Forgot your password?
typodupeerror
Security United States IT Politics

Iranian Hackers Probe US Infrastructure Targets 203

Posted by timothy
from the casing-the-joint dept.
Taco Cowboy points out reports in The Register and The Jerusalem Post (along with a paywalled article at the WSJ) that say "[Iranian hackers are] responsible for a wave of computer attacks on U.S. corporations, with targets including oil, gas and electricity companies. Unlike the cyber incursions from China, the goal of the Iranian attacks is sabotage rather than espionage. The cyber attacks are seen as attempts to gain control of critical processing systems. The attacks on oil, gas and power firms have so far concentrated on accruing information on how their systems work – a likely first step in a co-ordinated campaign that would eventually result in attacks aimed at disrupting or destroying such infrastructure."
This discussion has been archived. No new comments can be posted.

Iranian Hackers Probe US Infrastructure Targets

Comments Filter:
  • blowback (Score:5, Interesting)

    by Anonymous Coward on Tuesday May 28, 2013 @12:00PM (#43842183)

    Maybe launching destructive malware at Iranian infrastructure wasn't such a good idea.

    • Maybe launching destructive malware at Iranian infrastructure wasn't such a good idea.

      I just read a decent fiction eBook about disaster caused by cyber warfare called CyberStorm. It was a bit dark at points and has its flaws, but was overall a good read.

    • Maybe a functional theocracy with an end-of-the-world complex developing nuclear weapons wasn't such a good idea.
      • by Rob Riggs (6418)

        Maybe a functional theocracy with an end-of-the-world complex developing nuclear weapons wasn't such a good idea.

        They have an end-of-the-world complex? Citation please? I'm only familiar with the doomsday preppers here in the U.S. Something similar going on in Iran?

      • by lennier (44736)

        an end-of-the-world complex

        ... You mean like Mount Weather or [wikipedia.org] Raven Rock [wikipedia.org]?

        Oh, I'm sorry, this is the persecution complex. Have a nice day, and don't go out that door- that's the Pit of 1,000 Youtube Commenters. Best you don't let them see you, they haven't been fed yet. Mind the chainsaws! Bye now! We'll be seeing you!

    • Re:blowback (Score:4, Informative)

      by TubeSteak (669689) on Tuesday May 28, 2013 @01:11PM (#43842979) Journal

      Google's Cache works 99% of the time:
      http://webcache.googleusercontent.com/search?q=cache:http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html [googleusercontent.com]

      Iran Hacks Energy Firms, U.S. Says
      Oil-and-Gas, Power Companies' Control Systems Believed to Be Infiltrated; Fear of Sabotage Potential
      By SIOBHAN GORMAN and DANNY YADRON

      WASHINGTON--Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials.

      In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded "far enough to worry people," one former official said.

      The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage.

      U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by "denial of service" strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said.

      In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation.

      "This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow," a U.S. official said. "What they have done so far has certainly been noticed, and they should be cautious."

      The U.S. has previously launched its own cyberattacks against Iran. The Stuxnet worm, developed and launched by the U.S. and Israel, sabotaged an Iranian nuclear facility.

      The latest campaign, which the U.S. believes has direct backing from the Iranian government, has focused on the control systems that run oil and gas companies and, more recently, power companies, current and former officials said. Control systems run the operations of critical infrastructure, regulating the flow of oil and gas or electricity, turning systems on and off, and controlling key functions.

      In theory, manipulating the software could be used to delete important data or turn off key safety features such as the automatic lubrication of a generator, experts said.

      Current and former U.S. officials wouldn't name the energy companies involved in the attacks. or say how many there were. But among the targets were oil and gas companies along the Canadian border, where many firms have operations, two former officials said.

      The officials also wouldn't detail the precise nature of the evidence of Iranian involvement. But the U.S. has "technical evidence" directly linking the hacking of energy companies to Iran, one former U.S. official said.

      Iranian officials deny any involvement in hacking. "Although Iran has been repeatedly the target of state-sponsored cyberattacks, attempting to target Iran's civilian nuclear facilities, power grids, oil terminals and other industrial sectors, Iran has not ever retaliated against those illegal cyberattacks," said Iran's spokesman at the United Nations, Alireza Miryousefi. "In the lack of international legal instruments to address cyberwarfare, Iran has been at the forefront of calling for creating such instruments. We categorically reject these baseless allegations used only to divert attentions."

