Pages

Search This Blog

Translate

Search Tool




Jul 6, 2020

Analysis | The Cybersecurity 202: Hacking tensions with Iran are surging again after nuclear site fire


By Joseph Marks


with Tonya Riley

A fire at an Iranian nuclear plant is threatening to spark a major hacking conflict that could embroil U.S. industry.
Three Iranian officials have anonymously blamed a foreign cyberattack for the fire, which caused significant damage and threatens to slow the nation’s development of advanced centrifuges by months, Reuters reports. Other officials blamed the attack on a powerful bomb, the New York Times reports.
It's not clear if the fire itself was caused by a cyberattack, though some Iranian officials have suggested such attacks could have been launched by the United States or Israel. Regardless, Iran may respond in cyberspace where it faces a comparatively level playing field compared to conventional military conflict.
Iran’s top civil defense official has vowed to retaliate if cyberattacks are confirmed. “Responding to cyberattacks is part of the country’s defense,” Gholamreza Jalali told state television. “If it is proven that our country has been targeted by a cyberattack, we will respond.”
The inflammatory rhetoric comes as U.S. officials are already on alert for Iranian cyberattacks in response to the U.S. military's killing of Iranian Maj. Gen. Qasem Soleimani in January. Experts have warned those attacks could target oil refineries, financial institutions and other vital U.S. infrastructure.
It also comes after a decade during which Iran has become increasingly belligerent in cyberspace including hacks against U.S. banks and universities.
An article by the state news agency IRNA accused the United States and Israel of crossing "red lines" and raised the specter of retaliation in the wake of the fire.
“So far Iran has tried to prevent intensifying crises and the formation of unpredictable conditions and situations,” the outlet said as reported by Reuters. “But the crossing of red lines of the Islamic Republic of Iran by hostile countries, especially the Zionist regime and the U.S., means that strategy ... should be revised.”
U.S. officials have not commented on the fire. Israeli Defense Minister Benny Gantz said: “Not every incident that transpires in Iran necessarily has something to do with us.”

A fire-damaged building at the Natanz uranium enrichment facility. (Atomic Energy Organization of Iran/AP)
The fire sparked immediate memories of the Stuxnet cyberattack in 2010. 
That attack was widely attributed to the United States and Israel, though the nations never formally claimed credit. It took place in the same facility in the city of Natanz that was hit by the fire this month, though in a different building.
Stuxnet successfully set back Iran’s nuclear program for years by using malicious software to destroy thousands of centrifuges. But it also helped spark the current era of global digital conflict in which Russia, Iran and other nations have routinely turned to hacking as a way to damage adversaries — and where private companies often bear the brunt of those attacks.
That conflict has grown increasingly dangerous to the point of threatening death and widespread property destruction. Russia, for example, briefly disabled large portions of Ukraine’s energy grid with a cyberattack in 2016.
Iran was a newcomer to cyber conflict in 2010 but has grown far more sophisticated and dangerous since then.
In an opening salvo, the nation’s Islamic Revolutionary Guard Corps was behind a wave of cyberattacks that disrupted operations at U.S. financial firms from 2011 to 2013. The Justice Department charged seven of the hackers in 2016 but none of them has faced trial in the United States.
Another set of indictments and sanctions in 2018 revealed a vast Iranian hacking operation targeting hundreds of U.S. and foreign universities, as well as dozens of U.S. companies and government agencies, and the United Nations.
Iran has also been linked to a 2012 cyberattack that devastated oil production by the Saudi state oil company Aramco and a 2014 attack at the Sands Casino whose owner Sheldon Adelson is an outspoken backer of Israel.
Just this year, Iran appears to be behind an unsuccessful May attack aimed at disrupting Israeli water supplies in at least two locations.

Satellite image shows a damaged building after a fire and explosion at Iran's Natanz nuclear site. (Planet Labs Inc., James Martin Center for Nonproliferation Studies at Middlebury Institute of International Studies/AP)
Digital tensions with Iran have risen sharply since the Trump administration backed out of an Obama-era deal to curtail that country's nuclear program.
The U.S. military has also ratcheted up its offensive hacking since then – most notably by knocking out a database used by Iranian paramilitary forces to target oil tankers and other ships in the Persian Gulf last year.
That has helped create a powder-keg atmosphere that could easily lead Iran to strike back in cyberspace. Plus, the United States has already applied extensive financial sanction on Iran, so it has few levers left to pull to prevent an attack.
“With Iran, what do they have to lose?” former NSA Chief Gen. Keith Alexander said during a panel discussion I moderated last year. "We’re going to sanction them? We already did that.”

The keys
Police in Europe arrested hundreds of drug traffickers and other criminals after cracking their encryption. 

Dutch Police Chief of the National Unit Jannine van den Berg during a news conference on the dismantling of an encrypted criminal communication network. (Sem Van Der Wal/EPA-EFE/Shutterstock)

The operation, which began in 2017, involved hacking through encryption protections on a service called EncroChat, which has since been shut down. The arrests span the United Kingdom, the Netherlands and other European nations, the New York Times’s Adam Nossiter reports.
It was as though we were sitting at the table where the criminals were chatting among themselves,” said Jannine van den Berg, chief constable of the central police unit in the Netherlands.
The arrests come amid a standoff in the United States between tech firms and the Justice Department, which says strong encryption is allowing terrorists, sexual predators and other criminals to evade law enforcement. Tech firms and cybersecurity advocates say there’s no way to give police special access to encryption without undermining security for everyone.
They've pointed to previous instances in which police have broken encryption as evidence law enforcement doesn't need a backdoor.
An apparent social media hoax drove hundreds of armed militia members to congregate in Gettysburg, Pa.

