congress to boost the military’s ability to counter cyber-security threats, The New York Times reported Wednesday.

James Clapper, the director of national intelligence, informed Congress in closed sessions that state-backed Iranian hackers “were stepping up traditional cyberespionage, and getting better at it,” according to the Times. James Lews, a cyber-security expert, added that the Iranians “are getting far more aggressive in cyberespionage, which they know is less likely to prompt a response from the United States.”

In a defense bill passed earlier this month, Congress instructed the United States Cyber Command to counter these breaches by carrying out computer war games “to replicate the threats from China, Iran, North Korea and Russia.”

The Times noted that private security researchers first discovered that Iranian hackers were targeting political dissidents, as well as top policy makers and military officials in the United States, Britain, and Israel, last May. The attacks peaked in May of this year, right before the nuclear negotiations in Vienna, with more than 1,500 attempts. In the months leading up to the nuclear deal, the researchers found evidence that Iranian hackers “began probing critical infrastructure networks in what appeared to be reconnaissance for cyberattacks meant to cause physical damage.”

When reports that Iranian hackers were targeting State Department employees first broke several weeks ago, U.S. officials said that the attacks may be linked to the arrest in Tehran of Iranian-American businessman Siamak Namazi, whose computer was confiscated by Iranian authorities.

Earlier this month, European officials shut down the operations of an Iranian hacking group after receiving information on their activities from an Israeli cyber-security firm. A scheme by Iranian hackers to get sensitive information from professionals in the defense and telecommunications industries using fake LinkedIn profiles was discovered and shut down in October.

The Times revealed in February that the United States had enlisted the help of its allies, including Britain and Israel, to confront the escalating threat of Iranian cyber-attacks. A report released last year by cyber-security firm Cylance highlighted Iran’s growing cyber-terror capabilities, including “bone-chilling evidence” that its hackers had taken control of gates and security systems at airports in South Korea, Saudi Arabia, and Pakistan.

Iran’s cyber-attacks are not just directed at other countries and individuals abroad, but also its own citizens. Massive attacks on Iranian Google accounts were detected prior to the presidential election two years ago as part of a broader crackdown on dissent.

In Iran Has Built an Army of Cyber-Proxies, which was published in the August 2015 issue of The Tower Magazine, Jordan Brunner explained how Iran became one of the world’s leading forces in cyber-warfare:

Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.

More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.

Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.

[Photo: dir /s / Flickr