      So far, the infiltrations don't appear to have involved theft of data or disruption of operations. But officials worry the reconn

    • Maybe launching destructive malware at Iranian infrastructure wasn't such a good idea.

      If you are referring to "stuxnet," it wasn't launched against the Iranian infrastructure, but against Iran's nuclear program, which includes clandestine work on nuclear weapons.

      Iran nuclear report: IAEA claims Tehran working on advanced warhead [guardian.co.uk]

      I you think that Iran's behavior with just software is disagreeable, I don't think you want to see them with nuclear weapons.

      UN chief denounces Iran to its face over calls to destroy Israel [nbcnews.com]
      'Cancerous tumour' Israel will soon be destroyed, says Ahmadinejad

      Israel’s existence is an “insult to all humanity,” Iranian President Mahmoud Ahmadinejad said on Friday, in one of his sharpest attacks yet against the Jewish state, which is currently debating whether to attack Iran over its nuclear program.

      AFP - Israel is a "cancerous tumour" that will soon be finished off, Iranian President Mahmoud Ahmadinejad on Friday told demonstrators holding an annual protest against the existence of the Jewish state.

      "The Zionist regime and the Zionists are a cancerous tumour. Even if one cell of them is left in one inch of (Palestinian) land, in the future this story (of Israel's existence) will repeat," he said in a speech in Tehran marking Iran's Quds Day that was broadcast on state television.

      "The nations of the region will soon finish off the usurper Zionists in the Palestinian land.... A new Middle East will definitely be formed. With the grace of God and help of the nations, in the new Middle East there will be no trace of the Americans and Zionists," he said.

      Iran Ste [gatestoneinstitute.org]

      • There was more than the Stuxnet attack on the uranium centrifugues. Iran alleges there were cyberwarfare attacks on their oil pipeline infrastructure. Plus there have been targeted assassinations of Iranian nuclear scientists.

        The US sowed this so now they must reap it.

        • I'm afraid you have it backwards. It is Iran that is reaping what it has sown. It is now trying for an upper. It might get that, much to its regret.

        • The US sowed this so now they must reap it.

          Reap what? A nuclear armed Iran? Yeah, we're scared. If Iran does produce a nuke it'll be squashed like a bug. You don't give a rabid dog a gun, you kill the dog.

    • Maybe launching destructive malware at Iranian infrastructure wasn't such a good idea.

      Oh? Why? Curious to know exactly why trying to keep Iran from having nukes is a bad idea.

      • by meglon (1001833)
        Curious to know who the fuck made us God to say who can have nuclear energy or not. You want to bitch and whine that the Iranians are flexing their cyberattack muscles, well, too fucking bad; we started it. You simply want to make some stupid fucking excuse as to why you are right, and they are wrong; that's something you really shouldn't do when you haven't taken the high road.
  • by Anonymous Coward on Tuesday May 28, 2013 @12:02PM (#43842207)

    Iranian IPs are responsible for a wave of port scanning on US IP ranges.

  • So why? (Score:5, Insightful)

    by Anonymous Coward on Tuesday May 28, 2013 @12:08PM (#43842289)

    Why is it okay for the US to sponsor cyber attacks, but not the Iranians? If it is an act of war, then did Congress authorize the US act of war?

    • Re:So why? (Score:4, Insightful)

      by ebno-10db (1459097) on Tuesday May 28, 2013 @12:48PM (#43842727)

      Why is it okay for the US to sponsor cyber attacks, but not the Iranians?

      I'm not going to get all philosophical as that's not my shtick. I'm not even going to say it's "okay" for us to do it and not them (did somebody actually say that?). As an American I'd rather the US be successful in its attacks and the "enemy" not. I don't pretend it's anything more than that.

      That doesn't mean I'm a bang the war drum type about Iran. However I'd rather they not get nuclear weapons. I'm not sure how far the US should go to prevent that (I'd certainly be opposed to a full blown war) but Stuxnet was a clever technique that didn't even hurt anyone. My attitude is "well done". I don't want Iran to be successful in a similar attack on the US. So far it seems they're only gathering intel, but the possibility of targeting our infrastructure is frightening. It's also potentially much more damaging than destroying some centrifuges.

      • by TubeSteak (669689)

        As an American I'd rather the US be successful in its attacks and the "enemy" not.

        As an American I'd rather the US not attack anyone and the "enemy" not attack us either.

