Iran’s history of hacking and being hacked

July 2, 2019 Science and Technology, Social and Political

axios.com – Given last week’s flurry of U.S. cyberattacks against Tehran, Iran’s history of retaliating with cyberattacks might raise a few eyebrows. But more concerning might be Iran’s history of learning new strategies from other nations’ cyberattacks.

The big picture: In 2009, Iran became the first known target of cyber warfare. Its history with cyber conflict is long, and could be used to inform how the current moment might play out.

The backstory: Iran shows an uncommon ability to learn from other nations’ techniques and targeting, said Silas Cutler, reverse engineering lead at Chronicle. That’s evidenced in how it adapted to Stuxnet, 2009 malware likely launched by the U.S. and Israel to disable the Iranian nuclear program.

After Stuxnet, notes Cutler, Iran invested heavily in cyber activities.
That resulted in the Shamoon malware, ultimately used to damage the Saudi-owned oil company Aramco in a 2012 attack widely believed to have been carried out by Iran.
“I’m less worried about a retaliatory attack and more worried about them learning from our attacks and making them their own,” said Cutler.

In fact, Stuxnet caused a fundamental change in how hackers operate in Iran.

Hacker culture in Iran dates back to the turn of the millennium. Ashiyane, an Iranian security forum still used today, was founded in 2002.
But the purposes of hacker forums in Iran changed after Stuxnet, said Cutler, moving from being a general subculture to a more patriotic one.
To this day, the Iranian government uses hacker forums for recruitment whenever they need an emergency workforce.

Where it stands: More recently, said Adam Meyers of Crowdstrike, Iran has learned from Russia’s operations against Ukraine in its current operations against Saudi Arabia and the UAE.

The intrigue: Unlike North Korea, which has mainly used disruptive cyberattacks to settle petty scores and generate revenue, Iran’s disruptive cyberattacks have been more tactical, said Ben Read, senior manager for cyber-espionage analysis at FireEye.

Iran responded by launching massive denial-of-service attacks against the U.S. financial sector in 2012, after the U.S. launched sanctions against Iran and only two years after Stuxnet was exposed.
Those are remarkably similar to the current state of affairs, notes Read. The U.S. announced new sanctionsagainst Iran this week following the cyber attacks last week.
Iran can be petty, too. (It may have used Shamoon to attack Sheldon Adleson’s Sands casino in response to comments he made.)

What’s next: Iran largely stopped targeting the West after the Iran deal, but activity has re-emerged against the U.S. as tensions have escalated. That activity appears to be more for information gathering than to cause harm.

The U.S. should be aware of Iran’s techniques should they chose to retaliate, said Read, as just knowing what to look for can be enough to head off Iran’s brand of attacks.
“They can do bad stuff, but they aren’t wizards,” he said.

Shabtabnews In this dark night, I have lost my way – Arise from a corner, oh you the star of guidance.

Related Articles

The mother of a murdered Basiji demands the retrial and execution of Hamid Gharehassanlou.

Brother Of Iranian Doctor Handed Death Sentence Says Wife’s Confession Came After She Was Tortured

USCIRF Commissioner asks “the US government and the international community need to urge Iran to immediately cease their attacks on peaceful protesters asking for greater religious freedom.”

USCIRF Commissioner expresses concern about recent arrests of religious minorities in Iran, including Yarsanis & Gonabadi Sufis.

USCIRF Commissioner @ is concerned for Kasra Nouri’s well-being

The reign of intelligence services

IOPHR’s statement regarding the renewed death threats of the Islamic Republic of Iran against the life of Dr. Seyed Mostafa Azmayesh and his family

Sam Brownback the former IRF Ambassador express concern in regards to murder of Sufi Mohammad Pouryousefi

Behnam Mahjoubi’s Mother Calls for Accountability in Death of Her Son in Custody

Activist Calls on Publishers to Send Books to Prisoners

Behnam Mahjoubi -A Medical Review

URGENT: Immediate Action needed by government Bosnia Herzegovina to Protect the Life of Mr. Amir Labbaf

Commemorating 40th day since the murder of Behnam Mahjoubi – Public statement of Markus Grübel on discrimination and persecution of Sufis and Baha’is in Iran

IOPHR Statement on the need to provide immediate Security for Mr. Amir Labbaf

More MEP’s have joined to demand the Iranian government to investigate the death of Behnam Mahjoubi

MEP’s demand the Iranian government to investigate the death of Behnam Mahjoubi

Leaked Government Document Exposes Policies Against Baha’is and Dervishes

IOPHR’s open Letter to Mr. Josep Borrell Fontelles, regarding the responsibility of the Islamic Republic of Iran for providing security for prisoners of conscience

USCIRF Condemns Killing of Gonabadi Sufi Activist by Iranian Officials

IOPHR Statement regarding the responsibility of the Islamic Republic of Iran in protecting the lives of prisoners of conscience

Iran reduces military presence in Syria after suspected Israeli strikes: Monitor

Missing IRGC General Alive and Living In US, 17 Years after Defection to West

‘War On Women’ Intensifies With Hijab Crackdown In Iran

US Senate Passes MAHSA Act, Other Iran Sanctions Bills

Twice Arrested and Tortured: Farshad Dastmardi’s Harrowing Ordeals in Iran

Woman Murdered by Husband with Violent Past After Refusing Financial Demand