Comments

You have commented 339 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

Syria-Lebanon-Iran

US cyber attack on Iran exploited flaw in heavily-guarded network, experts say

2019-06-29

*Snicker*

[IsraelTimes] Assault that crippled Revolutionary Guard missile system result of massive investment in cyber warfare by American military, likely took months or years of preparation.

A cyber attack on Iranian missile systems, claimed by the US last week, would have had to exploit a flaw in the heavily-guarded network, experts said.

Citing US official sources, American media last week reported that the Army Cyber Command had crippled the Iranian Revolutionary Guard’s air defense units that shot down a sophisticated drone on June 20.

Military computing security is usually "hardened" to defend against attack but highly-skilled computer scientists in cyber units of modern armies are always working to find a way in.

"The simplest way would be for a special forces member to plug in a USB (carrying a virus) to the right place," Loic Guezo of the French Information Security Club told AFP.

This is almost certainly how the well-known US-Israeli Stuxnet virus was introduced in 2010, into the computers of Iran’s nuclear complex, according to experts.

Iran
Iran

...a theocratic Shiite state divided among the Medes, the Persians, and the (Arab) Elamites. Formerly a fairly civilized nation ruled by a Shah, it became a victim of Islamic revolution in 1979. The nation is today noted for spontaneously taking over other countries' embassies, maintaining whorehouses run by clergymen, involvement in international drug trafficking, and financing sock puppet militias to extend the regime's influence. The word Iran is a cognate form of Aryan, the abbreviation IRGC is a cognate form of Stürmabteilung (or SA), the term Supreme Guide is a cognate form of either Shah or Führer or maybe both, and they hate ~~Jews~~ ~~Zionists~~ Jews. Their economy is based on the production of oil and vitriol...
at the time accused the US and Israel of using the virus to target its centrifuges used for uranium enrichment.

The Revolutionary Guards are believed to have since bolstered precautionary measures in a bid to isolate their military computer networks from the internet.

However,
some men learn by reading. A few learn by observation. The rest have to pee on the electric fence for themselves...
according to a military expert who requested anonymity, an "anti-aircraft defense system requires radars, control and command centers and ground-to-air missile sites to be inter-connected."

Those components are connected by intranet networks that "at one time or another" must be connected to the internet.

"In the past, there was no way to connect to a weapon system," said Guezo.

Today, however, he said most computer operating systems are commercial and vulnerable to attacks even if "everything is done to make them impenetrable."

"Nothing is impenetrable," said Guezo.

Modern cyber crime units, especially American and Israeli, have massive resources at their disposal and recruit high-level experts.

The Cyber Command became a fully-fledged combat unit within the US army in May with a budget running into billions of dollars.

In Israel, its renowned 8200 electronic warfare unit attracts the country’s best talent.

When cyber attackers "have identified an entry point," they "intrude the network with messages carrying hyper-aggressive malware which will at least partially cripple the air defense network," said an anonymous military specialist.

In March 2017, researcher Remy Hemez of the French Institute for International Relations (IFRI) told of how the Israeli army had used a program called SUTER in 2007 to temporarily blind Syrian air defense radars.

Operation Orchard, according to Hemez, showed how cyber weapons can successfully be used in battle.

Israeli fighter jets had penetrated deep into Syrian air space to destroy a suspected nuclear facility after having disabled Syrian air defenses.

Last week’s US claim of an attack on Iranian missile launching systems would have required months or even years of preparation, said Guezo.

"You have to study the architecture of the equipment and then create attack plans," Guezo said.

Posted by:trailing wife

#6 TW, it's more likely that the CIA and friendlies have actively followed the progression of the Iranian cyber-security apparatus and has been branching and dynamically adjusting their own research to their evolution of threats and counterbalances. And coupled with field assist from friendlies, they could compromise existing systems when presented with a chance. In hacking, I believe knowing what the target is using and possessing the code for certain platforms is the key. But then, I'm a dunce.

What I do know :

Iran’s cyber activities are overseen by the IRGC. In 2012, they were composed of a handful of independent contractors who handled everything from interior security work, criminal fraud, some research and software development. They contracted hackers from overseas for offensive capabilities and for training their own IRGC personnel. By 2016, some of the contractors had diversified into their own criminal enterprises. Some of the individuals herein were also part of the APT39 group. Though some defense 'specialists' speculate that Iran's cyber offense capabilities may be superior because of support from Russian or Korean help, so far the sophistication seen has been of an amateur level. One IRGC affiliated group labeled 'Rocket Kitten' called Iran’s premiere threat, then faded into quiescence, eclipsed by the player 'Oilrig' compromised IT personnel had enabled the destruction of data on computers maintained by Saudi Aramco. Defacement of Voice of America’s websites by the Iranian Cyber Army, one of the first disruptive attacks by Iran against the United States, was accomplished again through compromised networks. Operation Ababil was one of the largest DDoS attacks back in 2012. Perpetrated by a few young Iranian nerds, breaching thousands of websites that were running vulnerable software, to pool enough bandwidth to overwhelm the infrastructure of banks. From 2012 onward the IRGC's reliance on semi-professional independent hacking groups within Iran's 'patriotic hacker-space' led to many compromises in their own cyber shield, and many unreported or suppressed incidents with their own sponsored cyber criminals attacking their own systems.

