This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2020/01/08/us/politics/iran-attack-cyber.html

The article has changed 5 times. There is an RSS feed of changes available.

Version 2 Version 3
Iran’s Military Response May Be ‘Concluded,’ but Cyberwarfare Threat Grows Iran’s Military Response May Be ‘Concluded,’ but Cyberwarfare Threat Grows
(about 1 hour later)
WASHINGTON — Iran’s declaration on Wednesday that a missile attack on Iraq had “concluded proportionate measures” against the United States in response to the killing of its most important general may amplify the Trump administration’s attention on computer systems as the next battlefield in its showdown with Tehran.WASHINGTON — Iran’s declaration on Wednesday that a missile attack on Iraq had “concluded proportionate measures” against the United States in response to the killing of its most important general may amplify the Trump administration’s attention on computer systems as the next battlefield in its showdown with Tehran.
Cybersecurity experts and government officials are already monitoring an uptick of malicious activity by pro-Iranian hackers and social media users that they believe are harbingers of more serious computer attacks from Tehran, including possible efforts aimed at destroying government databases.Cybersecurity experts and government officials are already monitoring an uptick of malicious activity by pro-Iranian hackers and social media users that they believe are harbingers of more serious computer attacks from Tehran, including possible efforts aimed at destroying government databases.
“Iran has the capability and the tendency to launch destructive attacks,” said Christopher C. Krebs, the director of the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s computer security arm. “You need to get in the head space that the next breach could be your last.”“Iran has the capability and the tendency to launch destructive attacks,” said Christopher C. Krebs, the director of the Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s computer security arm. “You need to get in the head space that the next breach could be your last.”
A battle cloaked in computer systems is more in keeping with Iran’s history of attacking the United States and its allies by clandestine means or through proxies. And mischief-making has already begun. In recent days, hackers have defaced government websites and pursued divisive disinformation campaigns on social media. Members of Iran’s Miqdad Cyber Base have used official state texting channels to threaten retaliatory strikes on the United States and Israel following the targeted killing of Maj. Gen. Qassim Suleimani. A battle cloaked in computer systems is more in keeping with Iran’s history of attacking the United States and its allies by clandestine means or through proxies. And mischief-making has already begun. In recent days, hackers have defaced government websites and pursued divisive disinformation campaigns on social media. Members of Iran’s Miqdad Cyber Base have used official state texting channels to threaten retaliatory strikes on the United States and Israel after the targeted killing of Maj. Gen. Qassim Suleimani.
The cybersecurity firm CrowdStrike warned customers in an alert obtained by The Times that it observed hackers supporting Iran’s Islamic Revolutionary Guard Corps deface local city websites in Minneapolis and Tulsa, Okla., with images honoring General Suleimani. Over the weekend, hackers claiming to be associated with Iran replaced the home page of the Federal Depository Library Program, a division of the Government Printing Office, with a doctored image of a bloodied President Trump getting punched in the face. The cybersecurity firm CrowdStrike warned customers in an alert obtained by The New York Times that it observed hackers supporting Iran’s Islamic Revolutionary Guards Corps deface local city websites in Minneapolis and Tulsa, Okla., with images honoring General Suleimani. Over the weekend, hackers claiming to be associated with Iran replaced the home page of the Federal Depository Library Program, a division of the Government Publishing Office, with a doctored image of a bloodied President Trump getting punched in the face.
An adviser to Iran’s president, Hassan Rouhani, in a series of tweets, posted a link to Mr. Trump’s properties and said “our sole problem is Trump. In the event of war, it is he who will bear full responsibility.” An adviser to Iran’s president, Hassan Rouhani, in a series of messages on Twitter, posted a link to Mr. Trump’s properties and said: “Our sole problem is Trump. In the event of war, it is he who will bear full responsibility.”
The public should be prepared for worse, Mr. Krebs said in an interview. Iran has the ability to not just access private-sector and government computers in the United States but to “burn down the system,” he said. The public should be prepared for worse, Mr. Krebs said in an interview. Iran has the ability to not only access private-sector and government computers in the United States, but to “burn down the system,” he said.
“This is a capable actor that has demonstrated prior capability in the region,” Mr. Krebs said. “They’re known to be pretty aggressive.”“This is a capable actor that has demonstrated prior capability in the region,” Mr. Krebs said. “They’re known to be pretty aggressive.”
While most of the activity so far has been limited to anti-Trump threats on social media and government websites, cybersecurity experts said true retaliatory attacks could still be coming. A member of a chat group supportive of Iran’s Islamic Revolutionary Guard Corps told members to “await a final decision” from Iran’s leadership before launching attacks. The hackers of the federal library site included a message with their defacement that warned it was “only a small part of Iran’s cyberability.” While most of the activity so far has been limited to anti-Trump threats on social media and government websites, cybersecurity experts have said that true retaliatory attacks could still be coming. A member of a chat group supportive of Iran’s Islamic Revolutionary Guards Corps told members to “await a final decision” from Iran’s leadership before launching attacks. The hackers of the federal library site included a message with their defacement that warned it was “only a small part of Iran’s cyberability.”
