The hacking case comes at a tenuous time for the fragile relationship between the United States and Iran. The Trump administration is threatening to withdraw from the Iran nuclear deal, the accord reached in 2015 between Iran and six world powers that limited nuclear programs in exchange for sanctions relief.
President Trump has said he wants to impose harsh sanctions on Iran, a move that could compel Iran to leave the agreement.
Security experts worry that if Mr. Trump follows through on his threats to dismantle the agreement — he announced on Thursday that John R. Bolton, an opponent of the deal, would be his next national security adviser — American companies will be targeted in an increasing number of cyberattacks from Iran.
“The nuclear deal imposed a constraint on them, and when the deal goes away, so does their constraint,” said James A. Lewis, a digital security expert at the Center for Strategic and International Studies, a Washington think tank.
Targets could include critical infrastructure in the United States, in attacks like those on Saudi petrochemical companies over the past year that experts at Symantec suspect were the work of Iran.
The Iranian government first employed online breaches to combat domestic political opposition and then turned its focus overseas in a series of escalating attacks on private companies in the United States and its allies, according to multiple reports by American intelligence officials and private digital security firms.
Private security researchers and intelligence officials who have tracked Iranian cyberactivity say the country has increasingly relied on proxy forces — a mix of contractors, volunteers, patriotic hackers and engineers at Iranian universities, and even its religious schools — to strike at Iran’s geopolitical enemies.
“Relying on these irregulars and contractors gives the state some semblance of deniability,” Mr. Lewis said.
Over the past five years, Iranian hackers demonstrated increasing sophistication, with a spate of attacks that took down the online banking websites of some dozen United States banks in late 2012. That same year, government officials and private researchers at CrowdStrike tied Iranian hackers to a digital strike at Saudi Aramco, the world’s biggest oil company, which wiped data on some 30,000 Aramco machines, replacing it with an image of a burning American flag.
Less than two years later, Iranian hackers pulled off a similar feat at the Sands Hotel and Casino in Las Vegas, after its owner, Sheldon Adelson, advocated a nuclear strike on Iran. The hackers deployed malware that brought the casino’s operations to a halt, wiped data off its machines, replaced websites with a photograph of Mr. Adelson with Prime Minister Benjamin Netanyahu of Israel and signed their online screeds the “Anti W.M.D. Team.”
But security experts note that Iranian attacks have dropped off since the signing of the nuclear deal. “They’ve been on their best behavior because of the nuclear deal,” Mr. Lewis said. “To avoid having the nuclear deal collapse, they have not been willing to risk it.”
But on Friday, the government said that a new group of hackers stole innovative work and intellectual property from the computer systems of 144 American universities, the Labor Department, the Federal Energy Regulatory Commission and the states of Hawaii and Indiana.
They also infiltrated the United Nations, 176 universities in 21 countries around the world, and dozens of domestic and foreign companies, some in banking, health care and the law, the officials said.
In a scheme that continued for more than four years, the Mabna Institute is accused of stealing more than 31 terabytes of academic data and intellectual property, as well as the contents of employee email accounts. The hackers sent so-called phishing emails to unsuspecting people, who gave them access to their computers after opening those emails.
The scheme “should send a message around the world about Iran’s continued deceptive practices,” Sigal P. Mandelker, the Treasury Department’s under secretary for terrorism and financial intelligence, said during the news conference.
Continue reading the main story
Powered by WPeMatico