Jun 27, 2019

Iran's history of hacking and being hacked

Illustration: Aïda Amer/Axios

Given last week's flurry of U.S. cyberattacks against Tehran, Iran's history of retaliating with cyberattacks might raise a few eyebrows. But more concerning might be Iran's history of learning new strategies from other nations' cyberattacks.

The big picture: In 2009, Iran became the first known target of cyber warfare. Its history with cyber conflict is long, and could be used to inform how the current moment might play out.

The backstory: Iran shows an uncommon ability to learn from other nations' techniques and targeting, said Silas Cutler, reverse engineering lead at Chronicle. That's evidenced in how it adapted to Stuxnet, 2009 malware likely launched by the U.S. and Israel to disable the Iranian nuclear program.

  • After Stuxnet, notes Cutler, Iran invested heavily in cyber activities.
  • That resulted in the Shamoon malware, ultimately used to damage the Saudi-owned oil company Aramco in a 2012 attack widely believed to have been carried out by Iran.
  • "I'm less worried about a retaliatory attack and more worried about them learning from our attacks and making them their own," said Cutler.

In fact, Stuxnet caused a fundamental change in how hackers operate in Iran.

  • Hacker culture in Iran dates back to the turn of the millennium. Ashiyane, an Iranian security forum still used today, was founded in 2002.
  • But the purposes of hacker forums in Iran changed after Stuxnet, said Cutler, moving from being a general subculture to a more patriotic one.
  • To this day, the Iranian government uses hacker forums for recruitment whenever they need an emergency workforce.

Where it stands: More recently, said Adam Meyers of Crowdstrike, Iran has learned from Russia's operations against Ukraine in its current operations against Saudi Arabia and the UAE.

The intrigue: Unlike North Korea, which has mainly used disruptive cyberattacks to settle petty scores and generate revenue, Iran's disruptive cyberattacks have been more tactical, said Ben Read, senior manager for cyber-espionage analysis at FireEye.

  • Iran responded by launching massive denial-of-service attacks against the U.S. financial sector in 2012, after the U.S. launched sanctions against Iran and only two years after Stuxnet was exposed.
  • Those are remarkably similar to the current state of affairs, notes Read. The U.S. announced new sanctions against Iran this week following the cyber attacks last week.
  • Iran can be petty, too. (It may have used Shamoon to attack Sheldon Adleson's Sands casino in response to comments he made.)

What's next: Iran largely stopped targeting the West after the Iran deal, but activity has re-emerged against the U.S. as tensions have escalated. That activity appears to be more for information gathering than to cause harm.

  • The U.S. should be aware of Iran's techniques should they chose to retaliate, said Read, as just knowing what to look for can be enough to head off Iran's brand of attacks.
  • "They can do bad stuff, but they aren't wizards," he said.

Go deeper

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 855,007 — Total deaths: 42,032 — Total recoveries: 176,714.
  2. U.S.: Leads the world in confirmed cases. Total confirmed cases as of 7 p.m. ET: 186,265 — Total deaths: 3,810 — Total recoveries: 6,910.
  3. Business updates: Should you pay your rent or mortgage during the coronavirus pandemic? Find out if you are protected under the CARES Act.
  4. Public health updates: More than 400 long-term care facilities across the U.S. report patients with coronavirus — Older adults and people with underlying health conditions are more at risk, new data shows.
  5. Federal government latest: President Trump said the next two weeks would be "very painful" on Tuesday, with projections indicating the virus could kill 100,000–240,000 Americans. The White House and other institutions are observing several models to help prepare for when COVID-19 is expected to peak in the U.S.
  6. U.S.S. Theodore Roosevelt: Captain of nuclear aircraft carrier docked in Guam pleaded with the U.S. Navy for more resources after more than 100 members of his crew tested positive.
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

White House projects 100,000 to 240,000 U.S. coronavirus deaths

President Trump said at a press briefing on Tuesday that the next two weeks in the U.S. will be "very painful" and that he wants "every American to be prepared for the days that lie ahead," before giving way to Deborah Birx to explain the models informing the White House's new guidance on the coronavirus.

Why it matters: It's a somber new tone from the president that comes after his medical advisers showed him data projecting that the virus could kill 100,000–240,000 Americans — even with strict social distancing guidelines in place.

Go deeperArrowUpdated 1 hour ago - Health

Paying rent in a pandemic

Illustration: Aïda Amer/Axios

For many people who've lost jobs or income because of the coronavirus pandemic, tomorrow presents a stressful decision: Do you pay your rent or mortgage?

Why it matters: The new CARES Act that was signed by President Trump on Friday protects homeowners and renters who are suffering from the response to the coronavirus pandemic — but it's not “a one-size-fits-all policy rulebook,” a congressional aide tells Axios.

Go deeperArrow3 hours ago - Health