Iran’s Escalating Cyber Campaign Edging US Closer to Retaliation

US has "technical evidence" directly linking the hacking of energy companies to Iran

From Siobhan Gorman and Danny Yadron, Wall Street Journal:  Iranian-backed hackers have escalated a campaign of cyberassaults against U.S. corporations by launching infiltration and surveillance missions against the computer networks running energy companies , according to current and former U.S. officials.

In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. They proceeded "far enough to worry people," one former official said.

The developments show that while Chinese hackers pose widespread intellectual-property-theft and espionage concerns, the Iranian assaults have emerged as far more worrisome because of their apparent hostile intent and potential for damage or sabotage.

U.S. officials consider this set of Iranian infiltrations to be more alarming than another continuing campaign, also believed to be backed by Tehran, that disrupts bank websites by "denial of service" strikes. Unlike those, the more recent campaigns actually have broken into computer systems to gain information on the controls running company operations and, through reconnaissance, acquired the means to disrupt or destroy them in the future, the U.S. officials said.

In response, U.S. officials warn that Iran is edging closer to provoking U.S. retaliation.

"This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow," a U.S. official said. "What they have done so far has certainly been noticed, and they should be cautious. . . ."

Current and former U.S. officials wouldn’t name the energy companies involved in the attacks. or say how many there were. But among the targets were oil and gas companies along the Canadian border, where many firms have operations, two former officials said.

The officials also wouldn’t detail the precise nature of the evidence of Iranian involvement. But the U.S. has "technical evidence" directly linking the hacking of energy companies to Iran, one former U.S. official said. . . .

In recent months, however, U.S. officials have grown increasingly alarmed by the growth of what defense officials describe as a continuing series of cyberattacks backed by the Iranian government, including its elite Quds Force. The threat has grown quickly; as recently as 18 months ago, top intelligence officials were largely dismissive of Iranian hacking capabilities.

Underscoring the Obama administration’s growing concern, the White House held a high-level meeting late last month on how to handle the Iranian cybersecurity threat. No decisions were made at that meeting to take action, however, and officials will reconvene in coming weeks to reassess, a U.S. official said. . . .

The Obama administration sees the energy-company infiltrations as a signal that Iran hasn’t responded to deterrence, a former official said.

In October, then-Defense Secretary Leon Panetta issued a veiled threat to Iran, which he did not name in his speech, by warning the Saudi Aramco hack represented a dangerous escalation in cyberwarfare. Since then, the Iranian attacks have only ramped up.

Unlike Chinese hacking, the Iranian infiltrations and cyberattacks appear intended to disrupt and possibly damage computer systems. "The differentiator is the intent. Stealing versus disrupting raises different concerns," the U.S. official said. "That’s why they’re getting a fair amount of attention."   (graphic: thehackernews)

Image: thehackernews%205%2024%2013%20Iran%20Cyber%20Army.jpg