back to article Iran is doing to our networks what it did to our spy drone, claims Uncle Sam: Now they're bombing our hard drives

Hackers operating on behalf of the Iranian government have turned destructive, the US Department of Homeland Security has claimed. A statement issued over the weekend by Cybersecurity and Infrastructure Security Agency (CISA) director Christopher Krebs describes how Tehran-backed miscreants have gone from simply attempting to …

Page:

  1. Will Godfrey Silver badge
    WTF?

    That's Rich!

    what about Stuxnet then?

    1. mics39
      Flame

      Re: That's Rich!

      Didn’t someone some time ago say reap what you sow? If I were Iranian I’d be contributing.

    2. big_D Silver badge
      Holmes

      Re: That's Rich!

      Or the attacks on Iranian infrastructure last week...

      You reap what you sow.

      1. Archtech Silver badge

        Re: That's Rich!

        Except that, over Iran, the Reapers are promptly shot down. (And then carefully reverse engineered and copied - no doubt with improvements).

        1. big_D Silver badge

          Re: That's Rich!

          I thought Huawei was Chinese, or was he been confused again?

        2. Jellied Eel Silver badge

          Re: That's Rich!

          Except that, over Iran, the Reapers are promptly shot down. (And then carefully reverse engineered and copied - no doubt with improvements).

          That's been a tradition in Iran. So pre-79 revolution, Iran was supplied with a lot of US kit. Then during the Iran-Iraq war in the '80s, got more US kit via (of all places) Israel. See the Iran-Contra affair for more details.

          So ironically, the latest & greatest US drone was probably shot down by a Sayyad-2 missile that started life as a US SM-1, then modernised and updated with a pinch of Russian & Chinese technology to produce a political statement. And an expensive pile of scrap. But that's sanctions for you. Cut off international supply, and it creates a strong incentive to build up your own domestic industry, with help from nations who ignore the current sanctions.

    3. Tom Paine Silver badge

      Re: That's Rich!

      Yeah that alreayd happened, years ago: the response to Stuxnet was called Shamoon.

      1. Andytug
        Joke

        Re: That's Rich!

        Also known as the "Michael Jackson" virus......

  2. Blockchain commentard Silver badge
    Black Helicopters

    But as the tin foil hat brigade know, it's actually the US TLA agencies taking down their own networks and blaming it on the enemy.

  3. Any other name

    What goes round, comes around

    Unfortunately for all of us, this sort of attacks against both military and civilian infrastructure has been effectively legitimized a while ago. If it is (il)legitimate [1] for the US to hit Iran's centrifuges or air-defence network with a destructive virus, it is equally (il)legitimate[1] for Iran to hit defence and government installations in the US. If it is (il)legimate [1] for the US to booby-trap Russian civilian energy infrastructure, it is equally (il)legitimate [1] for Russia to do the same to the US. And on and on it goes.

    Unlike the convenventional warfare, it is the more technologically advanced opponent, which presents a bigger target, who ends up at a greater risk and a greater disadvantage. It is inconceivable to me that this point escapes american military and civilian leaders - and yet it is the US which continues to enthusiastically push "cyber warfare". I'd really love to understand what logic and what compulsion drive them.

    [1] Feel free to choose the word according to taste.

    1. BebopWeBop Silver badge

      Re: What goes round, comes around

      Selectively delete?

    2. Magani
      Unhappy

      Re: What goes round, comes around

      It is inconceivable to me that this point escapes american military and civilian leaders...

      Regrettably it would seem that them's wots in power live in their own bubble that has its own reality. It's been going on forever. General Curtis LeMay wanted Kennedy to start WWIII over the Cuban missile crisis. Let's hope cooler heads prevail.

    3. Jellied Eel Silver badge

      Re: What goes round, comes around

      Foreign policy by other means. In this case, violation of data sovereignty. Not sure if this counts as a causus belli or use of a weapon of mass deletion. But could be a handy way to clean data that's.. incovenient wrt Trump/Clinton investigations.