Militias and other white nationalists assembled to protect the Gettybsburg battleground from an alleged antifa threat. (Andrew Mangum for The Washington Post)

The vigilantes, who also included bikers and skinheads, were responding to a mysterious Facebook page that said antifa protesters were descending on the historical grounds to burn American flags, my colleagues Shawn Boburg and Dalton Bennett wrote. In fact, no such protest was ever planned.
The hoax appears to have been perpetrated by someone inside the United States. But it’s an example of how foreign or domestic actors can manipulate social media to crank up outrage over hot-button political conflicts.
Vigilantes have also flocked to towns in Idaho, New Jersey, South Dakota and Michigan in recent weeks in response to antifa hoaxes online.
“Let’s get together and burn flags in protest of thugs and animals in blue,” the Facebook page called Left Behind USA proclaimed in mid-June. The page wrote that the organizers would “be giving away free small flags to children to safely throw into the fire.”
Facebook and Twitter shut down the Left Behind USA pages last week. My colleagues were unable to verify the identity of the person running the accounts.
Critics are sounding alarms about a Trump ally now leading U.S. Internet freedom efforts. 

President Trump and China's President Xi Jinping. (Nicolas Asfouri/AFP/Getty Images)

Michael Pack, a conservative filmmaker who was recently confirmed to lead the United States Agency for Global Media, has cleaned out the top ranks of the Open Technology Fund since he was confirmed in June to lead the U.S. Agency for Global Media, the New York Times’s Pranshu Verma and Edward Wong report.
The Agency for Global Media oversees U.S. government-run outlets such as Voice of America in addition to the Open Technology Fund, which aims to enable free expression in repressive countries.
Pack's efforts appear to be a victory for the Chinese dissident group Falun Gong, which has been highly supportive of Trump and has also pushed his agency to invest in technology it says helps people inside China break through the communist regime’s Web censorship tools.
Critics, however, say the Falun Gong technology, called Ultrasurf, is outdated and has proven ineffective. They worry a pivot to supporting it will undermine support for more widespread and effective tools people in numerous nations use to communicate outside the view of repressive regimes such as the encrypted messaging app Signal and the anonymizing tool Tor.

Global cyberspace

Prime Minister Boris Johnson is reportedly preparing to begin removing Huawei from U.K. 5G networks this year. 

Britain's Prime Minister Boris Johnson. (Peter Nicholls/Reuters)

The move is an about-face from an earlier plan to allow the Chinese telecom to build less-sensitive portions of the nation’s next-generation networks, the Telegraph reports. It comes after new U.S. restrictions that would make it very difficult for computer chip suppliers with any U.S. business to sell to Huawei.
More international cybersecurity news:

TikTok, a popular short-video app, sought to distance itself from Beijing after India banned it and dozens of other Chinese mobile apps in retaliation for a deadly border clash last month.

Wall Street Journal

Government scan

The Senate Judiciary Committee pared back a bill that threatens encryption before unanimously approving it.

Senate Judiciary Chairman Lindsey Graham, (R-SC), and Sen. Richard Blumenthal, (D-CT), are cosponsors of the EARN IT Act. Andrew Harnik/Pool via REUTERS

Lawmakers added new language specifying that the EARN IT Act should not be used to require law enforcement backdoors into encryption. The bill aims to push tech companies to get tougher on combating the spread of online child pornography.
Here are more details from CyberScoop’s Sean Lyngaas.
More cybersecurity news from the public sector:

A Democratic U.S. senator says he has written to Attorney General William Barr outlining his concerns about potential "political interference" by the Trump administration in an investigation of a private espionage firm that targeted environmental groups in the United States.
Reuters

A lack of resources has made it hard to keep data secure.
Ars Technica

Chat room

Kanye West, who announced July Fourth he’s supposedly running for president, is going to have to raise his cybersecurity game if he wants to keep his campaign from being hacked. The Grammy-winning rapper once famously exposed his super-simple password on camera, which violates several rules of basic cyber hygiene. And he did it in the Oval Office, no less.
NBC News’s Kevin Collier:
Well there was that time he logged into his iPhone on camera and shared his simple login and everybody tweeted it and basically he tricked all of infosec twitter into violating CFAA by gleefully sharing his password
— Kevin Collier (@kevincollier) July 5, 2020
Computer accessibility pro Kevin Cleppe:
TL:DR, it's not good pic.twitter.com/XykPrcdqoV
— kevincleppe (@cleppster) July 5, 2020

Daybook

  • A House Appropriations Committee panel will debate funding for the Homeland Security Department at 9 a.m. Tuesday.
  • The House Energy and Commerce Committee will host a hearing on consumer risks during the covid-19 pandemic at noon Thursday.

Secure log off

For anyone who watched the Hamilton film over the 4th of July weekend, here's a flashback to where it all began.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.