Posted tagged ‘Cyber attacks’

Obama Admin Did Not Publicly Disclose Iran Cyber-Attack During ‘Side-Deal’ Nuclear Negotiations

June 7, 2017

Obama Admin Did Not Publicly Disclose Iran Cyber-Attack During ‘Side-Deal’ Nuclear Negotiations, Washington Free Beacon, June 7, 2017

US Secretary of State John Kerry meets with Iran’s Foreign Minister Mohammad Javad Zarif on April 22, 2016 in New York. / AFP / Bryan R. Smith (Photo credit should read BRYAN R. SMITH/AFP/Getty Images)

President Trump, during his trip to the Middle East in late May, talked tough against Iran and its illicit ballistic missile program but has so far left the nuclear deal in place. A Trump State Department review of the deal is nearing completion, the Free Beacon recently reported, and some senior Trump administration officials are pushing for the public release of the so-called “secret side deals.”

Infiltrating State Department emails and internal communications about where the United States stood on a number of sensitive issues could have given the Iranians an important negotiating advantage, according to David Albright, a former U.N. weapons inspector and president of the Institute for Science and International Security.

“The [Joint Comprehensive Plan of Action] had a lot of loose language at the time and the question was whether the U.S. was going to accept it,” he told the Free Beacon, referring to the weeks immediately following the Congressional Review Period, which ended Sept. 17, and Iran’s own review process, which ended Oct. 15.

“It would be to Iran’s great benefit to know where the U.S. would be” on a number of these issues dealing with the possible military dimensions of the Iran nuclear program, he said. “If they could tell the U.S. was going to punt, they could jerk around the [International Atomic Energy Agency, or IAEA] a bit.”

“That’s essentially what happened with the IAEA,” he added.

***************************************

State Department officials determined that Iran hacked their emails and social media accounts during a particularly sensitive week for the nuclear deal in the fall of 2015, according to multiple sources familiar with the details of the cyber attack.

The attack took place within days of the deal overcoming opposition in Congress in late September that year. That same week, Iranian officials and negotiators for the United States and other world powers were beginning the process of hashing out a series of agreements allowing Tehran to meet previously determined implementation deadlines.

Critics regard these agreements as “secret side deals” and “loopholes” initially disclosed only to Congress.

Sources familiar with the details of the attack said it sent shockwaves through the State Department and the private-contractor community working on Iran-related issues.

It is unclear whether top officials at the State Department negotiating the Iran deal knew about the hack or if their personal or professional email accounts were compromised. Sources familiar with the attack believed top officials at State were deeply concerned about the hack and that those senior leaders did not have any of their email or social media accounts compromised in this particular incident.

Wendy Sherman, who served as Under Secretary of State for Political Affairs for several years during the Obama administration and was the lead U.S. negotiator of the nuclear deal with Iran, could not be reached for comment.

A spokeswoman for Albright Stonebridge LLC, where Sherman now serves as a senior counselor, said Tuesday that Sherman is “unavailable at this time and cannot be reached for comment.”

Asked about the September 2015 cyber-attack, a State Department spokesman said, “For security reasons we cannot confirm whether any hacking incident took place.”

At least four State Department officials in the Bureau of Near East Affairs and a senior State Department adviser on digital media and cyber-security were involved in trying to contain the hack, according to an email dated September 24, 2015 and multiple interviews with sources familiar with the attack.

The Obama administration kept quiet about the cyber-attack and never publicly acknowledged concerns the attack created at State, related agencies, and within the private contractor community that supports their work.

Critics of the nuclear deal said the Obama administration did not publicly disclose the cyber-attack’s impact out of fear it could undermine support right after the pact had overcome political opposition and cleared a critical Congressional hurdle.

The hacking of email addresses belonging to State Department officials and outside contractors began three days after the congressional review period for the deal ended Sept. 17, according to sources familiar with the details of the attack and the internal State Department email. That same day, Democrats in Congress blocked a GOP-led resolution to disapprove of the nuclear deal, according to sources familiar with the details of the attack and the internal State Department email. The resolution of disapproval needed 60 votes to pass but garnered just 56.

President Trump, during his trip to the Middle East in late May, talked tough against Iran and its illicit ballistic missile program but has so far left the nuclear deal in place. A Trump State Department review of the deal is nearing completion, the Free Beacon recently reported, and some senior Trump administration officials are pushing for the public release of the so-called “secret side deals.”