      Bolton's been trying for decades to get someone else to die so he can clobber Iran on behalf of MEK. Never trust a man with an ego larger than his mustache, and an IQ smaller than his penis* The future's not looking too bright either, ie Joe Biden.. But hey, Iran has oil, so his son Hunter will do just fine..

      *Measured in good fearing Imperial inches, of course.

      1. Archtech Silver badge

        Re: What goes round, comes around

        "...an IQ smaller than his penis".

        That small? I assume you are working in Angstroms?

        1. Fatman Silver badge
          Joke

          Re: What goes round, comes around

          Perhaps nano meters.

    4. Blazde

      Re: What goes round, comes around

      "I'd really love to understand what logic and what compulsion drive them."

      What choice do they have? Standing up in the UN and asking everyone just to be nice to each other (please)? They're playing a game that's been plainly inevitable for 30 plus years now. It didn't need any legitimising. It's the nature of cyber that direct risk for the aggressor is low, attribution is difficult, attacks can be relatively cheap, and impact relatively high. Therefore small and less technologically reliant states were always going to use it to go after more technologically states, even large ones, with impunity.

      Surely the only response to this as a vulnerable state is to get your own capability, try to toughen up as much as possible, expose attacks against you, and reveal your own attacks as a deterrent. ie. If it seems like the US is most responsible for cyberwar right now it's only because it's most in their interest to publicise what's happening.

      The worry should be that other Western states lack capability and so become reliant on the US, or are so asleep they're not even aware when they're under attack.

      1. Any other name

        Re: What goes round, comes around

        What choice do they have? Standing up in the UN and asking everyone just to be nice to each other (please)?

        That would be a good start.

        The next step would be to sit down with everybody else, and to try to really negotiate, at the very least listening to other nations' concerns and ideally doing something constructive to alleviate them. This is difficult, and it takes skill, and patience, and it takes a lot of time, and eventually one might have to concede a bit more than one would have been willing to give up at the beginning to get something one really needs. However, this is exactly how many key international treaties have been negotiated.

        Since we are talking about Iran, the nuclear deal currently coming apart has been negotiated in exactly that way - with all sides very slowly and painfully coming to the point where they are ready to sacrifice something they value very highly to get something they really need.

        1. Blazde

          Re: What goes round, comes around

          Isn't this exactly how China was handled in the pre-Trump era? All kinds of constructive trade deals were reached giving them access to world markets. The Chinese economy benefited (along with the global economy). Dignitaries from liberal nations largely ignored human rights abuses. No official diplomatic relations with Taiwan. Hong Kong returned. No apology for the Opium Wars yet but it's bound to happen eventually.

          They've still hacked the living crap out of America, and why wouldn't they? They've a lot to gain from it and very little to lose.

          Meanwhile the various cyber attacks on Iran's enrichment facilities were part of the backdrop of pressure which brought about the Iran nuclear deal, or at the very last didn't seem to harm it. Indeed without all the various sticks, the sanctions, the assassination of scientists, the possibility of a pre-emptive conventional strike on their facilities, they wouldn't have had any reasons at all to agree to the deal.

          Talking is great, essential even, but it doesn't get you everywhere and it can not possibly disarm anyone's covert cyber capabilities.

          1. Kiwi Silver badge
            Holmes

            Re: What goes round, comes around

            Talking is great, essential even, but it doesn't get you everywhere and it can not possibly disarm anyone's covert cyber capabilities.

            1) Only those with an excessive sense of entitlement would go to 'other means' if they don't get everything they want. A key thing to remember is if you get something from the other side, they haven't had everything they want.

            2) The issue is NOT to get the other side to disarm, the issue is to have them not use their weapons against you.

            Talking works well, especially if you're willing to do a bit of give-and-take to help make every one as happy as possible - obviously some self-entlted types will never be happy even if they get the lions share with the least effort, but if every one else leaves the table smiling then talking has worked well. A lot better than anything involving any form of force.

