Archived material Access restricted Article
Rantburg

Today's Front Page   View All of Sat 06/29/2019 View Fri 06/28/2019 View Thu 06/27/2019 View Wed 06/26/2019 View Tue 06/25/2019 View Mon 06/24/2019 View Sun 06/23/2019
1
2019-06-29 Syria-Lebanon-Iran
US cyber attack on Iran exploited flaw in heavily-guarded network, experts say
Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.
Posted by trailing wife 2019-06-29 00:50|| || Front Page|| [1 views ]  Top
 File under: Govt of Iran 

#1 Most of Iran's cyber security is designed piecemeal and haphazard by their independent contractors who also run their cyber offensive proxy programs. The IRGC has relied on semi-professional hackers and moderately trained personnel for both security and mundane administrative networks since 2012, when they began absorbing the hackers into service as consultants, directors and trainers. These are not soldiers trained as cyber specialists but nerds and delinquents with a relgio-patriotic streak.
Posted by Dron66046 2019-06-29 05:50||   2019-06-29 05:50|| Front Page Top

#2 These are not soldiers trained as cyber specialists but nerds and delinquents with a relgio-patriotic streak.

So possibly our attack took only a few days instead of months or years, Dron66046?
Posted by trailing wife 2019-06-29 07:54||   2019-06-29 07:54|| Front Page Top

#3 Tied into S-300 and S-400 deployment, but....sshhhhh. Don't tell anybody. It's a secret
Posted by Frank G 2019-06-29 08:08||   2019-06-29 08:08|| Front Page Top

#4 TW I don't know what Dron's sources are. But I do remember when Iran was using pirated Windows OS systems that could not install updated security patches. Thus compromised digital certificates belonging to Realtek Semiconductor, Siemens component monitors and JMicron Technology.

That included open firewall holes. Not something that your run-of-the-mill hacker can pull off. The Iran's Bushehr reactor, a possible end target, but there could easily be other facilities such as refineries, chemical plants or factories were wide open exploited.

Example: Stuxnet finally identifies its target, it makes changes to a piece of Siemens code called Organizational Block 35. This Siemens component monitors critical factory operations, things that need a response within 100 milliseconds. By messing with Operational Block 35.

So as far as Dron's aforementioned nerds and delinquents, I don't know where that came from. The layer depths are not what an amature relgio-patriotic squad would have coded out.

PC World had an interesting piece including Ralph Langner's take on the hacks.
Posted by Woodrow 2019-06-29 08:37||   2019-06-29 08:37|| Front Page Top

#5 Payback's a bitch, Dudes.
Pull the ADMIN access from any H1b.
Posted by Skidmark 2019-06-29 09:00||   2019-06-29 09:00|| Front Page Top

#6 TW, it's more likely that the CIA and friendlies have actively followed the progression of the Iranian cyber-security apparatus and has been branching and dynamically adjusting their own research to their evolution of threats and counterbalances. And coupled with field assist from friendlies, they could compromise existing systems when presented with a chance. In hacking, I believe knowing what the target is using and possessing the code for certain platforms is the key. But then, I'm a dunce.


What I do know :

Iran’s cyber activities are overseen by the IRGC. In 2012, they were composed of a handful of independent contractors who handled everything from interior security work, criminal fraud, some research and software development. They contracted hackers from overseas for offensive capabilities and for training their own IRGC personnel. By 2016, some of the contractors had diversified into their own criminal enterprises. Some of the individuals herein were also part of the APT39 group. Though some defense 'specialists' speculate that Iran's cyber offense capabilities may be superior because of support from Russian or Korean help, so far the sophistication seen has been of an amateur level. One IRGC affiliated group labeled 'Rocket Kitten' called Iran’s premiere threat, then faded into quiescence, eclipsed by the player 'Oilrig' compromised IT personnel had enabled the destruction of data on computers maintained by Saudi Aramco. Defacement of Voice of America’s websites by the Iranian Cyber Army, one of the first disruptive attacks by Iran against the United States, was accomplished again through compromised networks. Operation Ababil was one of the largest DDoS attacks back in 2012. Perpetrated by a few young Iranian nerds, breaching thousands of websites that were running vulnerable software, to pool enough bandwidth to overwhelm the infrastructure of banks. From 2012 onward the IRGC's reliance on semi-professional independent hacking groups within Iran's 'patriotic hacker-space' led to many compromises in their own cyber shield, and many unreported or suppressed incidents with their own sponsored cyber criminals attacking their own systems.

Post stuxnet they have even tried to switch to some Debian-based Linux platform for their Transport and Energy sectors, but the transition hasn't happened because of contractual disagreements. Malware agents known as Wiper and Flame, successors to Stuxnet, had been discovered when Iran’s Ministry of Petroleum and the National Iranian Oil Company computers were disabled, their hard drives overwritten in a unilateral operation reportedly conducted by Israel in 2012.

The transition of amateur hackers into contractors for state security agencies was actively monitored by certain mid-east agencies since then. In fact the individuals are known to some degree by these agencies. The suppression of internal rebellion like the Green Movement was also their brief. The tactics, tools, and threat actors that arose during this domestic challenge shaped the cyber defense of Iran. A recurrent theme since the outset of Iran’s cyber operations is that Iranian campaigns do not maintain clear boundaries between operations directed against its internal opposition and those directed against foreign adversaries. The same infrastructure and tools used by Iranian threat actors for campaigns against the American defense industry are also used to target Persian-language women’s development programs; the same malware used in destructive attacks against Saudi government institutions had been previously used for surveillance against members of the Green Movement opposition. The same contractors that enabled The Iranian Cyber Army to attack corporations and governments the world over, oversee and administer their 'sustainable cyber defense' initiative. Their present security apparatus has grown rather organically, piecemeal. Iran has often emphasized its defensive capabilities, announcing in 2015 that its Cyber Attacks Emergency Center had successfully managed to thwart U.S. cyber attacks against the country’s industrial infrastructure. Iranian military touts its domestic contractors as the best in the business, their products unassailable, like the antivirus Padvish. While technical sophistication does not impede Iranians from conducting successful cyber operations, those actions reflect a disorganization and lack of professionalism that runs contrary to what would be expected of a state actor and limits their capabilities. Add to that the sanctions that impede them from acquiring updated tech and support.

The preparation for Operation Olympic Games was substantial. US and Israeli intelligence obtained confidential information about the specific configuration of the centrifuge controllers in Natanz, built a test environment based on comparable hardware seized from Libya, and then deployed the malware agent through human assets inside Iran to reach computers disconnected from the internet. These operations were sustained over years. Later versions of Stuxnet exploited several previously unknown vulnerabilities and sought to strategically infect other computers in Iran in the event that they were connected to the Natanz systems. The agencies never stopped playing. They shall continue to evolve threats and groom on-site agents traitors.
Posted by Dron66046 2019-06-29 11:11||   2019-06-29 11:11|| Front Page Top

23:58 Texhooey
23:21 james
23:09 james
23:05 james
23:03 Sgt.D.T.
22:32 SteveS
22:04 Don Vito Snairt5217
22:03 rjschwarz
22:03 746
22:01 746
21:49 Creling Pelosi3622
21:33 Creling Pelosi3622
21:18 Procopius2k
19:47 AlanC
19:23 SteveS
19:16 Bman
19:10 Zhang Fei
18:30 AlanC
18:20 Snavimble Bucket1794
17:58 Deacon Blues
17:23 Besoeker
17:07 Silentbrick
17:04 magpie
17:00 Silentbrick









Paypal:
Google
Search WWW Search rantburg.com