Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iranian Hackers Probe US Infrastructure Targets

Posted by timothy on from the casing-the-joint dept.

Taco Cowboy points out reports in The Register and The Jerusalem Post (along with a paywalled article at the WSJ) that say "[Iranian hackers are] responsible for a wave of computer attacks on U.S. corporations, with targets including oil, gas and electricity companies. Unlike the cyber incursions from China, the goal of the Iranian attacks is sabotage rather than espionage. The cyber attacks are seen as attempts to gain control of critical processing systems. The attacks on oil, gas and power firms have so far concentrated on accruing information on how their systems work – a likely first step in a co-ordinated campaign that would eventually result in attacks aimed at disrupting or destroying such infrastructure."

3 of 203 comments (clear)

  1. Re:blowback by TubeSteak · · Score: 3, Informative

    Google's Cache works 99% of the time:
    http://webcache.googleusercontent.com/search?q=cache:http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html

    Iran Hacks Energy Firms, U.S. Says
    Oil-and-Gas, Power Companies' Control Systems Believed to Be Infiltrated; Fear of Sabotage Potential
    By SIOBHAN GORMAN and DANNY YADRON

    WASHINGTON--Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials.

    In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded "far enough to worry people," one former official said.

    The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage.

    U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by "denial of service" strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said.

    In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation.

    "This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow," a U.S. official said. "What they have done so far has certainly been noticed, and they should be cautious."

    The U.S. has previously launched its own cyberattacks against Iran. The Stuxnet worm, developed and launched by the U.S. and Israel, sabotaged an Iranian nuclear facility.

    The latest campaign, which the U.S. believes has direct backing from the Iranian government, has focused on the control systems that run oil and gas companies and, more recently, power companies, current and former officials said. Control systems run the operations of critical infrastructure, regulating the flow of oil and gas or electricity, turning systems on and off, and controlling key functions.

    In theory, manipulating the software could be used to delete important data or turn off key safety features such as the automatic lubrication of a generator, experts said.

    Current and former U.S. officials wouldn't name the energy companies involved in the attacks. or say how many there were. But among the targets were oil and gas companies along the Canadian border, where many firms have operations, two former officials said.

    The officials also wouldn't detail the precise nature of the evidence of Iranian involvement. But the U.S. has "technical evidence" directly linking the hacking of energy companies to Iran, one former U.S. official said.

    Iranian officials deny any involvement in hacking. "Although Iran has been repeatedly the target of state-sponsored cyberattacks, attempting to target Iran's civilian nuclear facilities, power grids, oil terminals and other industrial sectors, Iran has not ever retaliated against those illegal cyberattacks," said Iran's spokesman at the United Nations, Alireza Miryousefi. "In the lack of international legal instruments to address cyberwarfare, Iran has been at the forefront of calling for creating such instruments. We categorically reject these baseless allegations used only to divert attentions."

    So far, the infiltrations don't appear to have involved theft of data or disruption of operations. But officials worry the reconn

    --
    [Fuck Beta]
    o0t!
  2. Re:Internet facing? by ShanghaiBill · · Score: 4, Informative

    The steps you mention are good ones, but an air gap is still a very good step in that defense in depth approach.

    Maybe in some situations. In others it can make the situation worse. If you disconnect everything, and have to send out a truck to make an adjustment at a substation, then you have a problem when there is a big storm and not enough trucks. For most sensibly designed systems, disconnecting from the network will likely cause more problems than it will prevent.

    However, they don't necessarily guard against interruption of service.

    I once worked on a control system for a hydroelectric dam. The software could adjust the gates to control the flow of water to adapt to electrical demand, but only within certain limits, which were set depending on expected demand. To go outside those limits, a worker had to manually extract and reinsert a steel rod. It is also common in coal/gas/nuke plants to require manual intervention to shutdown a generator, or even reduce the power into the "brown-out" zone. Since that is something that will almost never need to happen, requiring manual intervention is reasonable. Designing a system to prevent a denial of service is harder than just preventing catastrophic failure, but it is still possible.

  3. Re:blowback by cold+fjord · · Score: 2, Informative

    As is common in this matter, you have things badly confused. Israel did nothing to Iran to deserve they way the new Iranian government turned on them. If you think otherwise, please provide a list. One hint to reduce the chances of you going down the wrong path again: the Palestinians are not Iranian, and the Iranians are not Arabs.

    As to "untermenschen," that would be the view of post-revolution Iranian government, and many Arabs living in Palestine.

    Reading Mein Kampf in Tehran

    On Monday, the Iranian Foreign Ministry held an international conference. Nothing unusual in that: Foreign ministries hold conferences, mostly dull ones, all the time. But this one was different. For one, "Review of the Holocaust: Global Vision" dealt with history, not current politics. Instead of the usual suspects — deputy ministers and the like — the invitees seem to have included David Duke, a former Ku Klux Klan leader; Georges Theil, a Frenchman who has called the Holocaust "an enormous lie"; and Fredrick Toeben, a German-born Australian whose specialty is the denial of Nazi gas chambers.

    The guest list was selective: No one with any academic eminence, or indeed any scholarly credentials, was invited. One Palestinian scholar, Khaled Mahameed, was asked to come but then barred because he holds an Israeli passport — and also perhaps because he, unlike other guests, believes that the Holocaust really did happen.

    In response, Europe, America, and Israel expressed official outrage. The German government, to its credit, organized a counter-conference. ...

    Hamas video: Killing Jews is 'worship that draws us close to Allah'
    The Jews Were Brought to Palestine for the Great Massacre

    As to the rest, you should catch up on some reading and get back to me.

    UN agency stops aid imports to Gaza, cites Hamas 'thefts'
    Looters strip Gaza greenhouses
    Gazans seethe over taxes and blackouts
    Sewage flood causes Gaza deaths
    Hamas Bulldozes UN-Designated Historical Site to Make Room for Terrorist Training Camp
    In Gaza, Hamas rule has not turned out as many expected
    Rights watchdog accuses Hamas of torture, abuse of Palestinians
    Hamas accused of routine torture of detainees in Gaza Strip
    Palestinian Authority: Still Stealing "Hundreds of Millions," Hamas Taking Over
    NY Times ignores Gaza's millionaires, hypes poverty, blames Israel (natch)

    According to reports in the Arab press, a thriving smuggling economy in Gaza has produced no fewer than 600 millionaires. Hundreds of tunnels to Egypt have become bustling export and import conduits -- with the ruling Hamas elite siphoning off milli

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell