Pressure won’t work with Iran: Former CIA chief Brennan
Pressure won’t work with Iran: Former CIA chief Brennan
Pressure won’t work with Iran: Former CIA chief Brennan
Former CIA director John Brennan says the US President Donald Trump administration’s policy of pressure against Tehran is a failed policy because there is “a culture of resistance” in Iran.
Tehran: New Sanctions Prove Trump Not Serious About Talks
Tehran: New Sanctions Prove Trump Not Serious About Talks
Tehran: New Sanctions Prove Trump Not Serious About Talks
Iran said Saturday that new US sanctions on its petrochemical industry show that President Donald Trump is not serious about being open to fresh negotiations with Tehran.
Iran introduces 2,000 new morality police units in response to women’s hijab protests
Iran introduces 2,000 new morality police units in response to women’s hijab protests
Iran introduces 2,000 new morality police units in response to women’s hijab protests
Iran has introduced 2,000 new morality police units in reaction to what officials call an “increasing defiance” of the compulsory wearing of hijabs
Iran’s Regime Continues to Execute Prisoners Even in Islamic Holy Month
Iran’s Regime Continues to Execute Prisoners Even in Islamic Holy Month
Iran’s Regime Continues to Execute Prisoners Even in Islamic Holy Month
The Iranian regime continued to hand down and carry out execution sentences during the Islamic holy month of Ramadan, according to the latest monthly human rights report published by Iran Human Rights Monitor on Monday
Cyber Attacks: 50% Of Those Hit Are Hit Monthly, And Iran Hits Hardest Of All
Cyber Attacks: 50% Of Those Hit Are Hit Monthly, And Iran Hits Hardest Of All
A U.K. government report, published on Wednesday, claimed that cyber breaches and attacks dropped last year, due (at least in part) to tougher data regulation including GDPR. Unfortunately, those that are being hit are being hit more often, and so attacks are actually on the increase. The ‘Cyber Security Breaches Survey’ reported that although “32% of businesses identified a cybersecurity attack in the last 12 months,” that was “down from 43% the previous year.” But almost half of those attacked were attacked monthly.
Ironically, the report was released just as the U.K.’s National Cyber Security Centre acknowledged “a cyber incident affecting some U.K. organizations in late 2018.” Sky News reported that “Iran is being blamed for a wave of cyber attacks that targeted key parts of the U.K.’s national infrastructure in a major assault just before Christmas.”
The good, the bad and the scary
Speaking about the cyber survey, Clare Gardiner, Director of Engagement at NCSC, said “we are committed to making the U.K. the safest place to live and do business online and welcome the significant reduction in the number of businesses experiencing cyber breaches… However, the cybersecurity landscape remains complex and continues to evolve, and organizations need to continue to be vigilant.”
It would seem so. The attack by Iran in December is believed to have impacted “private sector companies, including banks,” with the “personal details belonging to thousands of employees stolen, including the email address and mobile phone number of the Post Office chief executive Paula Vennells… The mobile phone numbers of at least 10 peers and MPs were [also] among the compromised data.”
According to Sky News, “analysis by cybersecurity experts in California has concluded that a group connected to the Iranian Revolutionary Guard was responsible for this attack and the attack on the parliamentary network in 2017.”
Is the threat landscape changing?
With headlines including major breaches or hacks for major organizations such as Marriott, Facebook and Toyota, and now with the acknowledgment that even core parts of the government can be hit and hit hard, the cyber report will provide cold comfort. The most common cyber issue remains phishing emails, followed by online impersonation, malware and ransomware.
Data breaches have become a common theme this year, and when allied with the ongoing controversy about user privacy and data portability, as well as fake news and accounts across social media, no business or individual is likely feeling safer online than a year ago. “The threat of cyber attacks remains very real and widespread in the U.K.,” the cyber report said, admitting that although fewer companies are being hit, 48% of those that are hit are seeing attacks or breaches monthly.
Last week, Facebook announced the removal of a significant number of pages, groups and accounts linked to Iran, peddling state-mandated propaganda relating to Syria, Yemen and Palestine. Iran is now behind an increasing number of hacks, breaches and fake social media activity.
China, Russia and now Iran. Serious and organized crime, including AI driven impersonations. The online security maze develops ever more layers, even as people’s understanding of online safety and security seems to be improving.
