Iranian hackers are already targeting U.S. companies with specialized malicious software designed to wipe the contents of their computer networks rather than to simply steal their data, Chris Krebs, director of the Homeland Security Department’s cybersecurity division, warned in a Saturday email.
And cybersecurity companies — which were already clocking a dramatic increase in Iranian hacking during the past few weeks — began warning this weekend that the nation could increase its attacks and make them far more destructive.
Those retaliatory strikes are likely to hit a far broader range of targets than the U.S. cyber strikes, which my colleague Ellen Nakashima reported were limited to military systems and entailed weeks of preparation.
“They might choose a nonmilitary target where they can have a greater effect,” John Hultquist, director of intelligence and analysis at the cybersecurity firm FireEye, told me.
“They’re going to go for the soft underbelly,” he said. “In the past, that’s been our financial sector. They’ve also demonstrated interest in everything from energy to transportation to several other sectors.”
In addition to hacks that wipe data from computers, the Iranians might launch ransomware attacks that lock up computers until the victim pays a fine, or denial of service attacks that render websites and digital tools unusable, Hultquist told me.
The U.S. cyber strike, which came Thursday in response to Iran downing a U.S. surveillance drone, was personally ordered by President Trump and carried out by U.S. Cyber Command, Ellen reported. It comes after national security adviser John Bolton warned this month the administration would be more aggressive about launching offensive hacking operations.
The cyberattack, which was first reported by Yahoo News, may also have been in lieu of a physical offensive Trump claimed he nearly approved late last week but backed off of after learning as many as 150 people might be killed.
Trump is also planning to impose new sanctions on Iran today, he tweeted Sunday.
Iran’s minister for information and communications technology, Mohammad Javad Azari Jahromi, said on Twitter Monday the cyberattacks weren’t successful, Reuters reported.
Cyber pros nearly unanimously predicted Iran would respond to the cyberattack with hacks of its own. But they were split on whether the Trump administration made the right call by launching a cyberattack.
On the plus side, a cyberattack that doesn’t kill anyone is clearly a better outcome than a military strike with many casualties, Chris Painter, former State Department cyber coordinator during the Obama administration, told me.
“It sends a strong message that’s not accompanied by people dying, which is a good thing,” he said.
It was also good the attack appears not to have caused any collateral damage to Iranian civilians and didn’t compromise the computers of any other countries, which could complicate diplomatic relations, Painter told me.
He cautioned, however, that U.S. officials should also be communicating with Iran so officials there have a clear understanding of why the United States launched the attack and how they can prevent more cyber offensives.
“We have to worry about escalation but not be so concerned about escalation that we don’t do anything, because that in itself leads to escalation on the other side,” he said.
On the other hand, the Trump administration could have reduced the likelihood of retaliatory cyberattacks by instead opting for a smaller conventional attack that didn’t risk casualties, Michael Morell, a former acting CIA director, told me in an email.
“It would have sent the strongest message possible without creating escalation risk and it would not have created the potential for endless rounds of cyberattacks,” said Morell, who hosts the Intelligence Matters podcast.
Conversely, Rep. Seth Moulton (D-Mass.) a presidential candidate who has urged increasing the Pentagon’s cybersecurity budget, pushed for an even bigger digital strike against Iran before news of the missile hack broke Friday.
Moulton said on Twitter that the U.S. military should “shut off the power grid in southern Iran where the missile system is based,” which he argued would not only cow Iran but would also “send a forceful message … to China, North Korea, and everyone else watching.”
A renowned information security researcher who goes only by the handle @thegrugq also criticized the operation because it will allow the Iranians to find and fix whatever computer bug Cybercom exploited to launch the attack — presumably making it harder for U.S. hackers to disable those machines during a more serious conflict.
Painter warned there’s a good chance Cybercom has other digital weapons it could use if the conflict with Iran heats up. And if the United States always waits for a better time to use its hacking tools it might end up not using them at all -- and abandoning whatever value they have to push adversaries to change their behavior.
“We need cyber to be one tool in our arsenal," he said. "We have to use it sparingly and when it makes sense and this could be one of those cases."
|You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.|
|Not a regular subscriber?|
PINGED: The White House is considering banning all Chinese-made technology from U.S. next-generation 5G cellular equipment because of cybersecurity concerns, Stu Woo and Dustin Volz at the Wall Street Journal report. The ban could force European mobile suppliers that manufacture their products in China to relocate if they want to keep selling to U.S. companies. It would be far more sweeping than an earlier ban that solely excluded Huawei from U.S. 5G networks.
U.S. officials have been in touch with Nokia and Ericsson about moving their manufacturing out of China, the Journal reports. But a formal ban wouldn’t be adopted until October at the earliest and could take months longer to enact.
“The equipment produced by any firm operating in China is at greater risk for vulnerabilities because of access to personnel and facilities,” Michael Wessel, a member of the U.S.-China Economic and Security Review Commission, told the Journal.
Meanwhile, on Friday, the Commerce Department effectively banned U.S. sales to four Chinese companies and one Chinese research group involved with supercomputing citing national security concerns, my colleagues Craig Timberg and Ellen Nakashima reported.
PATCHED: President Trump “may” discuss potential election inference in 2020 with Russian President Vladimir Putin at the upcoming G-20 economic summit, he told NBC News's Chuck Todd on Meet the Press on Sunday. When asked by NBC whether he would ask Putin to not interfere, Trump responded, “I may if you'd like me to do it; I'll do that.”
Trump also defended comments from earlier this month when he said in an ABC News interview he would consider looking at information about his opponents from foreign governments before reporting it to the FBI.
“My answer last week was both. I said both. I'd do both,” Trump said, claiming that ABC ran a misleading cut of his answer.
The remarks led to renewed efforts from congressional Democrats to push bills that would protect the 2020 elections from foreign interference.
PWNED: A U.S. Customs and Border Protection assessment of a recent hack “woefully understates the number of sensitive documents that are now freely available on the Web,” my colleague Drew Harwell reports.
CBP officials said fewer than 100,000 photos of travelers were affected by a May breach and none of the photos had surfaced on the “dark web” where criminals often trade hacked data. Drew was able to find something much worse, however: hundreds of gigabytes of sensitive government intel, including schematics of technology installed at various points of entry as well as at U.S. military bases.
The hacked documents also included plans from Perceptics, the contractor that probably was breached, for a new facial recognition software that could identify obstructed faces at the border. Other documents in the hack outlined an expansion of government “use of license plate readers and facial-recognition cameras, including such details as how many cameras are focused on which traffic lanes at some of the busiest border crossings in the world,” Drew reported.
The breach has put privacy advocates and lawmakers on red alert.
“This is red meat for . . . a whole set of domestic and foreign terrorists and criminals who might want to use that information,” Joe Hall, chief technologist at the Center for Democracy & Technology, told Drew.
— Cybersecurity news from the public sector:
— Cybersecurity news from the private sector:
— Cybersecurity news from abroad:
- The House Homeland Security Committee will host a hearing on Artificial Intelligence and Counterterrorism tomorrow at 10 a.m.
- The House Homeland Security Committee will bring in representatives from Facebook, Google, and Twitter to discuss their company's efforts to address terror content and misinformation on Wednesday at 10 a.m.