State Department alerts outside contractors of cyber-attack

State Department officials in the Office of Iranian Affairs on Sept. 24, 2015 sent an email to dozens of outside contractors. The email alerted the contractors that a cyber-attack had occurred and urged them not to open any email from a group of five State Department officials that did not come directly from their official state.gov accounts.

“We have received evidence that social media and email accounts are being compromised or subject to phishing messages,” the email, obtained by the Washington Free Beacon, states. “Please be advised that you should not open any link, download or open an attachment from any e-mail message that uses our names but is not directly from one of our official state.gov accounts.”

“We appreciate learning of any attempts to use our names or affiliations in this way,” stated the email. Shervin Hadjilou, the public diplomacy officer in the Office of Iranian Affairs, sent the email and cc’d four other State Department officials who deal with Iran issues, including one cyber-security expert.

Two sources familiar with the details of the hack said the State Department and outside contractors determined that Iranian officials were the perpetrators. The hack, which began Sept. 21, had compromised at least two State Department officials’ government email accounts before they regained control of them, as well as private email addresses and Facebook and other social media accounts, the source said.

“They had access to everything in those email accounts,” the source said. “Everyone in the [State Department Iranian Affairs] community was very upset—it was a major problem.”

The hack also stood out because cyber-warfare between Iran and the United States, which had been the weapon of choice between the countries for years, had cooled considerably in 2015 during the nuclear negotiations in what cyber-security experts have described as a limited détente.

Since Iran discovered the Stuxnet virus—a cyber-worm the United States and Israel planted to degrade Iran’s nuclear capabilities—in 2011, the countries have been engaged in escalating cyber warfare as Tehran’s cyber capabilities become increasingly sophisticated and destructive.

Since 2011 Iran has attacked U.S. banks and Israel’s electric grid. In 2012, Iranian hackers brought down Saudi-owned oil company Saudi Aramco, erasing information on nearly 30,000 of the company’s work stations and replacing it with a burning American flag.

Cyber-security experts have long believed that Russia helped Iran quickly build up its cyberweaponry in response to Stuxnet. A team of computer-security experts at TrapX, a Silicon Valley security firm that helps protect top military contractors from hackers, said in April they officially confirmed that Iranians were using a cyber “tool set” developed by Russians.

Tom Kellerman, a TrapX investor who also served on a commission advising the Obama administration on cyber-security, said Iranian cyberwarfare has dramatically improved over the last two or three years in large part due to Russian technical assistance.

“Much like you see the alliance between Syria, Iran, and Russia, the alliance doesn’t just relate to the distribution of kinetic weapons,” he said, but extends into cyberwarfare.

Uproar among private contracting community over cyber-attack

In the late September 2015 hack, at least two State Department officials and a handful of outside contractors lost control of access to their email and social media accounts, which were automatically forwarding emails to work and personal contacts. This spread the hack to a wider network of victims.

The private-contracting community involved in State Department Iran programs—approximately 40 private firms, some of which are based in Washington and others located throughout the United States—were outraged by the infiltration.

“They were saying ‘We’re mad—we’re angry,'” the source recalled. “We all got compromised.”

Eric Novotny, who served as a senior adviser for digital media and cyber security at the State Department at the time, was involved in trying to shut down the hack and help affected officials and private contractors regain control of their accounts. Novotny was one of the four government officials copied on Hadjilou’s Sept. 24 email.

Critics: Obama administration’s silence on hacking was needed to secure nuke deal

Critics of the Obama administration’s handling of the Iran nuclear deal argue that the State Department stayed silent about the hack because acknowledging it could have publicly undermined the pact right after it became official.

“Within hours of the Iran deal being greenlighted, Iran was already conducting cyberattacks against the very State Department that ensured passage of the [nuclear deal],” said Michael Pregent, a senior Middle East analyst at the Hudson Institute. “Acknowledging a cyberattack after the [nuclear deal] was greenlighted would be something that would immediately signal that it is a bad deal—that these are nefarious actors.”

Mark Dubowitz, the CEO of the Foundation for Defense of Democracies, said Iran’s hacking of State Department personnel at such a critical period is “just one of many of Iran’s malign activities that continued and the State Department essentially ignored while the Obama administration was working out the fine points of the nuclear deal.”