The U.K.’s Digital Minister Margot James, commenting on the cyber survey rather than the cyber attack, suggested that “we know that tackling cyber threats is not always at the top of business and charities list of things to do, but with the rising costs of attacks, it’s not something organizations can choose to ignore any longer.”
You would think.
Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies
Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies
Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China.
Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes who were not authorized to discuss them publicly.
The attacks, attributed to Iran by analysts at the National Security Agency and the private security firm FireEye, prompted an emergency order by the Department of Homeland Security during the government shutdown last month.
The Iranian attacks coincide with a renewed Chinese offensive geared toward stealing trade and military secrets from American military contractors and technology companies, according to nine intelligence officials, private security researchers and lawyers familiar with the attacks who discussed them on the condition of anonymity because of confidentiality agreements.
A summary of an intelligence briefing read to The New York Times said that Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts. The companies all declined to discuss the threats, and it is not clear if any of the hacks were successful.
Chinese cyberespionage cooled four years ago after President Barack Obama and President Xi Jinping of China reached a landmark deal to stop hacks meant to steal trade secrets.
But the 2015 agreement appears to have been unofficially canceled amid the continuing trade tension between the United States and China, the intelligence officials and private security researchers said. Chinese hacks have returned to earlier levels, although they are now stealthier and more sophisticated.
“Cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war,” said Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence.
Federal agencies and private companies are back to where they were five years ago: battling increasingly sophisticated, government-affiliated hackers from China and Iran — in addition to fighting constant efforts out of Russia — who hope to steal trade and military secrets and sow mayhem. And it appears the hackers substantially improved their skills during the lull.
Russia is still considered America’s foremost hacking adversary. In addition to meddling widely and spreading disinformation during United States elections, Russian hackers are believed to have launched attacks on nuclear plants, the electrical grid and other targets.
Threats from China and Iran never stopped entirely, but Iranian hackers became much less active after the nuclear deal was signed in 2015. And for about 18 months, intelligence officials concluded, Beijing backed off its 10-year online effort to steal trade secrets.
But Chinese hackers have resumed carrying out commercially motivated attacks, security researchers and data-protection lawyers said. A priority for the hackers, researchers said, is supporting Beijing’s five-year economic plan, which is meant to make China a leader in artificial intelligence and other cutting-edge technologies.
“Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies,” said Adam Segal, the director of the cyberspace program at the Council on Foreign Relations. “They always intended on coming back.”
Officials at the Chinese embassy in Washington did not respond to a request for comment.
Mr. Segal and other Chinese security experts said attacks that once would have been conducted by hackers in China’s People’s Liberation Army are now being run by China’s Ministry of State Security.
These hackers are better at covering their tracks. Rather than going at targets directly, they have used a side door of sorts by breaking into the networks of the targets’ suppliers. They have also avoided using malware commonly attributed to China, relying instead on encrypting traffic, erasing server logs and other obfuscation tactics.
“The fingerprint of Chinese operations today is much different,” said Priscilla Moriuchi, who once ran the National Security Agency’s East Asia and Pacific cyber threats division. Her duties there included determining whether Beijing was abiding by the 2015 agreement’s terms. “These groups care about attribution. They don’t want to get caught.”
It is difficult to quantify the number of industrial-espionage attacks, in part because they have been designed mostly to steal strategic trade secrets, not the kind of personal information about customers and employees that companies must disclose. Only Airbus has acknowledged in recent weeks that Chinese hackers had penetrated its databases.
Many of the attacks by the Chinese Ministry of State Security have been against strategic targets like internet service providers with access to hundreds of thousands, if not millions, of corporate and government networks.
Last week, Ms. Moriuchi, who is now a threat director at the cybersecurity firm Recorded Future, released a report on a yearlong, stealth campaign by the ministry to hack internet service providers in Western Europe and the United States and their customers.
The lone hacking target to publicly confront the ministry was Visma, a Norwegian internet service provider with 850,000 customers. The goal of the attack on Visma was to gain broad access to its customers’ intellectual property, strategic plans and emails, including those of an American law firm that handles intellectual property matters for clients in the automotive, biomedical, pharmaceutical and tech sectors, according to Recorded Future.
The Visma attack was harder to trace than earlier incidents, which typically started with so-called spearphishing emails meant to steal personal credentials. This assault began with stolen credentials for a third-party software service, Citrix. And instead of using malware easily traced to China, the attackers used malware available on the so-called Dark Web that could have come from anywhere. They also used the online storage service Dropbox to move stolen emails and files.
Federal agencies are also trying to fend off new Iranian espionage campaigns.
After the Trump administration pulled out of the nuclear deal, Kirstjen Nielsen, the homeland security secretary, testified before Congress that her agency was “anticipating it’s a possibility” that Iran would resort to hacking attacks.
The Iranian attacks, which hit more than a half-dozen federal agencies last month, still caught the department off guard. Security researchers said the hacks, which exploited underlying weaknesses in the internet’s backbone, were continuing and were more damaging and widespread than agency officials had acknowledged.
Iranian hackers began their latest wave of attacks in Persian Gulf states last year. Since then, they have expanded to 80 targets — including internet service providers, telecommunications companies and government agencies — in 12 European countries and the United States, according to researchers at FireEye, which first reported the attacks last month.
The current hacks are harder to catch than previous Iranian attacks. Instead of hitting victims directly, FireEye researchers said, Iranian hackers have been going after the internet’s core routing system, intercepting traffic between so-called domain name registrars. Once they intercepted their target’s customer web traffic, they used stolen login credentials to gain access to their victims’ emails. (Domain name registrars hold the keys to hundreds, perhaps thousands, of companies’ websites.)
“They’re taking whole mailboxes of data,” said Benjamin Read, a senior manager of cyberespionage analysis at FireEye. Mr. Read said Iranian hackers had targeted police forces, intelligence agencies and foreign ministries, indicating a classic, state-backed espionage campaign rather than a criminal, profit-seeking motive.
There is a long history of Iranian attacks against the United States, and episodes from five years back or longer are just now being made public.
On Wednesday, the Justice Department announced an indictment against a former Air Force intelligence specialist, Monica Witt, on charges of helping Iran with an online espionage campaign. Four members of Iran’s Islamic Revolutionary Guard Corps were also charged with “computer intrusions and aggravated identity theft” directed at members of the United States intelligence community.
Also last week, the Treasury said it was putting sanctions on two Iranian companies, New Horizon Organization and Net Peygard Samavat Company, and several people linked to them. Treasury officials said New Horizon set up annual conferences where Iran could recruit and collect intelligence from foreign attendees.
Ms. Witt attended one of the conferences, the indictment says. Net Peygard used information she provided to begin a campaign in 2014 to track the online activities of United States government and military personnel, Treasury officials said.
Representatives for Iran’s Mission to the United Nations did not respond to requests for comment.
The recent Iranian attacks have unnerved American officials. But after issuing the emergency order about the ones last month, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has largely played them down.
An official with the cybersecurity agency said there was a belief that no information had been stolen and that the attacks had not “materially impacted” operations. But Mr. Read of FireEye and others said there had been a noticeable escalation in Iran’s digital espionage.
“If you tell the Iranians you’re going to walk out on the agreement and do everything you can to undermine their government,” said Mr. Brenner, the former counterintelligence official, “you can’t be surprised if they attack our government networks.”
https://www.nytimes.com/2019/02/18/technology/hackers-chinese-iran-usa.html
Are we underestimating Iran’s cyber capabilities?
Are we underestimating Iran’s cyber capabilities?
While Iran is unlikely to match the cyber capabilities of Russia, China, or even North Korea in the short term, this third-tier actor has already racked up some notable wins. Between 2011 and 2013, in some of their first forays into cyberwarfare, Iranian hackers cost U.S. financial institutions tens of millions of dollars and knocked Saudi Aramco’s business operations offline for months. Over the past two years, Iranian hackers hit more than 200 companies around the world, inflicting hundreds of millions dollars’ worth of damage, according to a new Microsoft report. We downplay this evolving menace at our peril.
Too quickly, experts dismiss Iran’s ability to conduct significant operations. After a February breach of the Australian parliament, the Syndey Morning Herald reported that “Australian sources with detailed knowledge of the hack” dismissed a cybersecurity firm’s attribution of the attack to Iranian hackers, claiming that Iran lacks the cyber skills necessary to conduct such a sophisticated operation. While the firm has provided insufficient data to draw definitive conclusions, analysts should not discount Iran out of hand.
