Iran

Iranian Hackers Likely Behind Cyber Attacks “Going After the Internet Infrastructure Itself”

Iran is likely behind a major assault on the internet’s infrastructure, Agence France-Presse reported Saturday.

The Internet Corporation for Assigned Names and Numbers (ICANN), which is the main international registry of internet addresses, warned on Friday that the infrastructure undergirding the system of internet domains was subject to “an ongoing and significant risk.”

“They are going after the internet infrastructure itself,” David Conrad, ICANN’s chief technology officer, told AFP.

“There have been targeted attacks in the past, but nothing like this.”

The attacks, which have been ongoing since 2017 but have worsened recently, have prompted an emergency meeting of ICANN. The attacks have targeted Domain Name Servers (DNS), which direct traffic to specific addresses.

The fear is that the attacks could send traffic to the wrong site, or allow the attackers to mimic or spoof important websites.

“This is roughly equivalent to someone lying to the post office about your address, checking your mail, and then hand delivering it to your mailbox,” a recent alert issued by the United States Department of Homeland Security said.

“Lots of harmful things could be done to you (or the senders) depending on the content of that mail.”

The systematic attacks have been nicknamed “DNSpionage.”

Ben Read, senior manager of cyber espionage analysis for the cybersecurity firm FireEye, said, “We’ve seen primarily targeting of email names and passwords.”

“There is evidence that it is coming out of Iran and being done in support of Iran,” he added.

The hackers engaged in DNSpionage have been stealing online credentials of targets in the Middle East, including the United Arab Emirates and Lebanon.

“You definitely need knowledge of how the internet works and have to handle a lot of traffic being directed to you,”  Adam Meyers, vice president of intelligence for the cybersecurity firm CrowdStrike, said of the operation.

“With that access, they could temporarily break portions of how the internet works. They chose to intercept and spy on folks.”

In July of last year, Symantec reported that a group of Iran-based hackers had targeted systems in Saudi Arabia, the United Arab Emirates, Qatar, Kuwait, Bahrain, Egypt, Israel, and Afghanistan.

In December 2017, FireEye issued a report, concluding that China and Russia were no longer the sources of most hacking attempts, but “that the majority of the actors we’re responding to right now are hosted in Iran, and they are state-sponsored.”

In Iran Has Built an Army of Cyber-Proxies, which was published in the August 2015 issue of The Tower Magazine, Jordan Brummer described how Iran has become one of the world’s biggest cyber-threats in the world.

Iran’s cyber-breakout was fast and sudden. Within the last few years, Iran has managed to build a cyber-capability that rivals the United States, China, Russia, the United Kingdom, and Israel, who are the most dominant actors in cyberspace. According to intelligence documents released by Edward Snowden in 2013, Iran has been ramping up its surveillance of the United States government. One of these documents, written by Gen. Keith Alexander, former director of the National Security Agency, describes the threat as serious enough for the U.S. to request Britain’s assistance in containing the damage from “Iran’s discovery of computer network exploitation tools”—a technical term for cyber-weapons.

[Photo: JLaservideo / YouTube ]