Slashdot Mirror

← Back to Stories (view on slashdot.org)

Iranian Hackers Probe US Infrastructure Targets

Posted by timothy on from the casing-the-joint dept.

Taco Cowboy points out reports in The Register and The Jerusalem Post (along with a paywalled article at the WSJ) that say "[Iranian hackers are] responsible for a wave of computer attacks on U.S. corporations, with targets including oil, gas and electricity companies. Unlike the cyber incursions from China, the goal of the Iranian attacks is sabotage rather than espionage. The cyber attacks are seen as attempts to gain control of critical processing systems. The attacks on oil, gas and power firms have so far concentrated on accruing information on how their systems work – a likely first step in a co-ordinated campaign that would eventually result in attacks aimed at disrupting or destroying such infrastructure."

13 of 203 comments (clear)

  1. blowback by Anonymous Coward · · Score: 5, Interesting

    Maybe launching destructive malware at Iranian infrastructure wasn't such a good idea.

    1. Re:blowback by TubeSteak · · Score: 3, Informative

      Google's Cache works 99% of the time:
      http://webcache.googleusercontent.com/search?q=cache:http://online.wsj.com/article/SB10001424127887323336104578501601108021968.html

      Iran Hacks Energy Firms, U.S. Says
      Oil-and-Gas, Power Companies' Control Systems Believed to Be Infiltrated; Fear of Sabotage Potential
      By SIOBHAN GORMAN and DANNY YADRON

      WASHINGTON--Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies, according to current and former U.S. officials.

      In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded "far enough to worry people," one former official said.

      The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage.

      U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by "denial of service" strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said.

      In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation.

      "This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow," a U.S. official said. "What they have done so far has certainly been noticed, and they should be cautious."

      The U.S. has previously launched its own cyberattacks against Iran. The Stuxnet worm, developed and launched by the U.S. and Israel, sabotaged an Iranian nuclear facility.

      The latest campaign, which the U.S. believes has direct backing from the Iranian government, has focused on the control systems that run oil and gas companies and, more recently, power companies, current and former officials said. Control systems run the operations of critical infrastructure, regulating the flow of oil and gas or electricity, turning systems on and off, and controlling key functions.

      In theory, manipulating the software could be used to delete important data or turn off key safety features such as the automatic lubrication of a generator, experts said.

      Current and former U.S. officials wouldn't name the energy companies involved in the attacks. or say how many there were. But among the targets were oil and gas companies along the Canadian border, where many firms have operations, two former officials said.

      The officials also wouldn't detail the precise nature of the evidence of Iranian involvement. But the U.S. has "technical evidence" directly linking the hacking of energy companies to Iran, one former U.S. official said.

      Iranian officials deny any involvement in hacking. "Although Iran has been repeatedly the target of state-sponsored cyberattacks, attempting to target Iran's civilian nuclear facilities, power grids, oil terminals and other industrial sectors, Iran has not ever retaliated against those illegal cyberattacks," said Iran's spokesman at the United Nations, Alireza Miryousefi. "In the lack of international legal instruments to address cyberwarfare, Iran has been at the forefront of calling for creating such instruments. We categorically reject these baseless allegations used only to divert attentions."

      So far, the infiltrations don't appear to have involved theft of data or disruption of operations. But officials worry the reconn

      --
      [Fuck Beta]
      o0t!
  2. Standard disclaimer by Anonymous Coward · · Score: 3, Insightful

    Iranian IPs are responsible for a wave of port scanning on US IP ranges.

  3. So why? by Anonymous Coward · · Score: 5, Insightful

    Why is it okay for the US to sponsor cyber attacks, but not the Iranians? If it is an act of war, then did Congress authorize the US act of war?

    1. Re:So why? by ebno-10db · · Score: 4, Insightful

      Why is it okay for the US to sponsor cyber attacks, but not the Iranians?

      I'm not going to get all philosophical as that's not my shtick. I'm not even going to say it's "okay" for us to do it and not them (did somebody actually say that?). As an American I'd rather the US be successful in its attacks and the "enemy" not. I don't pretend it's anything more than that.

      That doesn't mean I'm a bang the war drum type about Iran. However I'd rather they not get nuclear weapons. I'm not sure how far the US should go to prevent that (I'd certainly be opposed to a full blown war) but Stuxnet was a clever technique that didn't even hurt anyone. My attitude is "well done". I don't want Iran to be successful in a similar attack on the US. So far it seems they're only gathering intel, but the possibility of targeting our infrastructure is frightening. It's also potentially much more damaging than destroying some centrifuges.

  4. I know, I know! by ColdWetDog · · Score: 5, Funny

    Iran is annoyed at Adobe's new subscription pricing model. They're just looking for some valid serial numbers for Photoshop so they can keep expanding their military prowess.

    --
    Faster! Faster! Faster would be better!
  5. Ha! We are ahead of you Iranian hackers. by 140Mandak262Jamuna · · Score: 4, Insightful

    We have stopped maintaining our bridges and roads, and we have reduced infrastructure spending drastically. By the time you Iranians figure out how to destroy American infrastructure, there will be nothing left for you to destroy. Fools on you Iranians.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  6. Re:Airgap? by Antipater · · Score: 4, Insightful

    Because people take network security about as seriously as they take nutrition. Everyone says they want to do the right thing, but then at the first sign of inconvenience they're back to their bad habits.

