Wednesday, December 03, 2014

03-Dec-14: Crippling a country's essential infrastructure: a day in the life of Iran's hacking terrorists

Hackers were here: "Help me understand"
It's not as if the conventional forms of terrorism get enough attention in the right places. But however inadequate the level of attention by leaders and populations, the threat of massive destruction via computer-borne attack is barely understood, let alone appreciated and feared by ordinary citizens. This report in the New York Times ought to be making the largest of waves. But it's highly unlikely to have had that effect.

Report Says Cyberattacks Originated Inside Iran
By NICOLE PERLROTH | New York Times | December 2, 2014
Iranian hackers were identified in a report released Tuesday as the source of coordinated attacks against more than 50 targets in 16 countries, many of them corporate and government entities that manage critical energy, transportation and medical services.
Over the course of two years, according to Cylance, a security firm based in Irvine, Calif., Iranian hackers managed to steal confidential data from a long list of targets and, in some cases, infiltrated victims’ computer networks to such an extent that they could take over, manipulate or easily destroy data on those machines. Cylance called the attacks “Operation Cleaver” because the word cleaver frequently appeared in the attackers’ malicious code.
The New York Times was able to independently corroborate the firm’s findings with another security firm, Crowdstrike, which said it had been tracking the same group of Iranian hackers for the past nine months under a different alias, “Cutting Kitten”; kitten is the firm’s naming convention for attack groups based in Iran, a nod to the Persian cat.
The hackers used a set of tools that can spy on and potentially shut down critical control systems and computer networks, aiming them at targets in the United States, Canada, Israel, India, Qatar, Kuwait, Mexico, Pakistan, Saudi Arabia, Turkey, the United Arab Emirates, Germany, France, England, China and South Korea.
Cylance would identify only one of Cleaver’s victims — a Navy-Marine Corps network in San Diego that connects sailors, Marines and civilians across the United States — in its 86-page report. But it said other victims in the United States included a major airline, a medical university, an energy company that specializes in natural gas production, an automobile manufacturer, a major military installation and a large military contractor.
Cylance researchers said the hackers showed a penchant for oil and gas companies, compromising “no less than nine of these companies around the world.” They also zeroed in on universities in the United States, India, Israel and South Korea, and managed to steal pictures, passports and specific identifying information for students and faculty.
But the “most bone-chilling evidence” Cylance said it collected was of attacks on transportation networks, including airlines and airports in South Korea, Saudi Arabia and Pakistan. Researchers said they had found evidence that hackers had gained complete remote access to airport gates and security control systems, “potentially allowing them to spoof gate credentials.”
Just to flesh out the picture a little more, this extract (from "The Rise of Terrorist Hackers", Eric Schmidt and Jared Cohen, April 23, 2013, Cryptome) is part of a much longer look at how hacking is no longer what kids do in basements but poses life-and-death threats:
In 2011, the world met a twenty-one-year-old Iranian software engineer, apparently working in Tehran, who called himself Comodohacker. He was unusual compared to other hacktivists, who generally combat government control over the Internet, because as he told The New York Times via e-mail, he believed his country “should have control over Google, Skype, Yahoo!, etc.” He made it clear that he was intentionally working to thwart antigovernment dissidents within Iran. “I’m breaking all encryption algorithms,” he said, “and giving power to my country to control all of them.” Boasting aside, Comodohacker was able to forge more than five hundred Internet security certificates, which allowed him to thwart “trusted website” verification and elicit confidential or personal information from unwitting targets. It was estimated that his efforts compromised the communications of as many as three hundred thousand unsuspecting Iranians over the course of the summer. He targeted companies whose products were known to be used by dissident Iranians (Google and Skype), or those with special symbolic significance. He said he attacked a Dutch company, DigiNotar, because Dutch peacekeepers failed to protect Bosnian Muslims in Srebrenica in 1995.

No comments: