back to article Iran fingered for attacks on US power firms

Iranian hackers are launching state-sanctioned attacks on US energy firms and hope to sabotage critical infrastructure by targeting industrial control systems, according to American officials. The attacks on oil, gas and power firms have so far concentrated on accruing information on how their systems work – a likely first …

COMMENTS

This topic is closed for new posts.
  1. ChrisM

    Shall we just agree...

    That everyone is at it and leave it at that?

  2. jake Silver badge

    What kind of moron ...

    ... puts SCADA related anything on a network available to world+dog?

    Especially anything related to national security? ANY nation, I might add ...

    The fscking nintendo generation currently in control really needs to start paying attention ... if they don't, the iFad/fAndroid generation is going to make bigger mistakes, and probably kill a couple billion or so humans before it all gets straightened out.

    1. BristolBachelor Gold badge

      Re: What kind of moron ...

      Normally, it starts as an isolated internal only control network. Then some bright spark shows how sharing data between one tiny piece of the control system with the accountancy package on the non-control network can increase annual profits by 0.000000001%, and BANG the networks are connected together.

      I am not condoning this, just recounting what I was told at a former place of enslavement. It is slightly possible that the percentage claimed above is not accurate, and that the "bright spark" may have actually been a spotty oik.

    2. John Deeb
      Boffin

      Re: What kind of moron ...

      Jake, as soon as any device moves between networks, some hacker might become interested. Stuxnet was launched using USB-sticks as go-in-between for example. It's quite easy to target networks which have outgoing connections only, like most LAN's but of course excluding the obvious high-secure locations.

      Many businesses would really have a hard time working on a fully partitioned LAN with no internet gateway, disabled USB slots and NO EMAIL. And once you're in, there are many ways to get information out again, just as easy as it is for employees to do that.

      1. jake Silver badge

        That's "jake", Mr. Security Expert. (was: Re: What kind of moron ...)

        Allowing sneaker-net is not exactly what I would call secure in this kind of scenario.

        Your second paragraph is just plain wrong from anything resembling a security standpoint. Manglement with that kind of attitude gives me hives ...

        1. Anonymous Coward
          Anonymous Coward

          Re: That's "jake", Mr. Security Expert. (was: What kind of moron ...)

          Please stop using that "manglement" word all the time, jake. The childish word plays on this site are tiresome.

          1. Matt Bryant Silver badge
            Facepalm

            Re: AC Re: That's "jake", Mr. Security Expert. (was: What kind of moron ...)

            "....The childish word plays on this site are tiresome." Oh, I'm sorry that your undeveloped sense of humour is overburdened by the musings on this site. Personally, I found "manglement" quite fitting. Should I suggest you take an afternoon nap to get over your tetchiness?

          2. Fatman

            Re: Please stop using that "manglement" word ...

            Most commentators will use the term manglement or its cousin damagement in the correct context: ID10Ts at the helm who are completely clueless about the ramifications of their decision making; except that it will increase shareholder value, or contribute to larger year end bonuses for the executives that mismanage a company.

            So, if YOU can't stand the "troops in the field" criticizing their <snark>leaders</snark>, then I suggest some other publications to read, like the Daily M Fail.

        2. Anonymous Coward
          Anonymous Coward

          Re: That's "jake", Mr. Security Expert. (was: What kind of moron ...)

          Getting across the air gap is exactly what Stuxnet was all about.

          Pity somebody didn't do some forward thinking before they released. Probably somebody in my country, but not known for sure.

  3. nuked

    I doubt Iran did this.

    1. Wzrd1 Silver badge

      Why, you're absolutely right! It's really the space aliens who infiltrated Iran's networks and attacked those networks.

      Logs don't lie, but liars blog.

      1. Will Godfrey Silver badge

        "Logs don't lie"

        H, He, Heh.... Brroooowww Hahahaha {wheeze}

    2. Anonymous Coward
      Anonymous Coward

      Re: I doubt they did this.

      why!? It's not like there's any reason for them to refrain from doing it! What are the US going to do to them in response that they're not already doing?

  4. Red Bren
    Mushroom

    It's lucky the US got its retaliation in first.

  5. ACx

    I wonder where Iran got that idea from?

    Let me get this straight:

    Iran, wrong. China, Wrong. Russia, Wrong.

    However.....

    Israel, fine. USA, perfectly OK.

    Now, what I cant get straight is why people from all over the world bang on about American hypocrisy. Why is that? I am confused.

    Oh, I get it, we in the west label the enemy "evil", so what ever they do, even if it is exactly the same as what the west does, is evil. Yes, our society is morally correct, because surprisingly, we say so. And when we judge other societies and cultures as bad, that is FACT. No debate. So, if we define others as bad, we can do what ever we like, but if they dare to act like we do, they are some how wrong and evil.

    Just imagine if any one killed Americans on American soil using drones.

    1. Anonymous Coward
      Anonymous Coward

      "Just imagine if any one killed Americans on American soil using drones."

      That would be an act of terror and the perpetrators would be brought to justice. Obviously...

    2. Wzrd1 Silver badge

      The US and Russia pretty much started off at the same time, largely against one another. Then, the USSR collapsed and left their information warfare folks a bit underfunded.

      Later, Russia rebuilt their information warfare groups and contracted more. The US played catch-up, largely due to a combination of Russian information warfare capacity and the PRC's massive information warfare unit that is currently playing for keeps in commercial IP theft.

      Meanwhile, as usual, each nation calls other nation's activities evil and their own activities good. Life goes on as usual.

      Armed drones are illegal under FAA regulation in American skies. Unarmed drones are heavily controlled as to where they may operate. The civilian government rules, not what the military may wish to do.

      That said, I'd not mind having a traffic camera drone flying about. Then, I'd know far earlier to take an alternate route, BEFORE I hit a traffic jam.

    3. Anonymous Coward
      Flame

      Especially, "our" stone-age muslims can treat their women like shit, but when the others do it, we have to bring war to them. Human rights are for Russia and Syria, don't talk about Saudi-Arabia. The Saudis speak our language, the language of bribery and subordination, namely.

  6. heynownow

    Payback for STUXNET

    The Iranians probably reverse engineered STUXNET to finger Uncle Sam.

    1. Tom 7

      Re: Payback for STUXNET

      shoulda gottem to sign a EULA!

    2. Wzrd1 Silver badge

      Re: Payback for STUXNET

      Bleh, STUXNET infected quite a bit of US government systems as well.

      A pure case of shooting oneself in the foot, then complaining about the resulting limp.

  7. Anonymous Coward 101
    Thumb Down

    Wank

    I read the WSJ report referenced in the article, and it reads like pure nonsense. Lot's of quotes from unnamed 'current and former US officials'. It also contains this alarming section:

    "Underscoring the Obama administration's growing concern, the White House held a high-level meeting late last month on how to handle the Iranian cybersecurity threat. No decisions were made at that meeting to take action, however, and officials will reconvene in coming weeks to reassess, a U.S. official said.

    "It's reached a really critical level," said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, who frequently advises the White House and Capitol Hill. "We don't have much we can do in response, short of kinetic warfare."

    The whole article is propaganda. I'm sure that Iran does have some 'cyberwarfare' capability and has attempted to hack US institutions, but that article is full of exaggeration and unverified statements.

    1. Yet Another Anonymous coward Silver badge

      Re: Wank

      Do you really expect us to believe that politicians would exaggerated the threat from a foreign country for their own political gains and to justify a war?

      Surely we stopped doing that 45mins ago

    2. Wzrd1 Silver badge

      Re: Wank

      Iran started an information warfare unit a handful of years ago. It's quite likely they have built up on their capabilities and are fully operational by now.

      Like many other industrialized nations have already done.