“The Obama administration didn’t acknowledge it publicly out of fear that public outrage could threaten the nuclear deal,” he said.

In early November 2015, the Wall Street Journal reported that the Iran’s hardline Revolutionary Guard military had hacked email and social-media accounts of Obama administration officials.

Yet that report wrongly tied the beginning of the uptick in Iranian cyberattacks to the arrest October 29, 2015 of Siamak Namazi, a businessman and Iranian-American scholar who has pushed for democratic reforms. Namazi and his elderly father remain imprisoned in Iran and face a 10-year sentence on espionage charges.

The Journal report also did not indicate that the attacks had occurred more than a month earlier, within three days of the end of the congressional review period, nor did it indicate any specific individual targeted nor how officials and contractors reacted to it.

The Sept. 24 email obtained by the Free Beacon shows the Iranian hacking of State Department officials occurred much earlier—the weekend after Republicans in Congress failed to push through a resolution disapproving the Iran nuclear pact, effectively sealing the foreign policy win for Obama.

The late September time period was particularly important for negotiating critical details of the nuclear deal’s implementation, what critics, including CIA Director Mike Pompeo, have labeled “secret side deals” allowing Iran to evade some restrictions in the nuclear agreement in order to meet its deadline for sanctions relief.

Among other non-public details of the pact, the side agreements involved the controversial exchange of American prisoners held in Iran for $1.7 billion in cash payments.

Infiltrating State Department emails and internal communications about where the United States stood on a number of sensitive issues could have given the Iranians an important negotiating advantage, according to David Albright, a former U.N. weapons inspector and president of the Institute for Science and International Security.

“The [Joint Comprehensive Plan of Action] had a lot of loose language at the time and the question was whether the U.S. was going to accept it,” he told the Free Beacon, referring to the weeks immediately following the Congressional Review Period, which ended Sept. 17, and Iran’s own review process, which ended Oct. 15.

“It would be to Iran’s great benefit to know where the U.S. would be” on a number of these issues dealing with the possible military dimensions of the Iran nuclear program, he said. “If they could tell the U.S. was going to punt, they could jerk around the [International Atomic Energy Agency, or IAEA] a bit.”

“That’s essentially what happened with the IAEA,” he added.

The IAEA is charged with verifying and monitoring Iran’s commitments under the nuclear agreement.

According to Albright, the IAEA ultimately accepted far less access to nuclear sites than it originally wanted. The United States and other world powers also accepted other concessions involving “loopholes” allowing Iran to exceed uranium enrichment and heavy water limits for a certain time period in order for Iran to meet implementation deadlines, he said.

“The IAEA didn’t know much at all and had to write a report [in December 2015] that it was content in knowing so little,” he said.

Others who credit Iran’s Islamic Revolutionary Guard with the cyber-attack say it may not have focused entirely on gaining leverage in the negotiations but simply demonstrating a resistance to the deal among hardline factions in the country.

“Iran has two personalities, and I think you were seeing the other personality shine through,” Kellerman said of the hack during a critical phase of the nuclear deal.

Hack used common spear-phishing technique

Sources said the September 2015 hacking incidents compromised email accounts by sending spear-phishing messages, or efforts to gain unauthorized access to confidential data by impersonating close contacts.

The phishing emails targeted both State Department and private contractors’ personal email and social media accounts, including Facebook, shutting down the users’ access and sending out emails to some of the hacked individuals contacts and forwarding other information to unfamiliar emails with Persian-sounding names, two sources told the Free Beacon.

Samuel Bucholtz, co-founder of Casaba, a cyber-security firm that conducts test-hacking for Fortune 500 companies, said the hackers were likely trying to gain access to contacts and emails. The hackers also may have tried to install malware that would provide greater access to information held on computers or the entire computer network of the organizations, he said.

“If it’s a phishing account that installs malware on your machine, then they have access to all the information on your machine,” he said. “Then they start using that foothold to start exploring access throughout the entire organization.”

Iran in Syria: A Gathering Storm?

April 28, 2017

Iran in Syria: A Gathering Storm? Front Page MagazineP. David Hornik, April 28, 2017

A cyber attack on Israel, arms shipments to Hizballah, and provocative moves against the U.S. navy are—among much else—all in a week’s work for Iran. 

Israeli officials are, though, well aware that the current administration has a much more sober view of the problem than the previous one, and more hopeful that, this time around, the forces of civilization will push back against a regime that has been sowing discord and death for almost four decades.