Former and current government officials predicted that Iran’s first method of retaliation would be a physical attack. On Tuesday, Iran fired more than a dozen missiles at two bases housing American troops in Iraq. Mohammad Javad Zarif, Iran’s foreign minister, said after the attack that Iran “concluded proportionate measures in self-defense.”Former and current government officials predicted that Iran’s first method of retaliation would be a physical attack. On Tuesday, Iran fired more than a dozen missiles at two bases housing American troops in Iraq. Mohammad Javad Zarif, Iran’s foreign minister, said after the attack that Iran “concluded proportionate measures in self-defense.”
President Trump responded on Wednesday by announcing new economic sanctions against Iran. Jamil N. Jaffer, the executive director of the National Security Institute at George Mason University’s law school, said the Iranians will not want their next move to provoke a large-scale retaliation from the United States. It could be more difficult for the United States to point to the culprit of an attack on computer systems. Mr. Trump responded on Wednesday by announcing new economic sanctions against Iran. Jamil N. Jaffer, the executive director of the National Security Institute at George Mason University’s law school, said the Iranians would not want their next move to provoke a large-scale retaliation from the United States. It could be more difficult for the United States to point to the culprit of an attack on computer systems.
“Conducting terrorists attacks and killing people is binary,” said Mr. Jaffer. “On the other hand, cyberattacks can be ratcheted up and down dynamically. As a result cyberattacks give the Iranians more room in the event they want to engage in a further response.” “Conducting terrorists attacks and killing people is binary,” Mr. Jaffer said. “On the other hand, cyberattacks can be ratcheted up and down dynamically. As a result, cyberattacks give the Iranians more room in the event they want to engage in a further response.”
Tehran’s capabilities are much more advanced than they were in 2009, when a classified United States intelligence assessment concluded that Iran had the motivation to inflict harm but lacked the skills and resources to do so. Tehran’s abilities are much more advanced than they were in 2009, when a classified United States intelligence assessment concluded that Iran had the motivation to inflict harm but lacked the skills and resources to do so.
Since then, Iranian hackers used data destroying malware to target 30,000 computers at Saudi Aramco, the world’s largest oil company, destroying Aramco’s data, replacing it with the image of a burning American flag, and upending the market for computer hard drives as a result. Iranian hackers took American banks offline in 2013 by flooding them with traffic in a so-called denial-of-service attack. They also destroyed data on thousands of computers at the casino and resort company, Las Vegas Sands Corp., after its chief executive, Republican megadonor Sheldon G. Adelson, suggested that the United States bomb Iran. Since then, Iranian hackers used data-destroying malware to target 30,000 computers at Saudi Aramco, the world’s largest oil company, destroying Aramco’s data, replacing it with the image of a burning American flag and upending the market for computer hard drives as a result. Iranian hackers took American banks offline in 2013 by flooding them with traffic in a so-called denial-of-service attack.
Mr. Krebs hosted a call last Friday with more than 1,700 members of the private sector and state and local governments, encouraging them to back up their data on storage sites not connected to the internet and alert security personnel to be on the lookout for signs of breaches in their computer systems. While hackers have conducted attacks for ransom, Mr. Krebs warned that future attacks could be to simply cause mayhem. They also destroyed data on thousands of computers at the casino and resort company Las Vegas Sands Corp., after its chief executive, Sheldon G. Adelson, a Republican megadonor, suggested that the United States bomb Iran.
Mr. Krebs’ agency serves mainly to advise private companies and local governments of risks before attacks are launched. While the United States government can assist in the event of a breach, private computer security firms and the companies themselves are expected to be able to handle the initial response and rebuild their networks. Mr. Krebs hosted a call last Friday with more than 1,700 members of the private sector and state and local governments, encouraging them to back up their data on storage sites not connected to the internet and to alert security personnel to be on the lookout for signs of breaches in their computer systems. While hackers have conducted attacks for ransom, Mr. Krebs warned that future attacks could simply be to cause mayhem.
Iranian hackers backed off from such destructive attacks in the lead-up to the signing of the Iran nuclear deal in 2015 and after it. But Iranian hacking units never ceased hacking; they moved to quieter espionage campaigns, with increasing sophistication. Mr. Krebs’s agency serves mainly to advise private companies and local governments of risks before attacks are launched. While the United States government can assist in the event of a breach, private computer security firms and the companies themselves are expected to be able to handle the initial response and rebuild their networks.
