Monday, 21 December 2015

U.S: Iranian hackers 'targeted' New York dam (energy source)

US nuclear trustworthy friend Iran loves energy, that we all know now we also know they love the energy of US as Iranian hackers penetrated the computers controlling a dam near New York. 

The attack took place allready 2013 and did no damage but revealed information about how computers running the flood control system worked, said the paper.
Hackers working for nation states regularly hit national infrastructure targets, said a separate AP report.

About 12 times in the last decade hackers have won high-level access to power networks, it said.

Extensive information about the Bowman Avenue dam in Rye, New York state was taken by the hackers, experts familiar with the incident told the newspaper. 
An investigation pointed to Iran as the likely source of the attack and alerted US authorities to the significant cyber warfare capabilities of that nation, said the report The same group of hackers that attacked Bowman Avenue was also implicated in separate attacks on three US financial firms, it added.

The US power network has also come under regular attack by "sophisticated foreign hackers" said AP in an extensive investigation.

Many times security researchers had found evidence that hackers had won access to these sensitive systems. So far, all the attacks seemed intent on gathering detailed information, including engineering drawings, about networks and facilities. 

One extensive campaign gave hackers access to 82 separate plants spread across the US and Canada. Comments in the code found when the attacks were detected suggested Iranian hackers were behind this attack. Information about this series of attacks led the FBI to issue a warning to power industry that it was being targeted.
The knowledge accumulated by the attackers has not been used to shut down the power plants or change the way they work, wrote AP reporters Garance Burke and Jonathan Fahey.

Fact and outcome will be that the knowledge could be used to cause damage if diplomatic relations between Iran and the US changed for the worse, former US Air Force cyber security expert Robert Lee told the agency.
Hackers could get at the power plants and other parts of national infrastructure because many of the systems were set up long before the need to protect them against remote attacks became apparent.

In the past already 2014 a CNN report stated that:
Hackers in Iran use social media to target senior U.S., Israeli officials

Hackers based in Iran used social networks to spy on high-ranking U.S. and Israeli officials, a new report by a cybersecurity firm claims.

Posing as journalists and government officials, the hackers have been working for about three years to get close to their targets, connecting with at least 2,000 people in the process, according to the report from iSight Partners.

"While it's low sophistication technically, it's actually one of the most elaborate social media, or socially engineered, espionage campaigns we've ever seen," Tiffany Jones, a senior vice president at iSight, told CNN.

The firm says that it doesn't have hard evidence tying Iran to the hacking but that "the targeting, operational schedule, and infrastructure used in this campaign is consistent with Iranian origins."

Fake identities

How does the scheme work?
According to iSight, the hackers create fake accounts on social networks masquerading as journalists, government officials and defense contractor employees. 
They have even set up a bogus online news website,, to bolster their credentials, and have sometimes used real reporters' names, photographs and biographies.

The hackers endeavor to build social network connections with friends, relatives and colleagues of their targets, who included senior American military and diplomatic officials, congressional staffers and defense contractors in the United States and Israel.
Once they make contact with a target individual, the hackers try to establish their credibility, by initially sending messages with links to real news stories, for example.
But over time, they lure the target to a fake website, where they steal their passwords and other credentials, or get them to download malicious software.
U.S. admiral among connections.

The investigators at iSight said it isn't clear at the moment how many credentials the campaign has harvested so far. But among the more than 2,000 people with whom the hackers made connections are a four-star U.S. admiral, British and Saudi officials, journalists and lawmakers.

None of the people were named.

The hackers appeared to be after national security information, but what exactly they got their hands on remains unclear.

"The actors have intimated their interest in specific defense technology as well as military and diplomatic information by their targeting," iSight said. "This type of targeting is inconsistent with cybercriminal behavior." 

There's no smoking gun pointing to official Iranian involvement in the scheme. The report cites circumstantial evidence that suggests the hackers operated from Iran.

"What we can say is -- based on who was targeted, the types of information they were going after, the infrastructure that was used and where it's registered in Tehran and a number of other indicators -- that we believe there are links to Iranian actors here," Jones said.

The hackers kept up a regular schedule that fits with working hours in Tehran, including the lunch break, according to iSight.

Networks respond
Facebook says it became aware of the scheme while investigating suspicious activity and has removed the fake profiles associated with the hackers.

LinkedIn says it's looking into the claims.
The FBI and State Department say they received copies of the report but aren't commenting on it directly. The State Department says it has been aware in the past of hackers from Iran using social media websites to investigate targets, including U.S. officials.
As far as the general public is concerned, iSight advises vigilance when using social networks.
"Do not create trusted connections with unknown organizations and/or individuals," it says. "Never provide login credentials with any site or person who contacts to you (rather than you contacting it)."