****************************

The Iranian regime, as it has made clear in countless threats, rallies, and missile displays, wants to destroy Israel, the “Little Satan.” 

Given Israel’s military might and, according to foreign reports, nuclear arsenal, Iran’s goal is probably unattainable. But the nearer Iran gets—or perceives itself to get—to that goal, the more warfare and instability is likely to ensue.

At present, thanks to Syria’s collapse into civil war and the Obama administration’s—at best—inept policy there, Iran is within reach of establishing a permanent military presence to Israel’s north—a surefire recipe for ongoing struggle and menace.

Israeli officials, Reuters reports, now estimate that Iran “commands at least 25,000 fighters in Syria, including members of its own Revolutionary Guard, Shi’ite militants from Iraq and recruits from Afghanistan and Pakistan.”

Iran is also reportedly seeking a naval base in Syria, and, if it gains a lasting foothold in Israel’s northern neighbor, will undoubtedly want an airbase there as well.

The Reuters report notes that Israeli intelligence minister Yisrael Katz has been on Capitol Hill urging stepped-up U.S. threats and sanctions on Iran and its Lebanese proxy Hizballah. Israel wants Russia to rein in Iran, too—though whether Russia is willing is still in dispute.

Of particular concern are Iran’s efforts to establish a beachhead for itself and Hizballah on the northern Golan Heights, directly across the border from the Israeli-controlled southern Golan.

Two years ago an Israeli airstrike on the northern Golan killed both Hizballah and Iranian commanders seeking to build a terror network there. Israel remains acutely concerned that such efforts will continue.

Iran’s naked aggression toward Israel was in evidence this week in a different kind of attack. The Israeli daily Haaretz reports:

Cybersecurity experts are convinced that Iran is behind the large-scale cyberattack revealed Wednesday by Israel’s Cyber Defense Authority. The attacks have been identified as being carried out by a hacker group known as OilRig, which has been tracked to Iran and is believed to be financed and directed by one of the Islamic Republic’s intelligence agencies.

OilRig…is known to have attacked in both government and private sector targets the past, focusing primarily on Saudi Arabia, Turkey, the United States and Israel.

The recent attacks were aimed at at least 120 Israeli targets, including private companies, government departments, research institutes and hospitals…. It is unclear at this point whether the attack had any specific targets beyond creating damage in Israeli computer networks, and the extent of that damage is still being assessed.

Other reports, like this one, claim the cyberattack was successfully thwarted.

What is not in doubt is that the—for now—low-level war between Iran and Israel is not only continuing but intensifying. On Thursday it was reported that Israeli missiles fired from the Golan Heights hat hit and destroyed Iranian arms supplies in a Hizballah depot near Damascus International Airport.

Intelligence Minister Yisrael Katz, mentioned above, appeared to confirm that Israel was behind the strike, saying it “exactly matches our declared policy.”

Iran’s harassment of a U.S. warship in the Persian Gulf this week suggests that its cockiness toward the “Great Satan,” too—after a period when it seemed to have waned—is returning.

A cyber attack on Israel, arms shipments to Hizballah, and provocative moves against the U.S. navy are—among much else—all in a week’s work for Iran.

Israeli officials are, though, well aware that the current administration has a much more sober view of the problem than the previous one, and more hopeful that, this time around, the forces of civilization will push back against a regime that has been sowing discord and death for almost four decades.

WikiLeaks publishes thousands of documents, claims they come from CIA cyber center

March 7, 2017

WikiLeaks publishes thousands of documents, claims they come from CIA cyber center, Washington ExaminerKyle Feldscher, March 7, 2017

WikiLeaks on Tuesday began releasing information it says is the largest ever publication of documents from the CIA, starting with more than 8,700 documents from the agency’s high-security network.

In a press release, WikiLeaks said the CIA “lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”

That loss of control allowed much of the CIA’s hacking capability to become public and was given to WikiLeaks.

According to the statement, Tuesday’s release shows the “scope and direction” of the CIA’s global hacking program. That program is meant to target American and European products such as the Apple iPhone, Android phones, the Microsoft Windows computer software system and Samsung TVs, which can be turned into microphones.