Post stuxnet they have even tried to switch to some Debian-based Linux platform for their Transport and Energy sectors, but the transition hasn't happened because of contractual disagreements. Malware agents known as Wiper and Flame, successors to Stuxnet, had been discovered when Iran’s Ministry of Petroleum and the National Iranian Oil Company computers were disabled, their hard drives overwritten in a unilateral operation reportedly conducted by Israel in 2012.

The transition of amateur hackers into contractors for state security agencies was actively monitored by certain mid-east agencies since then. In fact the individuals are known to some degree by these agencies. The suppression of internal rebellion like the Green Movement was also their brief. The tactics, tools, and threat actors that arose during this domestic challenge shaped the cyber defense of Iran. A recurrent theme since the outset of Iran’s cyber operations is that Iranian campaigns do not maintain clear boundaries between operations directed against its internal opposition and those directed against foreign adversaries. The same infrastructure and tools used by Iranian threat actors for campaigns against the American defense industry are also used to target Persian-language women’s development programs; the same malware used in destructive attacks against Saudi government institutions had been previously used for surveillance against members of the Green Movement opposition. The same contractors that enabled The Iranian Cyber Army to attack corporations and governments the world over, oversee and administer their 'sustainable cyber defense' initiative. Their present security apparatus has grown rather organically, piecemeal. Iran has often emphasized its defensive capabilities, announcing in 2015 that its Cyber Attacks Emergency Center had successfully managed to thwart U.S. cyber attacks against the country’s industrial infrastructure. Iranian military touts its domestic contractors as the best in the business, their products unassailable, like the antivirus Padvish. While technical sophistication does not impede Iranians from conducting successful cyber operations, those actions reflect a disorganization and lack of professionalism that runs contrary to what would be expected of a state actor and limits their capabilities. Add to that the sanctions that impede them from acquiring updated tech and support.

The preparation for Operation Olympic Games was substantial. US and Israeli intelligence obtained confidential information about the specific configuration of the centrifuge controllers in Natanz, built a test environment based on comparable hardware seized from Libya, and then deployed the malware agent through human assets inside Iran to reach computers disconnected from the internet. These operations were sustained over years. Later versions of Stuxnet exploited several previously unknown vulnerabilities and sought to strategically infect other computers in Iran in the event that they were connected to the Natanz systems. The agencies never stopped playing. They shall continue to evolve threats and groom on-site ~~agents~~ traitors.

Posted by: Dron66046 2019-06-29 11:11

#5 Payback's a bitch, Dudes.
Pull the ADMIN access from any H1b.

Posted by: Skidmark 2019-06-29 09:00

#4 TW I don't know what Dron's sources are. But I do remember when Iran was using pirated Windows OS systems that could not install updated security patches. Thus compromised digital certificates belonging to Realtek Semiconductor, Siemens component monitors and JMicron Technology.

That included open firewall holes. Not something that your run-of-the-mill hacker can pull off. The Iran's Bushehr reactor, a possible end target, but there could easily be other facilities such as refineries, chemical plants or factories were wide open exploited.

Example: Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35.

So as far as Dron's aforementioned nerds and delinquents, I don't know where that came from. The layer depths are not what an amature relgio-patriotic squad would have coded out.

PC World had an interesting piece including Ralph Langner's take on the hacks.

Posted by: Woodrow 2019-06-29 08:37

#3 Tied into S-300 and S-400 deployment, but....sshhhhh. Don't tell anybody. It's a secret

Posted by: Frank G 2019-06-29 08:08

#2 These are not soldiers trained as cyber specialists but nerds and delinquents with a relgio-patriotic streak.

So possibly our attack took only a few days instead of months or years, Dron66046?

Posted by: trailing wife 2019-06-29 07:54

#1 Most of Iran's cyber security is designed piecemeal and haphazard by their independent contractors who also run their cyber offensive proxy programs. The IRGC has relied on semi-professional hackers and moderately trained personnel for both security and mundane administrative networks since 2012, when they began absorbing the hackers into service as consultants, directors and trainers. These are not soldiers trained as cyber specialists but nerds and delinquents with a relgio-patriotic streak.

Posted by: Dron66046 2019-06-29 05:50

00:00