Former CIA chief Brennan to brief Dems on Iran

CIA Director John Brennan participates in the Senate Intelligence Committee's hearing on worldwide threats, on Capitol Hill in Washington. (File/AP/Alex Brandon)
Updated 19 May 2019

Former CIA chief Brennan to brief Dems on Iran

  • The Trump administration recently sent an aircraft carrier and other military resources to the Arabian Gulf region
  • House Speaker Nancy Pelosi had been asking the administration for a briefing for all lawmakers on the situation in Iran

WASHINGTON: House Democrats will hear from former CIA director John Brennan about the situation in Iran, inviting him to speak next week amid heightened concerns over the Trump administration’s sudden moves in the region.
Brennan, an outspoken critic of President Donald Trump, is scheduled to talk to House Democrats at a private weekly caucus meeting Tuesday, according to a Democratic aide and another person familiar with the private meeting. Both were granted anonymity to discuss the meeting.
The invitation to Brennan and Wendy Sherman, the former State Department official and top negotiator of the Iran nuclear deal, offers counterprogramming to the Trump administration’s closed-door briefing for lawmakers also planned for Tuesday on Capitol Hill. Democratic lawmakers are likely to attend both sessions.
The Trump administration recently sent an aircraft carrier and other military resources to the Arabian Gulf region, and withdrew nonessential personnel from Iraq, raising alarm among Democrats and some Republicans on Capitol Hill over the possibility of a confrontation with Iran.
Trump in recent days downplayed any potential for conflict. But questions remain about what prompted the actions and many lawmakers have demanded more information.
Trump and Brennan have clashed openly, particularly over the issues surrounding the special counsel’s probe of Russian interference in the 2016 election. Brennan stepped down from the CIA in 2017.
The president last year said he was revoking the former spy chief’s security credentials after Brennan was critical of Trump’s interactions with Russian President Vladimir Putin at a summit in Helsinki. Top national security officials often retain their clearance after they have left an agency as a way to provide counsel to their successors. It’s unclear if Brennan actually lost his clearance.
House Speaker Nancy Pelosi had been asking the administration for a briefing for all lawmakers on the situation in Iran, but she said the request was initially rebuffed. The administration provided a classified briefing for top leaders of both parties last week.


Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

Updated 6 min 22 sec ago

Hacking the hackers: Russian group hijacked Iranian spying operation, officials say

  • The Russian group has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months
  • The hacking campaign was most active in the Middle East but also targeted organizations in Britain

LONDON: Russian hackers piggy-backed on an Iranian cyber-espionage operation to attack government and industry organizations in dozens of countries while masquerading as attackers from the Islamic Republic, British and US officials said on Monday.
The Russian group, known as “Turla” and accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has used Iranian tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, British security officials said.
The hacking campaign, the extent of which has not been previously revealed, was most active in the Middle East but also targeted organizations in Britain, they said.
Paul Chichester, a senior official at Britain’s GCHQ intelligence agency, said the operation shows state-backed hackers are working in a “very crowded space” and developing new attacks and methods to better cover their tracks.
In a statement accompanying a joint advisory with the US National Security Agency (NSA), GCHQ’s National Cyber Security Center said it wanted to raise industry awareness about the activity and make attacks more difficult for its adversaries.
“We want to send a clear message that even when cyber actors seek to mask their identity, our capabilities will ultimately identify them,” said Chichester, who serves as the NCSC’s director of operations.
Officials in Russia and Iran did not immediately respond to requests for comment sent on Sunday. Moscow and Tehran have both repeatedly denied Western allegations over hacking.
Western officials rank Russia and Iran as two of the most dangerous threats in cyberspace, alongside China and North Korea, with both governments accused of conducting hacking operations against countries around the world.
Intelligence officials said there was no evidence of collusion between Turla and its Iranian victim, a hacking group known as “APT34” which cybersecurity researchers at firms including say works for the Iranian government.
Rather, the Russian hackers infiltrated the Iranian group’s infrastructure in order to “masquerade as an adversary which victims would expect to target them,” said GCHQ’s Chichester.
Turla’s actions show the dangers of wrongly attributing cyberattacks, British officials said, but added that they were not aware of any public incidents that had been incorrectly blamed on Iran as a result of the Russian operation.
The United States and its Western allies have also used foreign cyberattacks to facilitate their own spying operations, a practice referred to as “fourth party collection,” according to documents released by former US intelligence contractor Edward Snowden and reporting by German magazine Der Spiegel.
GCHQ declined to comment on Western operations.
By gaining access to the Iranian infrastructure, Turla was able to use APT34’s “command and control” systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory.
The Russian group was also able to access the networks of existing APT34 victims and even access the code needed to build its own “Iranian” hacking tools.