      Well, it's a change of pace. Rather than the PRC this week and RBN last week, we'll have another player to keep us all on our toes.

    3. Anonymous Coward
      Flame

      Re: Wank

      Don't you know ? Israel needs a nuisance taken out and the weapons industry needs a new source of revenue. Only perpetual war means perpetual, proper revenues and profits for the arms industry !

      It will work like it worked with Iraq - emit lots of lies, have them printed in mainstream media, condition the sheeple to want war themselves. Then a UN theatre with a naive guy holding up a USB stick "containing something worse than plutonium" and "mobile cyber-weapons coding labs in very long cars with up to 60 seats, never seen before in America, photographed by our 17 billion dollar spysat from 300km height". Then war and profit !

      $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

  8. Alan Johnson

    Utter nonsense

    We are expected to believe on the basis of unattributted quotes from US officials that Iran has launched a cyber attack on the US.

    The Iranian leadership is not stupid they know they are the focus of constant propoganda and that Israel and the US would love a pretext to attack them so why would they launch what could only be an ineffectual attack of no consequence except to give Israel and the US what they want?

    Iran has shown itself to be remarkably cool headed. They have been the victim of cyber attacks from the US, they have been the subject of attacks by Israeli death squads, they have had a civillian airliner shot down by the US w and they have suffered US sponsored terrorist attacks. Through it all they have been remarkably restrained apart from the Lockerbie bombing for which they managed to get Libya to take the blame.

    The chancethey would do something this stupid is minimal.

    The chancethat the US would lie about it as a pretext is quite high.

    1. Wzrd1 Silver badge

      Re: Utter nonsense

      "Iran has shown itself to be remarkably cool headed."

      As displayed so well by missile boats and patrol boats harassing US Navy vessels traversing the Strait of Hormuz. Or by repeatedly threatening to blow Israel off of the map. Or by denying the Holocaust.

      No, it matches the pattern of behavior for nations. It's called tit for tat. Business as usual.

      BTW, you forgot the US sponsored and lead coup that installed a king, replacing a democratic government. All at the behest of Eisenhower's old war buddies, who were in the oil industry after the war and happened to be from the UK.

      Look up Operation Ajax.

      Just further proof, there ain't no saints in the world, but plenty of sinners.

      1. oolor
        Mushroom

        Re: Utter nonsense

        I definitely get the feeling that this is part of the long ongoing dog-wagging that has been slowly building.

        Calling Iran cool-headed is funny, guess they don't fund Syria and Hezbollah. More than likely, they lack sufficient funds to do anything other than harass the vessels just offshore. However, this 'action' against the 'imperialist pig aggressors' and their Holocaust denial plays well at home for a low price. Or at least it did till recently. President Ahm-not-a-nutjob has fallen out of favour with the Ayatollah and his buddies are not allowed to run in the next election as moderate candidates are sought for - get this - better relations with the western world. Seems the sanctions have slowly worked. Sadly many Iranians are decent people and are caught in this dick-waving.

        < is this past the red line?

      2. Alan Johnson

        Re: Utter nonsense

        'As displayed so well by missile boats and patrol boats harassing US Navy vessels traversing the Strait of Hormuz. Or by repeatedly threatening to blow Israel off of the map. Or by denying the Holocaust'

        But Iran has never theatened to blow Israel of the map or harassed US naval vessels.

        They do sponsor Holocaust denial so that part at least is not propoganda but given the way Israel wields the holocaust as a justification to perform acts of aggression while claiming victimhood it is understandable if reprehensible.

  9. John Smith 19 Gold badge
    Coat

    Dangerous business, fingering Iranians

    You can't be sure what's under the burka.

    Time to be gone, like a worm that has failed to detect an infectable SCADA node.

    1. Wzrd1 Silver badge

      Re: Dangerous business, fingering Iranians

      Erm, Iranian women don't wear a burqa. That's a largely Afghan and Pakistani thing.