      2. Stork Bronze badge

        Re: What goes round, comes around

        This is the thing that worries me a bit. If you want to wreck havoc at an adversary, start by taking out electronic payment systems. There is not enough cash in circulation, and most European countries hardly do cheques any more.

        If you then want to increase pressure, move on to telecom, power. Water is probably the most difficult.

        1. Jellied Eel Silver badge

          Re: What goes round, comes around

          If you then want to increase pressure, move on to telecom, power. Water is probably the most difficult.

          Actually, attacks against physical transports are potentially the most damaging. So Stuxnet may have been intended to stop Iranian centrifuges, which are delicate, fast spinning beasts filled with very nasty uranium hexaflouride. Water and oil pipes contain a lot of energy, ie large amounts of water & oil moving fast. So messing with valves & pumps could result in burst pipes & damage that takes time to repair.

    5. Archtech Silver badge

      Re: What goes round, comes around

      Except that the two cases are substantially different.

      Stuxnet was launched against Iran when that nation was at peace with the world.

      If Iran is currently attacking US systems (and it may not be), that is fully justified because the USA has committed overt acts of war against Iran. (Look no further than the sanctions, which kill people just as effectively as bombs - if more deniably).

      1. EveryTime Silver badge

        Re: What goes round, comes around

        > (Look no further than the sanctions, which kill people just as effectively as bombs - if more deniably).

        I completely disagree with that claimed equivalence.

        You are effectively claiming that doing anything to dissuade rogue nations is equivalent to war. Should we just go straight to a shooting war, or should we ignore everything that happens until it's our turn to be invaded?

        Sanctions aren't as quick or effective as dropping bombs, and there certain a valid debate about how effective they are and how they are best implemented, but most people prefer them to a combat-focused conflict.

        1. Benson's Cycle

          Re: What goes round, comes around

          The problem is right there with your "rogue nations".

          You mean "Anybody who doesn't roll over for the US".

          1. Kiwi Silver badge
            Pint

            Re: What goes round, comes around

            The problem is right there with your "rogue nations".

            You mean "Anybody who doesn't roll over for the US".

            Much better put than I would've done!

    6. fajensen Silver badge

      Re: What goes round, comes around

      I'd really love to understand what logic and what compulsion drive them.

      An influential part of US decision makers totally believe that Armageddon is a ritual to summon Jesus with and they will be rewarded by going straight to heaven on beams of light avoiding the Tribulations!

      A significant part of the US electorate believes Armageddon is a Good Thing, It is Gods Will, and only Godless Heathens would stand in The Way of God's Will.

      So great forces are aligned who out of the goodness of their unselfish hearts want to bring it on and Save Us All.

      ??

      1. Kiwi Silver badge
        Angel

        Re: What goes round, comes around

        An influential part of US decision makers totally believe that Armageddon is a ritual to summon Jesus with and they will be rewarded by going straight to heaven on beams of light avoiding the Tribulations!

        What would be really cool would be if they were to check their Bible's so see if they were right.

        At which point, they'd see that only by the most insane twists of anything that could be called 'logic' could their current view even remotely be seen as correct. They might find their current view places them amongst those most deserving of the fictional 'hell'.

  4. FozzyBear Silver badge

    Nuking each others networks and hard drives is better than the alternative

    1. Anonymous Coward
      Anonymous Coward

      Possibly, but...

      Hacking critical infrastructure could lead to multiple loss-of-life events. If they manage to hack the control system for a dam, nuclear plant, chemical plant (etc)...

      1. Archtech Silver badge

        Re: Possibly, but...

        "Hacking critical infrastructure could lead to multiple loss-of-life events".

        Which is why the USA has been doing it for decades. Not to mention other low-key attacks, such as imposing sanctions that - if you remember - were acknowledged to have killed at least 500,000 Iraqi children, and are certainly killing Iranian children as we speak.

        Or carefully bombing hospitals, sewage processing plants, water supplies, the electricity supply system, and other essential social infrastructure - then imposing sanctions to prevent any medical supplies getting in, then sitting back with folded hands to watch thousands die of infectious diseases.

        Very elegant (if you're a CIA or Pentagon psychopath).

      2. Kiwi Silver badge
        Holmes

        Re: Possibly, but...

        Hacking critical infrastructure could lead to multiple loss-of-life events. If they manage to hack the control system for a dam, nuclear plant, chemical plant (etc)...

        The key thing is to keep these controls as isolated as you can, and also have local staff with local abilities to over-ride the remote stuff, and also design safeguards around problems. Take a dam - emergency spillway that means the dam won't breach, a simple physical channel that cannot be opened or closed, it simply is. The tops of your spillway gates also allow water to safely overflow should a slip close the emergency spillway and for some reason you cannot open the normal gates. Turbines that can have the maximum imaginable flow of water directed to them and still be safe, not relying on brakes that may fail to keep things in control.

        So what can I do? If I shut down all systems at the dam so no spillway gates work, all the turbines etc are closed, and I blow up a chunk of hillside blocking the emergency spillway, the damn still survives.

        Also have physical and automatic cutouts on your switch gear. I start trying to pull too much power through them, the contacts get open. That silly Bruce Willis movie where someone remotely sends all the natural gas in a region towards one main hub to blow it up? That should never be able to happen; flow restrictors and cut-offs or vents should be able to make sure the pipes cannot be asked to carry more gas than the weakest link can survive.

        Nuke plants are much the same. Have means to start shutting them down and open up emergency cooling systems in the event of a loss of normal coolant ability. Even extra control rods that can automatically drop into place without electricity if certain parameters are exceeded (assuming I have enough understanding of how nuclear reactions are controlled - there is a very good chance that I may not :) )

        There should be no way to remotely mess with things and cause problems, and very little chance even directly, short of liberal applications of C4...

  5. Kevin McMurtrie Silver badge
    Meh

    Contractor computer security

    Hackers might gain access to your crap systems and abuse them -> Don't care

    Hackers are erasing your crap systems -> Panic!

    1. vaporland

      backups

      have you heard of them?

      1. Nick Kew Silver badge

        Re: backups

        A quaint old 20th-century custom. Ask your grandpa about them.

      2. Anonymous Coward
        Anonymous Coward

        Re: backups

        No, they were contracted out to the lowest bidder some while ago. Since then no one has heard of them.

        1. batfink

          Backups are always fine

          It's always the Restores that are the tricky part

      3. Kiwi Silver badge

        Re: backups

        backups

        have you heard of them?

        Why yes!

        Years back I found a special backup device thanks to a fellow countryman named Simon.

        It holds massive amounts of capacity - I've been backing systems up to it for years and not yet run out of space. And it is extremely fast as well, always has been! As fast as you can throw data at it!

        Yes. If you want a fast way to back up your data, simply point your backups to /dev/null.

        And the biggest benefits - it's free, yet the restores are just as reliable as any of the larger 3rd-party systems where you might pay $hundreds of thousands!

  6. DougS Silver badge

    Silver lining

    The computers that Iran compromises and wipes will be forced to be rebuilt with better security policies and employees having learned the hard way to be more resistant to social engineering. That will better protect them in the future when China, Russia et al try to compromise them.

    Wiping is incredibly disruptive, so it is obvious you've been compromised. If someone silently penetrates your network and steals secrets they might continue doing that for a long time before it becomes known.

    1. BebopWeBop Silver badge

      Re: Silver lining

      Yes, it struck me as well that while they might not like the attention from the Iranians, this is a dry/preparatory run for conflict with far better organised/resourceful adversaries from, say, Russia or China?

    2. Archtech Silver badge

      Re: Silver lining

      "The computers that Iran compromises and wipes will be forced to be rebuilt with better security policies..."