        The real scandal is that hardening the IT infrastructure around these utilities is easy, it just costs money.
        The first step is getting the SCADA industry to pull its head out of its ass and not sell anything that hasn't been aggressively vetted.

        The government can create momentum for industry to design and build secure hardware interfaces.
        All that's required is a timeline for uptake and a regulatory structure that mandate

      • by AmiMoJo (196126) *

        Don't you see the flaw in that attitude? Consider that your Iranian counterpart is taking exactly the same attitude. Damage the US economy and infrastructure to make invasion harder. Develop nuclear weapons as the ultimate deterrent.

        I think of lot of Americans don't realize that the US currently has the most aggressive and threatening stance. Yeah, occasionally some Iranian politician or cleric makes a comment about wanting to destroy the US, but the the US actually does have the capability to carry out the

        • Don't you see the flaw in that attitude? Consider that your Iranian counterpart is taking exactly the same attitude. Damage the US economy and infrastructure to make invasion harder. Develop nuclear weapons as the ultimate deterrent.

          I wish we could go back in time and not get involved in that idiotic coup to ensure BP's profits (Truman refused to do it). Unfortunately we can't. Since 1979 there has been a lot of (thankfully) low level hostilities between the US and Iran. Stuxnet, while one can debate its effectiveness, was a very low level "hostility" (no one hurt) and at least intended to serve a decent purpose.

          The Iraq war probably did 100x as much as Stuxnet to make the Iranians leery. "Gee, the Great Satan will invade countries w

    • by Synerg1y (2169962)

      Based on the nature of the internet... it could easily be US hackers hacking Iranian systems from which they could "test" US infrastructure and blame Iran in one fell swoop.

      The scary thing here is my statement has as much plausible deniability built in as TFA.

    • by MrLizard (95131)

      For the same reason we arrest Russian/Chinese/Whatever spies in America, but send our own spies to Russia/China/Whatever.

      I mean, seriously? How is this even a question? This got ranked "insightful"? Really, Slashdot?

      I don't think anyone (well, anyone even half sane) would argue that it's objectively moral for the US to engage in espionage/cyberwarfare against another country, but objectively immoral for them to do it to us. It's equally moral (or immoral), no matter which direction it goes, so you make sure

    • by jader3rd (2222716)

      Why is it okay for the US to sponsor cyber attacks, but not the Iranians? If it is an act of war, then did Congress authorize the US act of war?

      The difference is that the US was trying to prevent Iran from getting ahold of weapons/technology that it shouldn't have. Iran is out to destroy existing infrastructure. So the difference is scale. The US says "we'll try to stop X from happening", and Iran says "I'm a bull in a china shop trying to destroy everything".

      • by meglon (1001833)
        They can have whatever weapons/technology they can develop. You're trying to make an excuse for the US being dicks to them, again.
  • by ColdWetDog (752185) on Tuesday May 28, 2013 @12:11PM (#43842325) Homepage

    Iran is annoyed at Adobe's new subscription pricing model [slashdot.org]. They're just looking for some valid serial numbers for Photoshop so they can keep expanding their military prowess [slashdot.org].

    • I'm nominating you for Secretary of State. It's a brilliant diplomatic strategy. The US and Iran can become allies in a war against Adobe. Then in the spirit of George Washington's advice about international affairs, we can say we're sorry about the shah, they can say they're sorry about the hostages, and we can put the whole mess behind us. Bonus points for destroying Adobe.
  • I don't understand. Is this actually a threat or is it just an attempt to break into some webservers/desktops? Why would the SCADA system controlling things like gas and power be connected to any machine with an Internet routable IP or that is able to connect to any machine with an Internet routable IP? Is it impractical to only use bright red network cables for Important Things and, in those situations where it's worth the compromise, traverse a wireless link or a leased line (ie. phone system directly, n
    • Why would the SCADA system controlling things like gas and power be connected to any machine with an Internet routable IP or that is able to connect to any machine with an Internet routable IP?

      Like most topics, we've beat this one to death in the past. Yes, anyone with half a brain wouldn't do that. Unfortunately, among persons setting up SCADA systems, having some functional neurons seems to be something of an edge case.

      • by AmiMoJo (196126) *

        Here's how it happens:

        RemoteMon Corp. develops a cool new monitoring system that lets utilities keep an eye on their facilities remotely using the internet to create the connection rather than an expensive dedicated line. Utilities love it because it reduces their costs hugely and lets them set up a cool looking operations centre with big monitors so they feel like NASA or something. Seriously, they love those.

