Cybersecurity firm: More Iran hacks as US sanctions loom

Alister Shepherd, the director of a subsidiary of FireEye, during a presentation about the APT33 in Dubai Tuesday. (AP)
Updated 20 September 2018
0

Cybersecurity firm: More Iran hacks as US sanctions loom

  • The firm warns that this raises the danger level ahead of America re-imposing crushing sanctions on Iran’s oil industry in early November.
  • Iran’s mission to the UN rejected FireEye’s report, calling it “categorically false.”

DUBAI: An Iranian government-aligned group of hackers launched a major campaign targeting Mideast energy firms and others ahead of US sanctions on Iran, a cybersecurity firm said Tuesday, warning further attacks remain possible as America reimposes others on Tehran.

While the firm FireEye says the so-called “spear-phishing” email campaign only involves hackers stealing information from infected computers, it involves a similar type of malware previously used to inject a program that destroyed tens of thousands of terminals in Saudi Arabia.

The firm warns that this raises the danger level ahead of America re-imposing crushing sanctions on Iran’s oil industry in early November.

“Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack,” Alister Shepherd, a director for a FireEye subsidiary, told The Associated Press.

Iran’s mission to the UN rejected FireEye’s report, calling it “categorically false.”

“Iran’s cyber capabilities are purely defensive, and these claims made by private firms are a form of false advertising designed to attract clients,” the mission said in a statement. “They should not be taken at face value.”

FireEye, which often works with governments and large corporations, refers to the group of Iranian hackers as APT33, an acronym for “advanced persistent threat.” APT33 used phishing email attacks with fake job opportunities to gain access to the companies affected, faking domain names to make the messages look legitimate. Analysts described the emails as “spear-phishing” as they appear targeted in nature.

FireEye first discussed the group last year around the same time. This year, the company briefed journalists after offering presentations to potential government clients in Dubai at a luxury hotel and yacht club on the man-made, sea-horse-shaped Daria Island.

While acknowledging their sales pitch, FireEye warned of the danger such Iranian government-aligned hacking groups pose. Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.

A second version of Shamoon raced through Saudi government computers in late 2016, this time making the destroyed computers display a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country’s civil war.

But Iran first found itself as a victim of a cyberattack. Iran developed its cyber capabilities in 2011 after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.

APT33’s emails haven’t been destructive. However, from July 2 through July 29, FireEye saw “a by-factors-of-10 increase” in the number of emails the group sent targeting their clients, Shepherd said.

 


Muslims pray in banned area of Al-Aqsa for first time since 2003

The worshippers forced their way into the area ahead of Friday prayer. (Reuters)
Updated 23 February 2019
0

Muslims pray in banned area of Al-Aqsa for first time since 2003

  • The worshippers chanted religious and national slogans and mounted the flag of Palestine to show their delight at the reopening of the area

AMMAN: For the first time since 2003, Muslim worshippers broke an Israeli ban and offered Friday prayers in the Bab Al-Rahmeh prayer hall, which is part of the Haram Al-Sharif/Al-Aqsa Mosque.

Hundreds of Palestinian worshippers entered the Bab Al-Rahmeh area inside the Al-Aqsa Mosque compound in Jerusalem’s Old City on Friday for the first time since the area was closed to Muslim worship by Israeli authorities.

The worshippers, led by the Grand Mufti of Jerusalem, Sheikh Mohammad Hussein and other religious leaders, forced their way into the area ahead of the weekly Friday prayer, defying the Israeli ban.

The worshippers chanted religious and national slogans and mounted the flag of Palestine to show their delight at the reopening of the area, which has only been open during the past 16 years to Jewish fanatics during provocative visits to the Muslim holy place, the third holiest site in Islam, according to the official Palestinian news agency, Wafa.

Sheikh Ekrima Sabri, the former mufti and now a member of the newly constituted Islamic Waqf Council in Jerusalem, delivered a short sermon in which he reiterated that “the Haram Al-Sharif is all 144 dunums of land, including the mosques, prayer halls, courtyard musuems and schools within it.” Sabri said that Muslims will not allow anyone to diminish Muslim rights in the entire mosque area.

The Friday prayer at Bab Al-Rahmeh went off peacefully in part because of an Israeli decision late on Thursday not to make any further escalations, a reliable source in Jerusalem told Arab News.

Khaleel Assali, a member of the new council who participated in the prayer at Bab Al-Rahmeh, told Arab News that the mood was peaceful and upbeat. “It was a beautiful thing to be able to reclaim part of our religious site that we were barred from using for so many years.”

The deputy head of the PLO’s Fatah movement, Mahmoud Alloul, praised the unprecedented action by the popular movement in Jerusalem. 

In a statement published on the Wafa website, Alloul called on Palestinians to stay steadfast in the courtyards of Al-Aqsa and Bab Al-Rahmeh and to “continue to stand up to the occupiers and their repeated incursions in Al-Aqsa courtyards.”

Mohammad Ishtieh, a senior Fatah leader who is expected to be the next Palestinian prime minister, issued a statement saying that what happened in Jerusalem today proves beyond a shadow of doubt that all actions and decisions aimed at Judaization of Jerusalem have failed as a result of the steadfastness of our people in our eternal capital. Ishtieh praised the defenders of Jerusalem who screamed for justice and who again forced the Israeli occupiers to back down.

Mahdi Abdul Hadi, director of the Jerusalem-based Palestinian Academic Society for the Study of International Affairs (PASSIA) and a new member of the Jordanian-appointed Waqf Council, told Arab News that all parties participated and share this success. “Everyone participated and every party should get credit for this success. Jerusalem and Al-Aqsa unite us.”

The popular protests that led to the breakup of the 16-year-old Israeli ban began on Feb. 13 when the newly constituted empowered and expanded 18-member Waqf Council decided to hold a symbolic prayer at the barred Bab Al-Rahmeh site. The Israelis responded by placing heavy chains at the gate and making arrests. 

After four days of arrests, Israel allowed the removal of the chains but would not go as far as allowing Muslim worshippers to enter. On Wednesday the Waqf Council called on worshippers to pray at the Bab Al-Rahmeh site. All five daily prayers were held outside the barred prayer hall. A confrontation was expected Friday, but the insistence of the worshippers on reclaiming their site led to the Israelis backing down, Jerusalem sources told Arab News.