      Indeed, one encouraging thing is that Iran has more women in parliament than most other Western nations do.

      All that they need now is to get their pope out of their government, like the West managed to do with some difficulty. ;)

    2. Anonymous Coward
      Flame

      Dear John Sheep

      The Burqa is mainly used by your nice allies of the Kingdom Of Saudi-Arabia to keep their women like slaves. The Saudi version of Islam is much nastier than anything else, including Shiite Islam of Iran. The Saudis blow up American skyscrapers, they fund separatist wars in Yougoslavia and Chechnya, they blow up people with nailbombs in Boston. BUT, they nicely bribe Americans and Israelis to ignore all that and instead contemplate war against the Shiites of Iran. Because the worst enemy of a Wahabist is a Shiite, even before a non-Islamic person. YOU, the sheeple fall for Saudi-Stone-Agistan and Israelistan's propaganda. Here, have a cookie and give them your 18 year-old boy to die at the Shat-el-Arab.

  10. Beachrider

    What is with ALL this fingering...

    I hope that everyone is washing their hands, afterwards...

    1. MrT
      Paris Hilton

      Careful now...

      ...Adria Richards might be nearby...

    2. Wzrd1 Silver badge

      Re: What is with ALL this fingering...

      There's an old saying: "When you point the finger, three fingers point back at you."

  11. Anonymous Coward
    Anonymous Coward

    As my dad said, "paybacks are tough"

    1. Wzrd1 Silver badge

      Since the US hasn't run a centrifuge for nuclear fissionables in a generation or so, I guess Iran will have to drop a few major metropolitan poop plants.

      Though, that would tend to be a bit of an escalation...

  12. JMiles

    Partitioned networks

    I did some time at a bank in Switzerland where there were two separate networks with PCs connected to each. Regular work PCs were connected to the internet and had email, etc. The 'other' network was connected to internal servers (used for banking) and had USB slots physically disconnected - oh and the PCs on that other network required a smart card to login.

    I know this sort of setup is expensive and most businesses won't be able to do it but financial, energy businesses should have the resources to put this in place and they should do it.

  13. Anonymous Coward
    IT Angle

    re: Iran findred for attacks on US power firms

    > Iranian hackers are launching state-sanctioned attacks on US energy firms and hope to sabotage critical infrastructure by targeting industrial control systems, according to American officials.

    Do you have to post this BS in a purported technical mag?

  14. Anonymous Coward
    Anonymous Coward

    What a shocker...

    ...or not. What would you expect from the crack addicts in Iran?

  15. Anonymous Coward
    Anonymous Coward

    NSA

    The NSA's resources in computing are a magnitude of order greater than all of Iran's computing assets put together. You won't find any Cray, IBM Power or SPARC64 supercomputers in Iran - your encrypted traffic, be it Triple DES or AES128 is safe from Iranian mathematical decryption. Iran is not experienced in other forms of attack as much as Russia, China or Israel.

    It'd be great to get facts supported by evidence back into journalism.

    1. jake Silver badge

      @AC23:55 (was: Re: NSA)

      An order of magnitude? Just one? I wouldn't bet the farm on my guess, but it's probably in excess of 6 orders of magnitude over the entire computer power in the entire state of Iran ...

      The NSA measures it's computer power in acres, not flops.

  16. Cthrag Yaska

    Maybe someone should read...

    "Trojan Horse" by Mark Russinovich in which Iranian/Chinese hackers try to infiltrate computers controlling the US power grid.

    Or maybe someone did and forgot it was a novel.

  17. Nameless Faceless Computer User
    FAIL

    Step 1) Remove critical infrastructure industrial control systems from the Internet.

    Step 2) see step 1.

  18. jubtastic1
    Holmes

    I would have assumed

    That they would board up their glass before they started throwing stones.

    But that isn't the case, which implies that either they're complete fools, or It's bait.

This topic is closed for new posts.

Other stories you might like