Iran vs. US — From harassment crime to serious threat?
- June 27, 2019
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Cyberattack, Hacking, Industrial Control System Security, Posts with image, Power Grid
You might expect a big wiper attack in the Middle East.
Researchers say Iran has launched these destructive cyber attacks against companies and government agencies in the Middle East in the past, killing off tens of thousands of computers.
But in the U.S.?
Not so much, said the Department of Homeland Security.
That may be changing — and it could affect your water, power and food. Here’s how.
Threats to Critical Infrastructure
Archer News sat down with Bob Kolasky of DHS in San Francisco in March.
He’s the head of the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center for DHS.
We asked him about the critical machines that run your world — like electricity, gas, water, food — in the US.
“What is the biggest threat to critical infrastructure? What do we need to worry about?” we ask.
Nation states, he said.
The big four: Russia, China, North Korea and Iran, each trying to “cyber explore” critical infrastructure in the U.S., looking for ways they can take control of power plants, fuel plants, smart cities and more.
“Each of them has their own geopolitical aims that they’re trying to accomplish. And cybersecurity becomes a way to extend it with what they’re doing geopolitically,” Kolasky said.
What Do They Want?
Russia wants to weaken the U.S. by cyber means, for example attacking elections, he said.
China, using illegal cyber tactics to win the economic battle and undermine the U.S..
What about North Korea and Iran?
“North Korea and Iran,” Kolasky said. “It’s really about harassment crime. Advancing their ability to demonstrate they can do things against us.”
Fast forward to now, and things may have changed.
Recent events include news reports that someone attacked two international oil tankers off the coast of Iran.
(For more details on U.S. – Iran tensions, see US-Iran relations: A brief history by the BBC.)
On June 20, Iran shot down a U.S. surveillance drone flying over the Strait of Hormuz.
Reports said President Trump planned deadly physical strikes against Iran that day, but changed his mind.
DHS put out a warning on June 22, saying Iran is stepping up its cyber attacks.
And it’s not “harassment crime” anymore.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money,” the warning said.
A wiper attack hit Saudi Aramco and other organizations in 2012.
Researchers say Iran used the so-called Shamoon attack to wipe and destroy 30,000 computers in Saudi Arabia.
They say Iran used Shamoon again in 2016 against the General Authority of Civil Aviation in Saudi Arabia and other agencies, again destroying thousands of computers.
But that was the Middle East.
Now DHS says the west is a target.
Security companies like FireEye say they are finding fake emails, supposedly from the White House, but really from Iran-linked groups, trying to get control of U.S. computers.
DHS warns people to watch out for spear phishing and to protect their systems.
“Nation-states are trying to hold our critical infrastructure at risk, but we can take cyber defenses to make sure that doesn’t happen,” Kolasky said.
“If we get into a sort of tit-for-tat, things can happen to the critical infrastructure that will impact the functioning of the infrastructure, which has negative consequences for our society,” he said. “We want to make sure that we never get to that stage.”
Is the U.S. at the tit-for-tat stage with Iran now?
We contacted Kolasky’s office for an answer but did not get one.
This week, the U.S. announced new sanctions and Iran said it was shutting its doors to diplomatic talks.
You can check out DHS’ recommendations to protect yourself, your systems and your organization.
Main image: Ancient ruins of Persepolis in Iran. Image: Ali Soleymani