AS NEGOTIATORS from a group of world powers prepare to meet representatives from Iran next week to discuss that country’s nuclear programme, a report published today suggests the Iranians have stepped up their cyber attacks on the US. Norse, a cyber security firm, and the American Enterprise Institute said Iran had greatly increased the frequency and sophistication of its attacks.
Frederick W Kagan, the AEI’s critical threats director, said: “Cyber gives them a usable weapon in ways nuclear technology does not. And it has a degree of plausible deniability that is attractive to many countries.”
He added that if sanctions against Iran were suspended under the proposed nuclear accord, Iran would be able to divert the revenue from improved oil exports to cyber weapons.
The report was released 15 months after a cyber attack on the world’s biggest gambling company, the Las Vegas Sands Corporation, crippled many of its computers and compromised employee data. It was believed to have been in response to a statement from the billionaire chief executive of Sands, Sheldon Adelson, in which he said Iran should be bombed to force it to abandon its nuclear programme.
James R Clapper, the US director of national intelligence, confirmed to Congress in February that Iranian hackers were behind the attack.
Evidence from the Norse report and US intelligence agency analyses suggested that Iran had made much greater use of cyber weapons over the past year, despite international sanctions.
The attacks have mostly appeared speculative, but a few, like the Sands attack, have been for destructive purposes.
Norse said it had traced thousands of attacks against American targets to hackers inside Iran. And it said the hackers were moving from flamboyant, attention-grabbing cyber attacks in which they deface websites or take them offline to far quieter surveillance.
They appeared, in some cases, to be searching for infrastructure systems that could provide the opportunity for more dangerous and destructive attacks.
Norse said it maintained thousands of sensors across the internet to enable it to collect intelligence on attackers’ methods, and it insisted the Iranian hackers had shown no signs of easing off. Between January 2014 and last month it said its sensors picked up a 115 per cent increase in attacks launched from Iranian internet protocol (IP) addresses.
In the first half of March, Norse said its sensors had picked up more than 900 attacks every day.
US intelligence officials said Iran’s top hackers were limited in number, but worked for both the government and for "cover" companies. They were concerned that as destructive raids became more frequent, the temptation would rise to launch attacks on what the government called “critical infrastructure”, like railways, power grids or water supplies.
Researchers had noted that Iranian hackers were using tools to spy on and potentially shut down critical control systems and computer networks in the US, as well as in Canada, Israel, Saudi Arabia, the United Arab Emirates and a handful of other countries.
Their targets had included a network that connected marines and civilians across the US, as well as networks of oil companies, major airlines and airports.
Norse researchers also noted attacks from Iran directed at supervisory control and data acquisition systems like those used by the US and Israel to cyber-attack Iran’s nuclear enrichment centre in Natanz. A recently disclosed memo from National Security Agency (NSA) whistleblower Edward Snowden suggested the attack may have triggered retaliation from Iran.
Norse also found evidence that Iranian hackers probed the network of a company that designs software to allow energy firms and to control their valves and switches from a distance.
Computer systems in the company – Telvent – were breached by Chinese hackers in 2012. Two years later, Norse said, it witnessed 62 attacks over 10 minutes, from an IP address in Iran.
Its researchers wrote: “This activity might be interpreted as an Iranian effort to establish cyber-beachheads in crucial US infrastructure systems – malware that is dormant for now but would allow Iran to damage and destroy those systems if it chose to do so later.”
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions about the future of our country.
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversations, register under fake names, and post vile abuse.
So that’s why we’ve decided to make the ability to comment only available to our paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them. Let’s get that debate started!
Callum Baird, Editor of The National
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here