U.S. Cyber Has Hacked Iranian Missile C&C, Say Super-Secret Sources

The U.S. has been hacking Iran. Despite President Trump’s cancellation of a kinetic retaliation, we’re now told of cyber strikes against Iranian command-and-control systems.

Second time’s a charm, hopes U.S. Cyber Command’s Gen. Paul M. Nakasone (pictured). Fresh from his team’s psy-ops against Russia, now we’re hearing more unofficial, unattributed briefings about their activities on behalf of the American people. You know the drill—here come the “former officials,” and “people familiar with the matter.”

Either USCYBERCOM leaks like a sieve, or we’re a bunch of useful idiots. In today’s SB Blogwatch, we kinda suspect the latter.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: boomski.


Déjà Vu All Over Again

What’s the craic? Jenna McLaughlin, Zach Dorfman and Sean D. Naylor tag-team to tell, “Pentagon secretly struck back against Iranian cyberspies targeting U.S. ships”:

 On Thursday evening, U.S. Cyber Command launched a retaliatory digital strike against an Iranian spy group that supported last week’s limpet mine attacks on commercial ships. [The] sources declined to provide any further details of the retaliatory cyber operation.

The group, which has ties to the Iranian Revolutionary Guard Corps, has over the past several years digitally tracked and targeted military and civilian ships passing through the economically important Strait of Hormuz. … Multiple private U.S. cyber intelligence firms have reported attempts by Iranian hackers in recent weeks to infiltrate American organizations.

Tehran’s ability to gather information and unleash offensive operations has developed significantly in the last decade or so, particularly after [Stuxnet]. The Iranians would pretend to be attractive young women looking to connect with a “lonely seaman” to gather intelligence about ship movements [and] track U.S. naval movements in the region by hacking into ship-tracking websites.

With a second set of supposedly secret sources, here’s Ellen Nakashima—“Trump approved cyber-strikes against Iran’s missile systems”:

 President Trump approved an offensive cyberstrike that disabled Iranian computer systems used to control rocket and missile launches … according to people familiar with the matter. … The strike [was] crippling to Iran’s military command and control systems [but] did not involve a loss of life or civilian casualties … these people said.

Thursday’s strikes … represented the first offensive show of force since Cyber Command was elevated to a full combatant command in May. … Iranian cyber forces have tried to hack U.S. naval ships and navigation capabilities in the Persian Gulf region for the past few years. … The Department of Homeland Security [and] National Security Agency also urged industry to be vigilant.

Any more details? Rebecca Falconer flies in with, “U.S. hit back at Iran with cyberattacks”:

 Trump authorized the cyberattack as he stopped a military response to Iran … downing a U.S. surveillance drone. … Thursday’s operation targeted Iran’s Revolutionary Guard.

[It] saw the U.S. disable the computer systems for some time. … It was similar to a cyberattack that temporarily took down Russia’s Internet Research Agency … during and immediately after the … midterm elections.

The reports come amid a backdrop of escalating tension.

You can say that again. Shannon Vavra has more on the, “Iran-linked operations”:

 Just last week, the administration blamed Tehran for attacks on two oil tankers in the Gulf of Oman. The Pentagon subsequently announced increased troop deployments to the region.

The National Security Agency … would not go so far as to use the names private cybersecurity firms have assigned several Iranian hacking groups, but indicated [it] is watching APT 33 and APT 34, which have commonly been associated with Iran.

Please tell me APT33 has a sillier name. Andy Greenberg obliges—“Tensions mount”:

 Two security firms, Crowdstrike and Dragos [say] they’ve seen a new campaign of targeted phishing emails sent to a variety of US targets … from a hacker group known by the names APT33, Magnallium, or Refined Kitten. [It’s] widely believed to be working in the service of the Iranian government.

In at least some of last week’s intrusion attempts, the hackers sent potential victims an email lure posing as a job opening from … an organization within the White House’s Executive Office of the President. The email contained a link that, if clicked … installed a malware payload known as Powerton, a kind of all-purpose remote access trojan. … All fit the modus operandi of APT33.

And there’s a ransomware angle. It’s about time, comments bin0:

 Iran has been a thorn in the side of companies for years. Between them and North Korea, civilian operations are regularly crippled and data stolen.

I even know a company that got ransomware twice, both times from the North Koreans (company paid the first time, so they went back after them). Most of the time, companies don’t widely disclose this (except to affected parties), so you don’t hear about it, but it’s very much out there and widespread (according to the FBI agents involved in this case and what I have heard).

The FBI classifies such things as acts of terror, yet we have done nothing to protect our own companies. If Iran wants to keep attacking our nation … it is about time we start crippling their infrastructure until they simply have no way to send a packet to the outside world.

OK, but what is USCYBERCOM doing? berkut has a theory:

 Probably using a continuation of the Suter program. [It] compromises the CaC / FC systems from the radar point-of-view itself as the entry-point.

Older Russian tech for SAM sites and the such had microwave controllers between the different components (i.e. multi-static radar). … It was possible to intercept/gain access/control from here in a shockingly convenient way.

It was essentially similar to (but via radio spectrum as opposed to light) gaining access to a police speed camera by firing light at the camera sensor, gaining control of it, and then re-programming it to either do nothing useful, or even in extreme cases take license plate pictures of police cars going under the speed limit.

But this Anonymous Coward heeds Eisenhower’s 1961 farewell address:

 The US is a war perpetuation machine. It goes to war constantly, and never wins or loses them. It just stays forever and continues to make a mess of things just enough so they can justify staying longer.

Some politicians, and “defense” contractors, got really drunk on the profits from WWII and have tried to keep the party going ever since—despite the fact that the circumstances that made those profits possible no longer exist. Unfortunately the drunk politicians still refuse to realize that, and think that if they sink enough of the country’s economy into it, those conditions will return.

Meanwhile, gruez wonders if we’re all just useful idiots:

 Say you launched a cyber attack, but really you didn’t.

Then they waste their time looking for non-existent backdoors. Considering the NSA has some pretty deep implants (UEFI level, hard drive firmware level, IoT/embedded) that can pass through airgaps (see: Stuxnet), it’ll be quite expensive to do a full sweep.

And Finally:

Earth’s Rotation Leads to Exploding Soviet Rocket


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hatemail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: USCYBERCOM

Featured eBook
The Second Wave of IT Security: How Today’s Leaders See the Future

The Second Wave of IT Security: How Today’s Leaders See the Future

As network security issues grew in the 1970s, and the 1980s brought the widespread use of the internet, the IT security profession expanded to address the malicious threats and innocent user mistakes of highly connected users and machines. Today, the security industry is experiencing what could be called a renaissance of sorts. Security professionals are ... Read More
Security Boulevard

Richi Jennings

Richi is a foolish independent industry analyst, editor, writer, and fan of the Oxford comma. He’s previously written or edited for Computerworld, Petri, Microsoft, HP, Cyren, Webroot, Micro Focus, Osterman Research, Ferris Research, NetApp on Forbes and CIO.com. His work has won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 43 posts and counting.See all posts by richi