After Mr. Trump backed out of the Iran nuclear deal in 2018, private security experts and American officials braced for a renewed campaign of Iranian computer warfare. At the time, Gen. Keith B. Alexander, the former director of the National Security Agency, told The New York Times, “With the nuclear deal ripped up, our nation and our allies should be prepared for what we’ve seen in the past.” Iranian hackers backed off from such destructive attacks in the lead-up to the signing of the Iran nuclear deal in 2015 and afterward. But Iranian hacking units never ceased; they moved to quieter espionage campaigns, with increasing sophistication.
Last year, the Department of Homeland Security was alarmed by Iran’s successful hack of the internet’s underlying computer coding, called the Domain Name System, in which Iranians stole thousands of credentials from telecommunications companies, government agencies and internet infrastructure companies in the United States, Europe and Middle East. The department’s cybersecurity division issued a statement warning that Iran was looking to do more than “just steal money and data.” After Mr. Trump backed out of the Iran nuclear deal in 2018, private security experts and American officials braced for a renewed campaign of Iranian computer warfare. At the time, Gen. Keith B. Alexander, the former director of the National Security Agency, told The Times, “With the nuclear deal ripped up, our nation and our allies should be prepared for what we’ve seen in the past.”
The division released a new advisory Monday night warning that “Iran and its proxies and sympathizers” have the ability to conduct disruptive computer attacks, espionage and drone attacks. Customs and Border Protection, another arm of Homeland Security that employs agents at ports throughout the country, has instructed officers to enhance security. Last year, the Department of Homeland Security grew alarmed by a series of successful hackings on the internet’s underlying computer coding, called the Domain Name System. Private researchers at FireEye and other security firms found a connection between the hackers and Iran.
Over the past year, Iranian hackers have been quietly probing American infrastructure and government networks, according to private researchers and the United States Cyber Command, the Defense Department agency responsible for carrying out attacks on computer systems. Iranian hackers may use their access to destroy databases, or they may choose to try to access the electricity grid that powers Silicon Valley “as a way of saying, ‘You may want to retaliate but there will be consequences,’” said Suzanne Spaulding, former under secretary for cybersecurity and critical infrastructure at the Department of Homeland Security. “‘We’re sitting here with a gun to your head.’” The hackers stole thousands of credentials from telecommunications companies, government agencies and internet infrastructure companies in the United States, Europe and Middle East. Months later, as private researchers noticed an uptick in Iranian hackings, the Department of Homeland Security’s cybersecurity division issued a statement warning that Iran was looking to do more than “just steal money and data.”
In the past, Iran has used Hezbollah and Hamas for cyber actions, said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, which gives Iran a degree of deniability should they retaliate with cyberattacks. The division released a new advisory on Monday night, warning that “Iran and its proxies and sympathizers” have the ability to conduct disruptive computer attacks, espionage and drone attacks. Customs and Border Protection, another arm of the Department of Homeland Security that employs agents at ports throughout the country, has instructed officers to enhance security.
They have also had some misfires. In 2016, the Justice Department indicted several Iranian hackers for penetrating the controls of the Bowman Avenue dam in Westchester County, N.Y. American officials had panicked that the incursion had been at the towering Arthur R. Bowman Dam in the state of Washington, where a breach could have been catastrophic. Instead, Iranian hackers hit a 20-foot-high structure, where a sudden water release could have flooded the ground floors of some houses but not much more. Over the past year, Iranian hackers have been quietly probing American infrastructure and government networks, according to private researchers and the United States Cyber Command, the Defense Department agency responsible for carrying out attacks on computer systems.
Iranian hackers may use their access to destroy databases, or they may choose to try to gain access to the electricity grid that powers Silicon Valley “as a way of saying, ‘You may want to retaliate, but there will be consequences,’” said Suzanne Spaulding, a former under secretary for cybersecurity and critical infrastructure at the Department of Homeland Security. “‘We’re sitting here with a gun to your head.’”
In the past, Iran has used Hezbollah and Hamas for cyberactions, said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, which gives Iran a degree of deniability should it retaliate with cyberattacks.
It has also had some misfires. In 2016, the Justice Department indicted several Iranian hackers for penetrating the controls of the Bowman Avenue dam in Westchester County, N.Y.
American officials had panicked that the incursion had been at the towering Arthur R. Bowman Dam in Oregon, where a breach could have been catastrophic. Instead, Iranian hackers hit a 20-foot-high structure, where a sudden water release could have flooded the ground floors of some houses, but not much more.
“They didn’t have situational awareness to realize they wouldn’t have any impact at all,” Ms. Spaulding said.“They didn’t have situational awareness to realize they wouldn’t have any impact at all,” Ms. Spaulding said.
Zolan Kanno-Youngs reported from Washington, and Nicole Perlroth from San Francisco. David E. Sanger contributed reporting from New York.Zolan Kanno-Youngs reported from Washington, and Nicole Perlroth from San Francisco. David E. Sanger contributed reporting from New York.