Cybersecurity firm: More Iran hacks as US sanctions loom

Alister Shepherd, the director of a subsidiary of FireEye, during a presentation about the APT33 in Dubai Tuesday. (AP)
Updated 20 September 2018
0

Cybersecurity firm: More Iran hacks as US sanctions loom

  • The firm warns that this raises the danger level ahead of America re-imposing crushing sanctions on Iran’s oil industry in early November.
  • Iran’s mission to the UN rejected FireEye’s report, calling it “categorically false.”

DUBAI: An Iranian government-aligned group of hackers launched a major campaign targeting Mideast energy firms and others ahead of US sanctions on Iran, a cybersecurity firm said Tuesday, warning further attacks remain possible as America reimposes others on Tehran.

While the firm FireEye says the so-called “spear-phishing” email campaign only involves hackers stealing information from infected computers, it involves a similar type of malware previously used to inject a program that destroyed tens of thousands of terminals in Saudi Arabia.

The firm warns that this raises the danger level ahead of America re-imposing crushing sanctions on Iran’s oil industry in early November.

“Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack,” Alister Shepherd, a director for a FireEye subsidiary, told The Associated Press.

Iran’s mission to the UN rejected FireEye’s report, calling it “categorically false.”

“Iran’s cyber capabilities are purely defensive, and these claims made by private firms are a form of false advertising designed to attract clients,” the mission said in a statement. “They should not be taken at face value.”

FireEye, which often works with governments and large corporations, refers to the group of Iranian hackers as APT33, an acronym for “advanced persistent threat.” APT33 used phishing email attacks with fake job opportunities to gain access to the companies affected, faking domain names to make the messages look legitimate. Analysts described the emails as “spear-phishing” as they appear targeted in nature.

FireEye first discussed the group last year around the same time. This year, the company briefed journalists after offering presentations to potential government clients in Dubai at a luxury hotel and yacht club on the man-made, sea-horse-shaped Daria Island.

While acknowledging their sales pitch, FireEye warned of the danger such Iranian government-aligned hacking groups pose. Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.

A second version of Shamoon raced through Saudi government computers in late 2016, this time making the destroyed computers display a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country’s civil war.

But Iran first found itself as a victim of a cyberattack. Iran developed its cyber capabilities in 2011 after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.

APT33’s emails haven’t been destructive. However, from July 2 through July 29, FireEye saw “a by-factors-of-10 increase” in the number of emails the group sent targeting their clients, Shepherd said.

 


One year after Daesh defeat, Syria’s Raqqa still in fear

Updated 18 October 2018
0

One year after Daesh defeat, Syria’s Raqqa still in fear

  • While the nightmare of militant rule may be gone, most of the city still lies in ruins
  • ‘The war has worn us out. Us and our children. It has destroyed our future’

RAQQA, Syria: A year after a US-backed alliance of Syrian fighters drove the Daesh group from the northern city of Raqqa, traumatized civilians still live in fear of near-daily bombings.
“Every day we wake up to the sound of an explosion,” said resident Khaled Al-Darwish.
“We’re scared to send our children to school ... there’s no security,” he added.
The militants’ brutal rule in Raqqa was brought to an end in October 2017 after a months-long ground offensive by the Kurdish-led Syrian Democratic Forces supported by air strikes from a US-led coalition.
But despite manning roadblocks at every street corner, the SDF and the city’s newly created Internal Security Forces are struggling to stem infiltration by Daesh sleeper cells.
At Raqqa’s entrance, soldiers verify drivers’ identity papers and carefully sift through lorry cargoes.
Inside the city, there are regular foot patrols and armored vehicles sit at strategic points.
Women wearing the niqab are asked to show their faces to female security members before entering public buildings.
“If there wasn’t fear about a return of Daesh, there wouldn’t be this increased military presence,” said Darwish, a father of two, speaking near the infamous Paradise Square.
It was here that Daesh carried out decapitations and other brutal punishments, earning the intersection a new name — “the roundabout of hell.”
While the nightmare of militant rule may be gone, most of the city still lies in ruins and there are near daily attacks on checkpoints and military vehicles, according to the Syrian Observatory for Human Rights.
Although a series of stinging defeats have cut Daesh’s so-called caliphate down to desert hideouts, the militants still manage to hit beyond the patches of ground they overtly control.
Some Raqqa residents say the city’s new security forces lack the expertise to cope.
“We are exhausted. Every day we don’t know if we will die in a bomb explosion or if we will go home safe and sound,” said Abu Younes, sitting in his supermarket near a roundabout not far from Paradise Square.
“There is no security — (the new security forces) on the roadblocks are not qualified and there is a lot of negligence,” he complained.
“There are faults that enable Daesh to infiltrate the city easily and carry out attacks.”
But despite the continued attacks, a semblance of normal life has returned to the city.
Shops have reopened and traffic has returned to major roads — albeit choked by the impromptu checkpoints.
In a public garden, children climb up a multi-colored slide and onto dilapidated swings as their mothers sit on nearby benches carefully keeping watch.
They are set amidst an apocalyptic backdrop of twisted metal and splayed balconies — the remnants of buildings torn apart by US-led coalition air raids.
Nearby, Ahmed Al-Mohammed pauses as he listens to music on his phone. Like others, he does not hide his disquiet.
“We’re scared because of the presence of Daesh members in the city,” the 28-year-old said.
“The security forces need to tighten their grip.”
Ahmed Khalaf, who commands Raqqa’s Internal Security Forces, defended the work of his men and claimed successes against the militants.
He said patrols are highly organized and that a “joint operation cell” had recently been established with coalition forces to monitor the city’s security.
“Recently we arrested four (militants) — it was a cell that took part in attacks that terrorized the city,” said Khalaf, sporting plain green fatigues.
“We are continuing our investigation to uncover the other cells,” he added.
“Daesh’s goal is to destroy the country and to not let anyone live in safety,” he said.
Security and stability are what Najla Al-Ahmed wants most for her children.
“The nightmare of Daesh follows us everywhere — whenever we try to rest, explosions start up again,” said the 36-year-old, as she shopped with her young ones.
“The war has worn us out. Us and our children. It has destroyed our future,” she said.