UAE among targets of Iranian hackers, investigators say
WASHINGTON // Hackers working for Iran have targeted at least 50 companies and government organisations, including institutions in the UAE.
The hackers infiltrated the computer systems of commerical airlines and their contractors in the Emirates, Pakistan and South Korea, the US cyber-security firm Cylance said in a report based on a two-year investigation.
They broke into the computers of companies responsible for aircraft maintenance, cargo loading and refuelling, according to the report and Cylance analysts, and stole credentials that could be used to impersonate workers.
From a trove of more than 80,000 files of stolen data and hacking tools obtained from computers used by the hackers since at least 2012, the company’s analysts peeled back what they said was a sweeping spying operation that focused on the US and Iran’s Arabian Gulf rivals, as well as on Germany, China, England and Israel.
Universities and their financial aid and housing offices were targeted, suggesting the spies were interested in students, perhaps as potential recruits.
In the US, computers belonging to chemical and energy companies, defence contractors, universities and transportation providers were hacked in what Cylance called Operation Cleaver.
The report said the Iranian group was the same one that breached the US navy’s unclassified computer system in September last year.
The capabilities of Iranian cyberspies have advanced to the point that the country is quickly becoming a top-tier cyber power, according to the report.
While the group Cylance followed appears to have been focused on intelligence gathering, the choice of targets raises security fears.
Cylance said it provided the information it collected to the FBI. The FBI is already looking into Iranian hacking, including the navy breach, according to two people familiar with that investigation.
Hamid Babaei, the spokesman for the Iranian mission to the United Nations in New York, denounced the report. “This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” Mr Babaei said.
While Cylance did not identify the targets, a person familiar with the law-enforcement investigation said they included Pakistan International Airlines, Korean Air, Petroleos Mexicanos (Pemex), the world’s ninth-largest oil producer, and Calpine Corp, a US power company.
Pakistan International Airlines said it was not aware of any threat from hackers.
“We are well secured and our firewall is in place,” a spokesman said.
A Pemex official denied its data network had been violated.
Cylance’s allegations of state-sponsored hacking are the latest in a string this year. Other security firms have accused Russians of breaching systems at Nato, and the United States indicted five members of China’s military on charges of hacking US companies.
The US is also mounting vast cyber-espionage operations, with the National Security Agency’s efforts revealed in a series of leaks of classified information beginning last year.
“Russians are the most sophisticated and most capable outside the US. The Chinese bring to bear staggering numbers of people and computers. Iran is probably between those two,” said retired Admiral William Fallon, head of the US mlitary’s central command until 2008. “They are pretty good and they are motivated.”
The Iranian hacking efforts are largely overseen by the Iranian Revolutionary Guard Corps, Adm Fallon said.
Iran has been building its cyber-capacity since a computer worm known as Stuxnet derailed work at a uranium processing facility at Natanz in 2010.
That attack has been attributed to a joint US-Israel operation.
The kinds of companies cited in the report provide a map of intelligence priorities. The targets are different from those of Russian hackers, who have recently zeroed in on the Ukraine conflict, oil markets and the global financial system, and Chinese hackers, who have focused on gaining commercial secrets.
Any data collected about global air transportation networks could be passed to militants and insurgent groups allied with Tehran, according to Reuel Marc Gerecht, senior fellow at the Foundation for Defence of Democracies and former Middle East specialist at the CIA’s directorate of operations.
The fact that several targets were in South Korea may be the result of intelligence cooperation between Iran and North Korea, giving Iran something to trade.
There may be reason for concern given the information the hackers sought to take, said Stuart McClure, Cylance’s chief executive. The report said they stole passport photos, employee credentials and data that could be used to impersonate workers and bypass airport security checkpoints.
They also accessed details about computer systems at major airports, including Pakistan’s Jinnah International Airport in Karachi.
Taliban militants disguised as security staff stormed the airport in June, killing more than 30 people. The report did not link that to the hack but Mr McClure said some information stolen was related to a gate where the attack began.
The report paints a picture of a persistent, aggressive operation aimed at undermining vital components of nations’ transportation systems, and highlights the growing danger that state-sponsored hacking poses to civilian infrastructure.
“If you’ve gone from financial to oil and gas and you’re switching to avionics, you’re talking about the whole of critical infrastructure,” said Joe DeTrani, former senior adviser to the US director of national intelligence and president of the Intelligence and National Security Alliance. “If one is looking at the battlespace, certainly the air, avionics and airports and related facilities would be part of the equation.”
Published: December 4, 2014 04:00 AM