Printable Page Headline News   Return to Menu - Page 1 2 3 5 6 7 8 13
 
 
Iran Hackers Hunt US Targets           12/13 06:11

   LONDON (AP) -- As U.S. President Donald Trump re-imposed harsh economic 
sanctions on Iran last month, hackers scrambled to break into personal emails 
of American officials tasked with enforcing them, The Associated Press has 
found --- another sign of how deeply cyberespionage is embedded into the fabric 
of US-Iranian relations.

   The AP drew on data gathered by the London-based cybersecurity group Certfa 
to track how a hacking group often nicknamed Charming Kitten spent the past 
month trying to break into the private emails of more than a dozen U.S. 
Treasury officials. Also on the hackers' hit list: high-profile defenders, 
detractors and enforcers of the nuclear deal struck between Washington and 
Tehran, as well as Arab atomic scientists, Iranian civil society figures and 
D.C. think tank employees.

   "Presumably, some of this is about figuring out what is going on with 
sanctions," said Frederick Kagan, a scholar at the American Enterprise 
Institute who has written about Iranian cyberespionage and was among those 
targeted.

   Kagan said he was alarmed by the targeting of foreign nuclear experts.

   "This is a little more worrisome than I would have expected," he said.

   The hit list surfaced after Charming Kitten mistakenly left one of its 
servers open to the internet last month. Researchers at Certfa found the server 
and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers 
that they handed to the AP for further analysis. Although those addresses 
likely represent only a fraction of the hackers' overall effort --- and it's 
not clear how many of the accounts were successfully compromised --- they still 
provide considerable insight into Tehran's espionage priorities.

   "The targets are very specific," Certfa researcher Nariman Gharib said.

   In a report published Thursday , Cerfta tied the hackers to the Iranian 
government, a judgment drawn in part on operational blunders, including a 
couple of cases where the hackers appeared to have accidentally revealed that 
they were operating from computers inside Iran. The assessment was backed by 
others who have tracked Charming Kitten. Allison Wikoff, a researcher with 
Atlanta-based Secureworks, recognized some of the digital infrastructure in 
Certfa's report and said the hackers' past operations left little doubt they 
were government-backed.

   "It's fairly clear-cut," she said.

   Calls to Iranian officials were not returned late Wednesday, the beginning 
of the weekend in the country.

   Iran has previously denied responsibility for hacking operations, but an AP 
analysis of its targets suggests that Charming Kitten is working in close 
alignment with the Islamic Republic's interests. The most striking among them 
were the nuclear officials --- a scientist working on a civilian nuclear 
project for the Pakistan's Ministry of Defense, a senior operator at the 
Research and Training Reactor in the Jordanian city of Ramtha, and a 
high-ranking researcher at the Atomic Energy Commission of Syria.

   The trio suggested a general interest in nuclear technology and 
administration. Others on the hit list --- such as Guy Roberts, the U.S. 
Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense 
Programs --- pointed to an eagerness to keep track of officials charged with 
overseeing America's nuclear arsenal.

   "This is something I've been worried about," Roberts said when alerted to 
his presence on the list.

   Still more targets are connected to the Iran deal --- a 2015 pact negotiated 
by former U.S. President Barack Obama's administration and other world powers 
that called for Tehran to curb its uranium enrichment in exchange for the 
lifting of international sanctions. Trump tore up the deal in May over the 
objections of most of America's allies and has re-imposed a series of punishing 
restrictions on Iran since.

   One of Charming Kitten's targets was Andrew J. Grotto, whose tenure on the 
U.S. National Security Council straddled the Obama and Trump administrations 
and who has written about Iran's nuclear ambitions.

   Jarrett Blanc, the State Department coordinator responsible for the 
implementation of the nuclear deal under Obama, was also on the list. He said 
news of his targeting was no shock.

   "I've retained contact with Iranian counterparts since leaving government," 
he said. "I'd be very surprised if there were not Iranian groups trying to hack 
into my various email accounts."

   Like the Russian hackers who have chased after America's drone, space and 
submarine secrets , the list indicates that Iranian spies were also interested 
in the world of U.S. defense companies. One of those targeted is a senior 
director of "breakthrough technology" at the aerospace arm of Honeywell 
International Inc., the New Jersey-based industrial conglomerate; another is a 
vice president at Virginia-based Science Applications International Corp., a 
prominent Pentagon contractor.

   Honeywell said it was aware that one of its employees had their personal 
account "exposed," adding that there was no evidence that the company's network 
was compromised. SAIC said it found no trace of any hacking attempt against its 
employee's account.

   There were Iranian targets too, including media workers, an agronomist and a 
senior employee of the country's Department of Environment --- a possible sign 
that Tehran's crackdown on environmentalists , which began earlier this year, 
continues apace.

   Hacking has long been a feature of the tense relationship between the United 
States and Iran, whose militant brand of Shia Islam has challenged American 
interests in the Middle East since 1979.

   It was against Iran that U.S. and Israeli spies are said to have deployed 
the pioneering, centrifuge-rattling computer worm dubbed Stuxnet in a bid to 
sabotage the country's uranium enrichment capabilities. Iranian hackers in turn 
are blamed for denial of service assaults on American banks and 
computer-wrecking cyberattacks in Saudi Arabia, Iran's regional archrival.

   The Charming Kitten campaign uncovered by Certfa is far less sophisticated, 
generally relying on a password-stealing technique called phishing. Two Nov. 17 
emails provided to the AP by Jim Sisco of Enodo Global Inc., a Virginia-based 
risk advisory firm that was targeted by Charming Kitten, mimic the look and 
feel of Gmail security alerts, a technique used by hackers across the globe.

   An analysis of Certfa's data shows the group targeted at least 13 U.S. 
Treasury employees' personal emails, including one belonging to a director at 
the Financial Crimes Enforcement Network, which fights money laundering and 
terror financing, and one used by the Iran licensing chief at the Office of 
Foreign Asset Control, which is in charge of enforcing U.S. sanctions. But a 
few employees' LinkedIn profiles referenced back office jobs or routine tax 
work.

   That suggested "a fairly scattershot attempt," said Clay Stevenson, a former 
Treasury official who now consults on sanctions and was himself targeted by 
Charming Kitten.

   Others' experience suggests a more professional effort.

   Georgetown University professor and South Asia security expert Christine 
Fair said she had only recently returned from a conference in Afghanistan 
attended by Iranian officials and a visit to the Iranian border when she 
learned she was in the hackers' sights.

   "The timing is uncanny," she said.

   Another Charming Kitten target was an intern working for the Foundation for 
Defense of Democracies, a Washington think tank that has been one of the Iran 
deal's fiercest critics. How the intern --- whose email isn't public and whose 
name appears nowhere on the organization's website --- crossed the hackers' 
radar is not clear. The foundation issued a statement calling the revelation 
"yet another indicator that Iran must be viewed as a nefarious actor in all 
theatres in which it operates."

   Kagan, the scholar, said most signs pointed to a serious, state-backed 
operation.

   "It doesn't look like freelancers," he said.


(KA)

 
 
Copyright DTN. All rights reserved. Disclaimer.
Powered By DTN