Government and industry officials are still on high alert for bruising cyberattacks from Iran even though President Trump and Iranian leaders stepped back from the brink of a broader military conflict.
Even as the nations ratcheted back threats of physical attacks, the FBI and Department of Homeland Security sent a memo to law enforcement obtained by CNN warning of digital and physical attacks that could “sabotage…public or private infrastructure, including US military bases, oil and gas facilities, and public landmarks." Cybersecurity companies continued to sound alarms about far more serious hacks that might still be coming.
Meanwhile, pro-Iranian hackers launched a series of digital strikes throughout the day, including defacing city websites and spreading misinformation through hacked Twitter accounts. It's not clear if any of those attacks were backed by Iranian leaders.
The continuing threat underscores the pernicious nature of cyberattacks, which can pack a punch but not rise to the level of forcing a military or diplomatic retaliation. It also demonstrates the supreme value for Iran of attacking in cyberspace where it has an asymmetric advantage against the much-more digitally dependent United States.
This makes it an especially appealing option as conventional military confrontation becomes less likely, said Jamil Jaffer, a former top George W. Bush White House official who is vice president at IronNet Cybersecurity.
“Of all the areas where we might face a threat, cyber remains highest, particularly in sectors they’ve historically targeted,” he told me.
After a classified briefing from the Department of Homeland Security on Iranian cyberthreats, Sen. Gary Peters (Mich.) told me he remained "very concerned about possible retaliatory cyberattacks on the U.S." The top Democrat on the Senate Homeland Security Committee warned that "a major incident could severely disrupt our energy, financial and telecommunications networks.”
DHS's top cybersecurity official Chris Krebs warned in a New York Times interview that Iran may remain eager to launch destructive cyberattacks against U.S. companies that cause serious or even permanent damage.
“You need to get in the head space that the next breach could be your last,” he said.
Reps. Emanuel Cleaver II (D-Mo.) and Gregory Meeks (D-N.Y.), who serve on the House Financial Services Committee, also sent a letter to the Securities and Exchange Commission and eight other federal financial regulators urging them to strengthen protections against Iranian hacks.
All this happened despite President Trump's declaration he was “ready to embrace peace with all who seek it.” He earlier urged a new slate of sanctions against Iran and officials determined an Iranian missile strike against U.S. targets in Iraq appeared calibrated to cause minimal damage and avoid U.S. retaliation.
However, Iran is probably less likely now to launch an attack that destroys vital computer systems out of fear it will ratchet up the conflict again, said Jaffer, who also is executive director of George Mason University Law School’s National Security Institute. But hackers there may launch attacks that shut down access to U.S. banks and other financial institutions as they did in 2012, he said.
“After yesterday, I think the threat of an attack is still high, but a destructive attack is less likely,” he said. “They want to be seen as responding but not the kind of response that will elicit a punch back in the nose.”
Iranian hackers may also ramp up efforts to gain a foothold inside the computer networks of U.S. companies and government agencies so they’re prepared to do more damage if and when the conflict heats up again, Corey Thomas, CEO of the cybersecurity company Rapid7, told me.
“Don’t think anyone’s going to pack up their bags and go home. This will embolden the Iranians to build arsenals for the future,” he said.
PINGED, PATCHED, PWNED
PINGED: Sen. Tom Cotton (R-Ark.) is pushing a new bill that would cut off U.S. intelligence sharing from any nation that allows equipment from the Chinese telecom giant Huawei into its next-generation 5G wireless networks -- including the United States’s closest allies.
The bill goes much further than any previous congressional effort to get tough on the telecom that officials fear could be a conduit for Beijing’s spying and could cause friction with allies including the United Kingdom and Canada, which are likely to allow Huawei to play at least a limited role in their 5G systems.
“The United States shouldn’t be sharing valuable intelligence information with countries that allow an intelligence-gathering arm of the Chinese Communist Party to operate freely within their borders,” Cotton said in a statement. “I urge our allies around the world to carefully consider the consequences of dealing with Huawei to their national interests.”
Huawei has vehemently denied claims it aids Chinese spying.
Canada and the U.K. are members of the Five Eyes, the United States’ closest intelligence-sharing partnership. Other Five Eyes members Australia and New Zealand have both followed the United States in banning Huawei from their next-generation networks. Germany has also declined to preemptively ban Huawei from its 5G build-out.
PATCHED: Iran may also be ramping up cyberattacks against targets in Saudi Arabia, Jenna McLaughlin at Yahoo News reports. Authorities there discovered a new type of cyberattack suspected of coming from Iran that is designed to erase the content of computer systems and has hit numerous targets in the Middle East, Jenna reports.
Experts say it points to Iran's growing hacking capability at a time when the risk of a cyberattack against the United States is high. Saudi officials did not directly attribute the attack to Iran, according to a Saudi technical report obtained by Yahoo News. However, Tehran is the most likely culprit, according to experts who reviewed the report.
The attack was similar to the “Shamoon” malware that did shut down tens of thousands of computers at a Saudi state oil company in 2012, Jenna reports.
PWNED: Amazon-owned home surveillance company Ring has fired four workers for inappropriately accessing users’ video data, the company told five members of Congress in a letter yesterday. The admission could add to existing scrutiny of the company's security practices by lawmakers, my colleague Drew Harwell reports.
The employees were authorized to view customer data but attempted to access the videos in a way that “exceeded what was necessary for their job functions,” Amazon Vice President of Public Policy Brian Huseman wrote. Currently only three employees have access to stored Ring video footage, which is kept encrypted on an Amazon server. (Amazon CEO Jeff Bezos also owns The Washington Post).
“Media reports have inaccurately portrayed Ring's security practices,” Huseman said without pointing to any specific reports.
Amazon sent the letter in response to congressional alarm about a rash of security failures at the company, including hackers harassing customers through the video feature. Ring only recently began requiring enhanced security protections for new devices after media reports highlighted how easy it was to hack into the technology.
But there remain “millions of consumers who already have a Ring camera in their homes who remain needlessly vulnerable to hackers,” said Sen. Ron Wyden (D-Ore.), who sent the initial letter asking about Ring protections. Wyden urged the company to make enhanced security measures mandatory for all Ring devices.
— Cybersecurity news from the public sector:
— Cybersecurity news from the private sector:
THE NEW WILD WEST
— Cybersecurity news from abroad:
- The Committee on House Administration will hold a hearing entitled “2020 Election Security - Perspectives from Voting System Vendors and Experts” at 10 a.m..
— Coming up:
- The House Armed Services Committee will host a hearing on the Department of Defense's Role in Competing with China” on Wednesday at 10 am
- The U.S. Election Assistance Commission (EAC) will host an all-day summit on Jan. 14 addressing preparations for the 2020 elections at the National Press Club.