        RemoteMon tells the utilities that they need to set up secure passwords and change them regularly.

    • Re:Airgap? (Score:5, Insightful)

      by Antipater (2053064) on Tuesday May 28, 2013 @12:29PM (#43842533)
      Because people take network security about as seriously as they take nutrition. Everyone says they want to do the right thing, but then at the first sign of inconvenience they're back to their bad habits.
      • And I thought that "what do Twinkies and Internet connections have in common" was just a philosophical question.
    • by gstoddart (321705)

      Why would the SCADA system controlling things like gas and power be connected to any machine with an Internet routable IP or that is able to connect to any machine with an Internet routable IP?

      And the answer never changes -- incompetence and laziness.

      We all know you shouldn't have your critical infrastructure on the web, but that never really seems to change anything.

  • by 140Mandak262Jamuna (970587) on Tuesday May 28, 2013 @12:22PM (#43842451) Journal
    We have stopped maintaining our bridges and roads, and we have reduced infrastructure spending drastically. By the time you Iranians figure out how to destroy American infrastructure, there will be nothing left for you to destroy. Fools on you Iranians.
  • Die by the Cyber Sword.

    It really will be a photo finish to see which country has more cheap, lazy, and incompetent mid and upper level bureaucrats and MBAs.
    • No contest, USA wins that one hands-down.

      The real competition is who has the most/brightest hackers and security geeks. If we keep flooding ourselves with incompetent H1B's, the Iranians will have us by the short hairs.

    • It really will be a photo finish to see which country has more cheap, lazy, and incompetent mid and upper level bureaucrats and MBAs.

      The ultimate cage match: MBA's vs. theocrats.

    • by meglon (1001833)
      There Will Be.. Paper Cuts!!!!!

      Wait... paperless what? Frak me, another great title shot to hell.
  • Some questions (Score:5, Insightful)

    by Okian Warrior (537106) on Tuesday May 28, 2013 @12:51PM (#43842763) Homepage Journal

    Okay, some questions.

    Firstly, how do they know it was Iranian hackers? The linked article is the NYT reporting US officials as saying that the attacks came from Iran, and that the attacks could not be carried out without the regime's knowledge. Not a direct quote, btw - a paraphrasing of something a government official said, paraphrased by the reporter, and punched up by the editor for more impact.

    Yet the register first line reads: "Iranian hackers are launching state-sanctioned attacks on US energy firms and hope to sabotage critical infrastructure by targeting industrial control systems, according to American officials."

    There's a difference between attacks originating in Iran and attacks sponsored by the regime. Also, it's difficult at best to determine the origin of an attack - are they sure these attacks weren't proxied *through* Iran?

    Secondly, how do they know that the goal is sabotage, when no sabotage has actually occurred? How do they know that this isn't just some bot herders trying to find more spam outlets? Certainly "accruing information on how their systems work" sounds more like a port scan or a vulnerability scan - which would be the first step regardless of the intent.

    This is high-octane scare mongering. Be afraid, everyone! Don't use logic, let your emotions guide your opinions!!!

    • This is high-octane scare mongering. Be afraid, everyone!

      You act as though someone were calling for a nuclear attack. Even if this story is total garbage, I hope it gets lots of attention. Something has to be done about our insecure SCADA/infrastructure, regardless of whether you think the threat is from the Evil [insert whatever you hate here] or a bored kid in the basement.

      • by iggymanz (596061)

        dumb-asses who hook their SCADA systems to the internet richly deserve what they get. Hope some big companies get burned so they wake up.

        • dumb-asses who hook their SCADA systems to the internet richly deserve what they get

          Agreed, but what bothers me is that I sometimes have little choice in relying on services provided by the aforementioned dumb-asses (e.g. electricity).

    • Re:Some questions (Score:5, Insightful)

      by tnk1 (899206) on Tuesday May 28, 2013 @01:42PM (#43843241)

      Iran has some pretty strict Internet rules and monitoring is most certainly employed. While it could be random hackers inside Iran, the chances of them executing a long term project and not being noticed are slim to none. The proxy scenario seems also unlikely as an anonymous proxy service is another thing you don't run in Iran without someone noticing. I think it is entirely safe to say that they were Iranian, and that the government knew about it.