WikiLeaks says its source “details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

“There is an extreme proliferation risk in the development of cyber ‘weapons,’ ” said Julian Assange, founder of WikiLeaks. “Comparisons can be drawn between the uncontrolled proliferation of such ‘weapons,’ which results from the inability to contain them combined with their high market value, and the global arms trade.

“But the significance of ‘Year Zero’ [the first part of the release] goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective.”

Iranian Official Reveals ‘Uncovering’ of Major US Cyber-Attack Plot — Failing to Mention Info Obtained From American Docu-Drama

December 13, 2016

Iranian Official Reveals ‘Uncovering’ of Major US Cyber-Attack Plot — Failing to Mention Info Obtained From American Docu-Drama, AlgemeinerRuthie Blum, December 12, 2016

maxresdefault-4-1024x576The slide of a clip in which ‘Zero Days’ is discussed. Photo: YouTube.

As The Algemeiner has reported extensively, Iranian officials have been issuing daily threats against Washington — particularly since last month’s election of Donald Trump to the presidency — about the Islamic Republic’s “fierce” response to any American breaches of the JCPOA, alongside muscle-flexing about the quality and quantity of its long-range missiles. Two weeks ago, the Senate passed a motion to extend the Iran Sanctions Act for an additional 10 years, which spurred the regime in Tehran to warn President Barack Obama not to approve the move.

********************

An Iranian Civil Defense Organization official announced on Monday that the United States is plotting a major cyber-attack on the Islamic Republic that will be more dangerous and wreak far more havoc that the Stuxnet virus, the semi-official state news agency Fars reported.

Addressing a conference in Tehran, Alireza Karimi said, “At present, the US has launched a project named Nitro Zeus with the aim of attacking Iran’s defense and telecommunication infrastructures.”

Karimi failed to mention, however, that he was actually referring to information revealed in “Zero Days,” an Alex Gibney docu-drama that premiered in July at the Berlin International Film festival. The film claimed that Nitro Zeus was developed as a backup plan in the event that Western efforts to curb Iran’s nuclear program by diplomatic means failed.

According to a description of the movie in the Tech Times, the major operation “took on great urgency as the [US] government believed that Israel Prime Minister Benjamin Netanyahu would launch a strike on the nuclear facilities of Iran, a move that would draw in the United States into the hostilities that [would] follow.”

However, the film claims that Nitro Zeus, the code name given to the mass malware operation that cost many millions of dollars, was shelved when the Joint Comprehensive Plan of Action — otherwise known as the nuclear deal — was signed between six world powers and Iran last year in July 2015.

In an extensive piece about the film, Newsweek wrote:

Gibney traces the development of Stuxnet to the last years of George W. Bush’s administration. It was a major operation, participants tell him, involving the CIA, the National Security Agency (NSA) and U.S. Cyber Command. On the Israeli side, it involved the Mossad…and Unit 8200, its military signals intelligence division. Britain’s General Communications Headquarters, its signals intelligence corps, also played a role. After the code for Stuxnet was written, it was tested both in the US and Israel on centrifuges identical to those used by Iranians. When CIA officials showed Bush the shards of a centrifuge that Stuxnet had destroyed, the president gave the OK to use it against Iran. The era of cyberwarfare had officially begun.

The participants who confirmed Stuxnet’s American and Israeli origins did so anonymously and off-camera, for fear of violating strict prohibitions against discussing classified information. That’s why Gibney used an actor…through [whom he] breaks his news in the film. “Stuxnet was just part of a much larger Iranian mission,” the character says… “Nitro Zeus would take out Iran’s strategic communications, air defenses, power grid, civilian communications, transportation and financial system…Nitro Zeus was the plan for a full-scale cyberwar with no attribution.”

Fars reported that Karimi’s remarks about Nitro Zeus came on the heels of a statement by the Civil Defense Organization chief, Brigadier General Mohammad Hassan Mansourian, who boasted his office’s capability to “defuse cyberattacks and cultural invasions.”

As The Algemeiner has reported extensively, Iranian officials have been issuing daily threats against Washington — particularly since last month’s election of Donald Trump to the presidency — about the Islamic Republic’s “fierce” response to any American breaches of the JCPOA, alongside muscle-flexing about the quality and quantity of its long-range missiles. Two weeks ago, the Senate passed a motion to extend the Iran Sanctions Act for an additional 10 years, which spurred the regime in Tehran to warn President Barack Obama not to approve the move.