      I see that you are unfamiliar with the ways of government. Try reading Clifford Stoll's classic "The Cuckoo's Egg", for a start.

      It was written about 30 years ago, admittedly. But that's the whole point: nothing important has changed since Stoll found many US Army VAXen with the "System" account password unchanged from "Manager". Not only did no one in charge see what was wrong about that, they didn't know what accounts and passwords were.

      1. DougS Silver badge

        Re: Silver lining

        If all the VAX with SYSTEM/MANAGER were logged into and had all their files deleted, I'll bet when they were rebuilt they'd use a different password.

        Having someone point out "hey, this is a bad idea" is the stuff that gets ignored. Not the stuff that causes major headaches for everyone involved and long hours of overtime for the IT guys. They will take security more seriously in the future, I guarantee it.

      2. Archtech Silver badge

        Re: Silver lining

        In today's news:

        "Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguards"

        https://www.theregister.co.uk/2019/06/26/government_security_failures_report/

    3. Roland6 Silver badge

      Re: Silver lining

      >The computers that Iran compromises and wipes will be forced to be rebuilt with better security policies and employees having learned the hard way to be more resistant to social engineering.

      You're forgetting (as reported by El reg) the US government sends interdepartmental emails over the Internet using SMTP...

      Also, as a number of UK teenagers have demonstrated over the years, old habits die hard, so expect the US government to continue to expose critical systems to the Internet and protect them using variants on System/Manager aka Admin/Admin as their admin credentials...

      Remember the only reason Iran (if the events the US government claim, have really happened) has been able to wreck havoc is because the US government, across ALL branches does not understand basic security.

      1. amanfromMars 1 Silver badge

        Re: Silver lining

        Remember the only reason Iran (if the events the US government claim, have really happened) has been able to wreck havoc is because the US government, across ALL branches does not understand basic security. .... Roland6

        Another greater systemic vulnerability which can always be ruthlessly exploited are defenders of the indefensible, Roland6, for by natural default does it identify that particular and peculiar opposition and/or competition as being intellectually challenged/retarded/corrupted/perverse.

    4. Kiwi Silver badge
      Holmes

      Re: Silver lining

      Wiping is incredibly disruptive, so it is obvious you've been compromised. If someone silently penetrates your network and steals secrets they might continue doing that for a long time before it becomes known.

      This is what causes me to entertain the possibility of a 'false flag' operation. Far more value in sneaking in, planting cameras and microphones, and sneaking out than smashing your way in, tripping every alarm imaginable, and fleeing with only the trinkets they wanted you to see.

  7. alain williams Silver badge

    Oh, I thought it was the NORKs that did that!

    Oh, silly me: the NORKs were the last enemy, the current enemy is Iran: so of course it is the Iranians.

    Quick: where is the nearest Memory Hole into which I can put everything that I (thought that I) remembered about the NORKs.

    1. vtcodger Silver badge

      Re: Oh, I thought it was the NORKs that did that!

      We have always been at war with Eastasia North Korea Iran

    2. Kiwi Silver badge
      Big Brother

      Re: Oh, I thought it was the NORKs that did that!

      Oh, silly me: the NORKs were the last enemy, the current enemy is Iran: so of course it is the Iranians.

      Quick: where is the nearest Memory Hole into which I can put everything that I (thought that I) remembered about the NORKs.

      To carry that on a bit further (scarily, for the easily startled), just consider how uch time and effort Trump put in to showing the world how great he was at negotiating with the NORKs and how the two nations would soon be on very good friendly terms...

  8. Walter Bishop Silver badge

    Statement by Cybersecurity and Infrastructure Security Agency

    I totally believe this statement by the Cybersecurity and Infrastructure Security Agency, a branch of the Department of Homeland Security, that would never lie to us.

    1. Chris G Silver badge

      Re: Statement by Cybersecurity and Infrastructure Security Agency

      You forgot the troll icon, not everyone here recognises sarcasm.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019