Various parts of the Islamic Republic were disrupted yesterday (their Internet access) after hackers attacked Iran’s infrastructure and communications companies. “Yesterday we had a heavy attack against the country’s infrastructure and communications companies which has forced us to limit the Internet,” the secretary of the High Council of Cyberspace, Mehdi Akhavan Behabadi, is said by Reuters as having told the Iranian Labour News Agency about the issues.
Some officials claim that their Internet access in Iran is constantly disrupted by cyberattacks, however, the ones yesterday were the most noticeable. This attack would be one of the largest cyberattacks so far, after several gigabytes of traffic overwhelmed the Iranian infrastructure. This is still widely accusative that the US and Israel could be involved, as a response to the nuclear program developed by Iran.
It is noticed also that the cyberwar is heating up for Iran, and that Iran could be constructing counterattacks, such as the recent one against US banks. All of these concentrated attacks are all part of military plans, which are developing “cyber warriors” or a “cyber army”. As always, news about cyberwar will continue to be on this blog.
US Senator Joe Lieberman blamed Iran for the attacks against US banks last Friday, with thoughts that Iran did so out of revenge for the Stuxnet case. The victims of last week’s attacks included Bank of America and JPMorgan Chase. Although not attacked, speculation is that CitiGroup has been a target over the past year. All of these denial of service campaigns seemed to have begun in late 2011.
In C-SPAN’s taping of “Newsmakers,” Lieberman labeled the recent DDoS attacks against the banks a “powerful example of our vulnerability”.
Now, from the perspective of Lieberman, it makes sense to make such claims. When we reported in June about a potential US and Israeli connection for malwares like Flame and Stuxnet, labeled “Operation Olympic Games”, we saw the counterattack that continued cyberwarfare between Iran and the US (as well as other countries). This could be just one of possibly many counterattacks from Iran, and it’s going to be quite dangerous to companies that are vulnerable to cyberattack.
Cyberattacks will continue with DDoS and other hacks, and it could target almost any major organization around the world. The main idea is to craft the correct cybersecurity strategies, and be aware of any attack vectors (like if there are too many people trying to hack in to the networks). It’s important to learn from issues like this, and be able to adapt the latest strategies for businesses. Which means: If you don’t have a director for information security at your major company, it’s about time to get one and soon!
Keep all of your devices FULLY safe from hackers:
The Anonymous group AntiSec has claimed to have mined around 12 million Unique Device Identifiers (UDIDs) from a FBI laptop, after the hack was claimed to have been part of a Java vulnerability. News has been booming with Java vulnerabilities lately, so this is a very believable story. AntiSec published their list to prove the group had the data. The data is used as identifiers for iPhone and iPad devices.
AntiSec’s reason stated includes that it wanted to expose the FBI’s tracking of Apple device users.
However, the FBI has came back with a press release statement:
The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.
Therefore, all this was just a tactic to draw attention to themselves.
- FBI: We Weren’t Hacked, Never Had Apple Device IDs (mashable.com)
- AntiSec Claims to Steal Apple UDIDs from Gov. Laptop, FBI Says No (dailytech.com)
- FBI denies AntiSec’s Apple UDID database claims (h-online.com)
- FBI calls out AntiSec, claim they had nothing to do with stolen Apple IDs (slashgear.com)
According to ThreatPost, the attack that Hussain admitted to being involved with was a breach of the email account of one of Blair’s former advisers. Hussain, who used the handle “TriCk”, pleaded guilty in early July to the attack and was sentenced Tuesday in England to six months in prison for the attack. He was arrested in April.
According to Sophos’s Naked Security, members of the TeaMp0isoN hacking gang then published the hacked information online, sparking security fears about the safety of the former Prime Minister, his friends and associates.
A time in prison at the start of your adult life is no easy undertaking. Hope the young lad learned his lesson.
The cybersecurity bill discussed in congress earlier this Spring is now revised with newer details. The revision to the originally democratic bill is more based on disallowing the government to absolutely standardize new cybersecurity bills. The idea is for those with critical infrastructured networks get fully secure (as required). The new SECURE IT bill restricts the government from retaining and using information about cyberthreats.
According to Computer World: SECURE IT, backed by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-Texas), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Alaska), Dan Coats (R-Ind.), Ron Johnson (R-Wis.), and Richard Burr (R-N.C.), will allow companies to legally share real-time cyberthreat information from their networks with other industry stakeholders, law enforcement agents and government officials.
The restriction of the use of such information about cyberthreats is to help combat the ability of hackers from discovering the information and getting quicker revision time for their threats.
The mere investment in to tools to combat cybersecurity threats is crucial to American infrastructure, and infrastructure all around the world even!
The biggest deal is watching how cyberthreat information is shared. Programs like CISPA are not going to function very well. Which means cyberthreat information should be held between private parties for a temporary time, and once a mitigation is made, destroy the data.
Corporate and government systems are not immune to cyberattacks by hackers.