    --
    Everything is better with chainsaws.
  7. Some questions by Okian+Warrior · · Score: 4, Insightful

    Okay, some questions.

    Firstly, how do they know it was Iranian hackers? The linked article is the NYT reporting US officials as saying that the attacks came from Iran, and that the attacks could not be carried out without the regime's knowledge. Not a direct quote, btw - a paraphrasing of something a government official said, paraphrased by the reporter, and punched up by the editor for more impact.

    Yet the register first line reads: "Iranian hackers are launching state-sanctioned attacks on US energy firms and hope to sabotage critical infrastructure by targeting industrial control systems, according to American officials."

    There's a difference between attacks originating in Iran and attacks sponsored by the regime. Also, it's difficult at best to determine the origin of an attack - are they sure these attacks weren't proxied *through* Iran?

    Secondly, how do they know that the goal is sabotage, when no sabotage has actually occurred? How do they know that this isn't just some bot herders trying to find more spam outlets? Certainly "accruing information on how their systems work" sounds more like a port scan or a vulnerability scan - which would be the first step regardless of the intent.

    This is high-octane scare mongering. Be afraid, everyone! Don't use logic, let your emotions guide your opinions!!!

    1. Re:Some questions by tnk1 · · Score: 4, Insightful

      Iran has some pretty strict Internet rules and monitoring is most certainly employed. While it could be random hackers inside Iran, the chances of them executing a long term project and not being noticed are slim to none. The proxy scenario seems also unlikely as an anonymous proxy service is another thing you don't run in Iran without someone noticing. I think it is entirely safe to say that they were Iranian, and that the government knew about it.

      As for the goal, presumably, the US government knows that the goal is sabotage by the selection of the materials targeted. If someone is downloading, say, information on security protocols and failure scenarios, you can pretty much bet that they aren't just doing that just because they are curious. Yes, perhaps there is room for doubt, but there are some things that some bored hacker isn't going to look for... isn't even going to know what to look for... without having experience. This is also a reason that it is probably Iranian government as well: they likely have experts who tell the hackers what they need to be looking for. Hackers, while smart, are not necessarily knowledgeable about infrastructure. They may know how to get into things, but they probably don't know what they are looking for once they are in.

      I agree that the ultimate outcome is in doubt: learning how to sabotage the US infrastructure is not the same as actually doing it. Just like testing nuclear weapons doesn't actually mean that you intend to use them.

      I also agree that releasing this information has an ulterior motive. It is PR for the agencies involved. In that sense, you have to take it with a grain of salt, but it doesn't mean it is fabricated or a scare tactic to cover an upcoming war. It's basically a department telling taxpayers that they need to continue funding them, or this could happen. A scare tactic, but for money. As much as I don't like that they do this, given how political that the budget process has become, it is probably understandable. It is also important to understand that, if these departments do their job, no one ever hears about them, because they generate no news. Sometimes, you need people to know what they are doing for the money that they pay you. This is likely what that is.

  8. Re:Internet facing? by ShanghaiBill · · Score: 5, Interesting

    The big question is why "critical" infrastructure is tied directly to the internet?

    Why not? "Critical" does not mean "vulnerable". IAAESE*. It is not that hard to create a system that is not "hackable" in a dangerous way. You just need to design in multiple levels of safety:

    1. Top level GUI
    2. Control system running in a separate process, that sanity checks any input from the GUI.
    3. A firmware monitor running on a hardened 8-bit processor (8051, AVR, etc.), that runs a watchdog timer and scans the system to ensure all parameters are within safe limits.
    4. Mechanical interlocks, governors, brakes, fuses, etc.

    I have read plenty of stories about how hackers will drop elevators full of passengers into the basement, and turn traffic lights "all green". But anyone that works on those systems will tell you that it is all baloney. It is physically impossible to do that from software. That kind of sabotage would need at least a crowbar and a soldering iron.

    I think that what is really going on is the industry is promoting these scare stories in the hope of getting government pork dollars to "fix the problem".

    * I Am An Embedded System Engineer.

  9. Re:Internet facing? by ShanghaiBill · · Score: 4, Informative

    The steps you mention are good ones, but an air gap is still a very good step in that defense in depth approach.

    Maybe in some situations. In others it can make the situation worse. If you disconnect everything, and have to send out a truck to make an adjustment at a substation, then you have a problem when there is a big storm and not enough trucks. For most sensibly designed systems, disconnecting from the network will likely cause more problems than it will prevent.

    However, they don't necessarily guard against interruption of service.

    I once worked on a control system for a hydroelectric dam. The software could adjust the gates to control the flow of water to adapt to electrical demand, but only within certain limits, which were set depending on expected demand. To go outside those limits, a worker had to manually extract and reinsert a steel rod. It is also common in coal/gas/nuke plants to require manual intervention to shutdown a generator, or even reduce the power into the "brown-out" zone. Since that is something that will almost never need to happen, requiring manual intervention is reasonable. Designing a system to prevent a denial of service is harder than just preventing catastrophic failure, but it is still possible.

  10. Re:Give it up by Issarlk · · Score: 3, Insightful

    But the USA are the good guys, it's normal they do this!
    The problem is the Iranian don't realise they are the bad guys ; I'm sure they are reasonable and would stop everything if they knew they were in the wrong.