Surfeit and Blasé Security
The attackers mainly used Brobot malware to build a botnet of compromised servers to perform DDoS attacks against US banks and other organizations.
続きを読む
Employees of two Iranian IT firms charged in attacks on bank websites, dam.
The indictment against employees of the Iranian information security firm ITSecTeam, unsealed today, alleges the company was one of two involved in state-sanctioned attacks against US banks and SCADA systems.
US Attorney General Loretta Lynch, FBI Director James Comey, and other Justice Department officials announced today that a federal grand jury had issued indictments for seven Iranians employed by two information technology companies. The indictments allege that the companies were contracted by the Iranian government to conduct cyber attacks against bank websites in the US and carry out intrusion into the supervisory control and data acquisition (SCADA) network of a dam near Rye, New York.
In a press conference announcing the indictments, Lynch said, "Today, we have unsealed an indictment against seven alleged experienced hackers employed by computer security companies working on behalf of the Iranian government, including the Islamic Revolutionary Guard Corps. A federal grand jury in Manhattan found that these seven individuals conspired together, and with others, to conduct a series of cyberattacks against civilian targets in the United States financial industry that, in all, cost victims tens of millions of dollars."
The seven worked at ITSecTeam (ITSEC) and Mersad Company, both based in Iran. The companies are alleged to be contracted by the Iranian government and the Iranian Revolutionary Guard to conduct a range of network intrusions and attacks, including distributed denial of service campaigns against the websites of several US banks. The DDoS attacks, which started sporadically in December 2011, continued into September 2012—when attacks were ramped up to a "near-weekly basis,' the indictment states. At their peaks, the DDoS attacks reached 140 gigabits per second.
“Nitro Zeus” reportedly targeted Iran’s air defenses, communications, and power grid.
(credit: Aurich Lawson)
The Stuxnet computer worm that destroyed centrifuges inside Iran's Natanz uranium enrichment site was only one element of a much larger US-prepared cyberattack plan that targeted Iran's air defenses, communications systems, and key parts of its power grid, according to articles published Tuesday.
The contingency plan, known internally as Nitro Zeus, was intended to be carried out in the event that diplomatic efforts to curb Iran's nuclear development program failed and the US was pulled into a war between Iran and Israel, according to an article published by The New York Times. At its height, planning for the program involved thousands of US military and intelligence personnel, tens of millions of dollars in expenditures, and the placing of electronic implants in Iranian computer networks to ensure the operation targeting critical infrastructure would work at a moment's notice.
Another piece of the plan involved using a computer worm to destroy computer systems at the Fordo nuclear enrichment site, which was built deep inside a mountain near the Iranian city of Qom. It had long been considered one of the hardest Iranian targets to disable and was intended to be a follow-up to "Olympic Games," the code name of the plan Stuxnet fell under.
Two Iran-based attack groups that appear to be connected, Cadelle and Chafer, have been using Backdoor.Cadelspy and Backdoor.Remexi to spy on Iranian individuals and Middle Eastern organizations.
続きを読む