      As for the goal, presumably, the US government knows that the goal is sabotage by the selection of the materials targeted. If someone is downloading, say, information on security protocols and failure scenarios, you can pretty much bet that they aren't just doing that just because they are curious. Yes, perhaps there is room for doubt, but there are some things that some bored hacker isn't going to look for... isn't even going to know what to look for... without having experience. This is also a reason that it is probably Iranian government as well: they likely have experts who tell the hackers what they need to be looking for. Hackers, while smart, are not necessarily knowledgeable about infrastructure. They may know how to get into things, but they probably don't know what they are looking for once they are in.

      I agree that the ultimate outcome is in doubt: learning how to sabotage the US infrastructure is not the same as actually doing it. Just like testing nuclear weapons doesn't actually mean that you intend to use them.

      I also agree that releasing this information has an ulterior motive. It is PR for the agencies involved. In that sense, you have to take it with a grain of salt, but it doesn't mean it is fabricated or a scare tactic to cover an upcoming war. It's basically a department telling taxpayers that they need to continue funding them, or this could happen. A scare tactic, but for money. As much as I don't like that they do this, given how political that the budget process has become, it is probably understandable. It is also important to understand that, if these departments do their job, no one ever hears about them, because they generate no news. Sometimes, you need people to know what they are doing for the money that they pay you. This is likely what that is.

  • If you have one ant trekking across your kitchen to steal food, contaminating what it doesn't steal, you may not notice it. But if you have a swarm of ants trekking across the floor, you are more likely to notice them and take appropriate action. Unless you are a government agency, in which case you send a diplomat to tell the ants that if they don't stop you are going to get really slightly theatrically concerned, and the process of trying to figure out how to make a face that properly conveys that will make you annoyed at them.

    The real question is which of the following is going to happen first:
    1. The Chinese hackers attack the Iranian hackers before they draw attention to targets the Chinese want. If you're a spy infiltrating an installation and you come across some amateur spy who is also infiltrating, you kill the spy and hide the body in a ventilation shaft before he gets caught and the place gets locked down.
    2. The Iranian hackers accidentally disable the systems that are giving the Chinese access to U.S. secrets.

    Why hasn't someone made a sitcom about this yet?

    • Why hasn't someone made a sitcom about this yet?

      It could work since everybody now knows that nerds are funny. Maybe a sequel to the Big Bang Theory. Penny gets a job as a SCADA security engineer, but gets distracted by the bad guys when they deliver a great pair of new shoes to her. Sheldon could easily fix it, but he too is distracted because it's Tuesday and he had French toast instead of oatmeal.

    • Ants are actually incredibly clean. Your bench will be slightly cleaner after an ant has walked across it. Use a better analogy, and love your ants!
    • by AmiMoJo (196126) *

      Ventilation shaft are terrible places to hide bodies. Bodies go off fast, especially if they lose control of their bowels. That nasty smell is going to get spread all around the building pretty fast if you stick it in the ventilation system.

  • by argStyopa (232550) on Tuesday May 28, 2013 @01:07PM (#43842941) Journal

    When you extrapolate
    1) the increasingly-vaguely-worded and -legally-authorized reach of national governments to act in what might be defined broadly as "military" ways wherever they see fit

    2) plus the ever-increasing capabilities of non-state actors (some call them terrorists, when it's convenient) and the state-sponsors that back them, not to mention the actual inability of states to closely control these assets

    3) the (current) ability to execute such actions through proxies/remotely/etc such that they are nearly perfectly anonymous

    4) and the increasingly brittle infrastructure of a modern, interconnected, INTEGRATED data- and electronically-driven (mostly Western) society.

    The intersection of these lines seems inevitable: a non-state actor (perhaps sponsored by a state, whether or not this specific action IS sponsored/authorized) is going to accomplish something really heinous, like a Chernobyl-level meltdown, or perhaps the destruction of the electrical grid across the East Coast of the US (something that costs $billions and/or thousands+ of lives).

    What happens then? If the US is catapulted into a paroxysm of 10 years of war over the relatively puny-but-showy 3000 deaths of the WTC attack, what would we do if that casualty number was 20,000? 100,000?

    "Someone will need to pay dearly" would seem to be the logical response of this otherwise-torpid democracy. But what if we don't know who that is, or (almost worse) are only "pretty sure" we know who it is?

  • Nobody cares about your propaganda. Everyone knows USA is doing exactly the same, if not at an even larger scale.
  • by jeff13 (255285)

    My FUD-o-meter just went into the red.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...