From Thom Shanker and David E. Sanger, New York Times: American intelligence officials are increasingly convinced that Iran was the origin of a serious wave of network attacks that crippled computers across the Saudi oil industry and breached financial institutions in the United States , episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a “cyber-Pearl Harbor.”
After Mr. Panetta’s remarks on Thursday night, American officials described an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace.
Among American officials, suspicion has focused on the “cybercorps” that Iran’s military created in 2011 — partly in response to American and Israeli cyberattacks on the Iranian nuclear enrichment plant at Natanz — though there is no hard evidence that the attacks were sanctioned by the Iranian government. . . .
The attack under closest scrutiny hit Saudi Aramco, the world’s largest oil company, in August. . . .
The virus that hit Aramco is called Shamoon and spread through computers linked over a network to erase files on about 30,000 computers by overwriting them. Mr. Panetta, while not directly attributing the strike to Iran in his speech, called it “probably the most destructive attack that the private sector has seen to date.”
Until the attack on Aramco, most of the cybersabotage coming out of Iran appeared to be what the industry calls “denial of service” attacks, relatively crude efforts to send a nearly endless stream of computer-generated requests aimed at overwhelming networks. But as one consultant to the United States government on the attacks put it several days ago: “What the Iranians want to do now is make it clear they can disrupt our economy, just as we are disrupting theirs. And they are quite serious about it.”
From Mike Mount, CNN: [O]ne official said that U.S. intelligence has observed and tracked the attacks coming from Iran. The official would not offer details, but said there is a belief that those involved were surrogates working with the Iranian government.
"We strongly believe there is a relationship between the people typing the code and people running the government," the official said.
The development comes as the United States has become more concerned about Iran and cyber security.
"It certainly is the case that Iran is improving its capabilities in the cyber field. We’re paying attention. We are concerned about their increasing ability to operate in this realm," an intelligence official said.
From the AP: “This one worries me,” said Richard Bejtlich, chief security officer for the Virginia-based cybersecurity firm Mandiant. “I’m not an alarmist, but when I saw that 30,000 computers at Saudi Aramco got just deleted, that was a big deal. You don’t see the Chinese government, you don’t see the Russian government, or even their patriotic hackers go out and delete anything for the most part.”
From the Iranians’ point of view, however, attacks against the U.S. may be justified because American sanctions leveled on the country for refusing to cooperate with international norms on its nuclear program have hit Iran hard. Tehran also believes that the U.S. and Israel were behind the Stuxnet cyberattack that forced the temporary shutdown of thousands of centrifuges at a nuclear facility there in 2010.
As a result, said Bejtlich, Iran already believes it is at war with the U.S.
Frank Cilluffo, , a former special assistant for homeland security to President George W. Bush, said U.S. authorities have suspected Iran of trying to plot cyberattacks against American targets, including nuclear plants. And he said that Iran’s Revolutionary Guard Corps appears to now be trying to bring some of the patriotic hacker groups under its control, so it can draw on their abilities.
“Iran has been doing a lot of cyber saber-rattling,” said Cilluffo, now director of George Washington University’s Homeland Security Policy Institute. “What they lack in capabilities, they more than make up for in intent.” (photo: Business Insider)
Image: business%20insider%2010%2017%2012%20twitter-iranian-cyber-army.jpg