After all, Tehran did reportedly conduct a similar operation in 2017 against the British parliament. In that attack, hackers compromised dozens of email accounts belonging to lawmakers by identifying accounts with weak passwords and without two-factor authentication. While Downing Street has not publicly identified the hacker, British news outlets reported that British intelligence has attributed the attack to Iran.
In its annual Worldwide Threat Assessment, the U.S. Intelligence Community concluded that Iranian hackers are only capable of “causing localized, temporary disruptive effects.” Yet, the assessment also cautioned that “Iran uses increasingly sophisticated cyber techniques,” and is attempting to deploy capabilities to attack U.S. and allied critical infrastructure. In fact, as the cybersecurity firm FireEye warned in January, Iranian operations pose a threat to “a wide variety of sectors and individuals on a global scale.” A European Union report released the same month concluded that Iran will likely “intensify state-sponsored cyber threat activities.”
Recent statements from the U.S. and Israeli governments offered further details about the threat. Last month, the Justice Department unsealed an indictment against a U.S. citizen and four Iranian operatives who were targeting U.S. government and intelligence agents. The operatives created fake Facebook profiles to trick victims into accepting friend requests and, in at least one case, adding the fake persona to a private Facebook group “composed primarily of USG Agents.” Although not alleged in the indictment, access to this group likely provided the hackers with additional information and targets to expand their operation.
The indictment indicates, though, that Iran’s use of phishing emails failed to convince the targets to click malicious links and download malware. The emails are poorly written, with grammatical and spelling errors. And yet, the Justice Department noted, had these efforts succeeded or had a victim inadvertently clicked the link, the operation would “have brought serious damage to the United States.”
In fact, a week earlier, DHS had issued an emergency directive to all federal agencies to take steps to protect their infrastructure from an operation posing “significant and imminent risks to agency information and information systems.” While DHS did not attribute the operation to Iran, the emergency directive coincided with the release of a FireEye report on a global campaign targeting the same infrastructure. The company confirmed that its initial research pointed to Iran.
The Israeli military’s outgoing cyber chief, meanwhile, has been raising alarms about Iran’s cyber capabilities. Brigadier-General Noam Sha’ar toldIsrael Hayom that one of his division’s first operational events was the detection and prevention of an attempt to infiltrate Israel’s home front missile alert system. By corrupting the missile warning system, hackers could have activated false alerts. Even worse, when the system detected incoming rockets, hackers could have prevented sirens from activating so that civilians would not know to take cover.
Sha’ar explained that by tracking Iranian cyber groups, Israel detected the presence of hackers in some of its systems. His division excised the attackers, assessed the damage, determined what reconnaissance Iran had conducted, and reinforced network defenses. In a separate interview, Sha’ar warned that Iran’s expanding capabilities are the most worrying trend in cyberspace.
To be sure, analysts should not inflate Iran’s capabilities. Last year, when a sophisticated and lethal piece of malware was discovered at a Saudi petrochemical plant, news reporting began pointing fingers at Iran. The malware, later linked to the Russian government, targeted industrial control systems and manipulated safety systems that could have caused physical explosions. The misattribution artificially raised alarms about Iranian capabilities.
Still, the United States can ill afford to dismiss Tehran’s capabilities as those of a third-tier cyber actor. An accurate assessment of the threat is the first step to defeating, thwarting, and deterring the Islamic Republic’s cyber army.
https://thehill.com/opinion/cybersecurity/433431-are-we-underestimating-irans-cyber-capabilities
Iran rejects French idea of re-opening nuclear talks
Iran rejects French idea of re-opening nuclear talks
Iran rejects French idea of re-opening nuclear talks
Iran on Friday rejected an idea mooted by France of re-opening nuclear talks, warning that seeking to broaden an existing landmark treaty could lead to its collapse.
FireEye uncovers suspicious online activity resembling Iranian influence operations
FireEye uncovers suspicious online activity resembling Iranian influence operations
FireEye uncovers suspicious online activity resembling Iranian influence operations
Social media accounts took on the personas of journalists, activists, Republican lawmakers and ordinary Americans to promote pro-Iranian messages, according to the latest investigative report from FireEye.