Modern field guide to security and privacy

Iran improves ability to pull off cyber-attacks on US, report finds

Hacking and cyber-spying on US energy firms over the past year point to Iran's growing capabilities, a cyber-security firm says. China and Russia are more serious threats, but Iran is closing the gap.

Darren Abate/Reuters
NuStar Energy guests tour the newly expanded crude dock at the Port of Corpus Christi, Texas, April 10, 2014. Hacking and cyber-spying on American energy companies and state governments over the past year point to Iran's growing capabilities, a cyber-security firm says.

Hackers in Iran are a rising cyber-threat to the United States, as cyber-espionage attacks directed at American energy companies and state governments over the past year have made clear, a new report finds.

Russia and China remain the most serious nation-state cyber-threats facing the US, but Iran is coming on quickly, says the latest Mandiant M-Trends Threat Report released by parent company FireEye earlier this month.

“Mandiant has investigated multiple incidents of what we suspect is Iran-based network reconnaissance activity,” says the report, released April 10. “The majority of these incidents targeted the energy sector, although we have also seen these threat actors target the networks of several US state government agencies.”

In the case of one state agency, Iranian hackers “maintained local administrative access” and infected about one-quarter of the agency’s computer systems with malware, Mandiant reports. Along the way, hackers stole more than 150 gigabytes of network diagrams, user passwords, and other data.

Overall, the malicious software used in the Iranian cyber-attacks did not show great sophistication, the report said. Unlike Russian and Chinese adversaries, Iranian hackers are mostly using standard tools available on the black market. But that’s almost beside the point, it noted.

“Although we do not believe these suspected Iran-based actors are particularly capable now, nothing stands in the way of them testing and improving their capabilities,” the report said. “The US and other nation-states’ increasingly public discussions of their offensive cyber capabilities might very well encourage other interested actors to develop and test their own skills.”

Iran’s capabilities are believed to be growing rapidly, thanks to ample funding from its government and easy access to Russian, Chinese, and black market cyber-tools and expertise, other cyber experts agree.

“They’ve put in place the structures, strategy – and have acquired software tools from the black market,” James Lewis, a cyber expert with the Center for Strategic and International Studies, concurred in a recent interview. “They have groups whose job it is to hack.”

There’s also the undeniable aggressiveness. Iran is widely credited with carrying out damaging cyber-attacks on oil and gas company computers in Saudi Arabia and Qatar in August 2012. A spate of intense distributed denial of service (DDoS) against US banks began in fall 2012, running for about a year before inexplicably petering out.

The cessation of attacks on US banks might be a shift dictated by Iranian authorities eager to smooth international talks over Iran’s presumed nuclear weapons development program, some experts say. But Iran could become more aggressive if it isn’t happy with the outcome of the talks, they note.

“Although the suspected Iran-based threat actors that Mandiant has observed appear to be less sophisticated than other threat actors, they pose an ever increasing threat due to Iran’s historical hostility towards US business and government interests,” the report said.

“It’s that willingness to display belligerence in the cyber realm that sets Iran apart,” Jen Weedon, a manager in the threat intelligence division at Mandiant, told the Monitor in a March interview.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.