Infowar - Iranian cyber-attack over USA

Slowly but Iran is strenghten the capabilities to cyber war and hybrid war. The information warfare in Middle East started years ago after the Stuxnet spread for Iranian nuclear program and rapidly spread over the world.

After this, the cyber warfare capability was exploited and now, in the U.S. presidential elections, Iran used cyber attacks to hijack the president Trump.

Remembering that in June, 2019, Iran was targeted by cyber attacks from USA.

Some gaps was seem this. First of all, a possible 'phallacy' of USA for give rigt information and blame a common historic enemy, trying to steal the credibility of Iran in world's scenario. Other gap is the Trump's rethoric of being all the time attacked or instigated, like the previous elections that the democrates blamed Trump to be close to Russian hackers helping to manipulate the numbers to his victory.

Now, Trump is facing a possible impeachment that will make him isolated, as the approximation to Ukrainian president can be a maneuver using the cyber attacks from Iran to achieve some international goals, specially in Ukraine and Middle East, as an excuse to attack Syria and go for Iranian soil.

Trump can be isolated from his failing politics. After the dismiss of Bolton, the strategic of a possible soft power politician can make him find some support and give him a little more credibility.

Microsoft: Iranian cyberattack targeted a US presidential campaign

Phosphorous also pursued officials, journalists and expatriates.

https://www.engadget.com/2019/10/04/iran-cyberattacks-targeted-us-presidential-campaign/

Iran has apparently been engaged in a large-scale cyberattack bent on compromising American politics. Microsoft reported that Phosphorous, a known group it believes is linked to the Iranian government, attacked 241 email accounts in a 30-day period between August and September, including those for a US presidential campaign as well as current and former US officials, journalists covering world politics as well as "prominent" expatriate Iranians. Four of these accounts were compromised, though this didn't include the presidential run or any officials.

The intruders "were not technically sophisticated," Microsoft said, but they were determined. They conducted extensive research of personal info to identify accounts and potentially fool account recovery systems, sometimes obtaining phone numbers used for two-factor authentication. There were over 2,700 attempts to identify accounts over the roughly month-long stretch. Phosphorous frequently used spear phishing in hopes it might trick users into providing login details through fake web forms.

Microsoft said it had notified Phosphorous' targets, and was helping compromised users secure their accounts. It also recommended that political figures use its AccountGuard program to get advanced monitoring and threat alerts.

Iran hasn't acknowledged its involvement in the attacks. However, they wouldn't be surprising in light of escalating tensions between the US and Iran that have included digital warfare. Iran has also been accused of conducting a Russia-like disinformation campaign meant to skew American politics ahead of the 2020 presidential election. If Iran is involved, this would mainly represent one of the most overt attacks to date.

How Iran Would Wage Cyber War Against the United States

Who would win? How bad could it get? Could it lead to a larger war?

https://nationalinterest.org/blog/buzz/how-iran-would-wage-cyber-war-against-united-states-85841

As tensions continue to mount between the United States and Iran, many analysts fear a military conflict could soon erupt, potentially engulfing the region.

While such a conflict is certainly possible, and the situation remains highly fluid, the reality is that neither Iran nor the United States actually wants a war. Iran knows it can’t withstand one against the United States, and President Donald Trump has stated repeatedly that he is disinclined to involve America in another “endless” Middle East war.

This means both sides are likely to engage in a more covert battle of wills—and cyber will be a primary focus. Cyberwarfare is an ideal tool in this type of situation, since the risk of escalation from physical attacks remains high. Over the last fifteen years, Iran has shown an increasing reliance on asymmetric warfare to confront, challenge and undermine U.S. interests in the region, and since 2011 it has increasingly turned to cyber when doing so. On numerous occasions in the last nine years, Iran’s cyber operations have demonstrated to the world that they are willing to act aggressively and—some might say—recklessly in cyberspace, and to achieve only limited goals and objectives.

With this in mind, here is a closer look at how Iran is likely to engage the United States in cyberspace.

Iran’s Cyber Strategy

Iran uses cyber mostly as an extension of its military forces, and it seems less cognizant of red lines than other U.S. adversaries.

Just consider some of the brazen attacks it has carried out in recent years. In 2012, it risked triggering a disruption in the international oil supply when it launched a massive destructive malware attack on Saudi Aramco. From 2011 to 2013, it targeted the U.S. financial sector in a widespread DDoS campaign that disrupted services. In 2013, it attempted to gain remote access to the sluice gate controls of a New York dam, which could have produced the first cyber kinetic event on the U.S. homeland.

As we’ve seen in Iran’s traditional military operations, from its September strike on Saudi oil facilities to the June shoot down of a U.S. drone in international waters and the 2016 interdiction of U.S. sailors in the Persian Gulf, Iran is both aggressive and unpredictable—to the point of being reckless.

This is important in understanding how the Islamic Revolutionary Guard Corps (IRGC) is likely to approach future cyber operations against the United States. It has fewer restraints than other American adversaries (even Russia, North Korea and China), and is willing to act boldly and dangerously just to send a message.

Iran’s Cyber Capabilities

Since 2010, when Iran’s nuclear industry was attacked by a physically destructive malware called “Stuxnet,” the country has been steadily ramping up its development of cyber warfare capabilities.

Although Iran is generally considered at least a step below the major cyber powers—the United States, Russia, China, Israel and our European allies—it is clearly evolving rapidly, and Iran’s leadership appears to appreciate the value of cyber as an effective retaliatory measure to U.S. attacks and provocations.

Iran’s cyber operations are more decentralized than other leading cyber powers. It relies heavily on proxy cyber forces, and the extent to which the IRGC can directly control these groups is questionable, with some analysts suggesting it has less control than would be desirable.

While Iran is likely to be developing its own custom cyber “weapons,” to date it has primarily relied on criminal malware and other tools it can modify for its own purposes.

Iran is proficient in a variety of standard network attacks, such as phishing, DDoS, DNS hijacking and remote access, but it has also shown a developing ability to carry out more complicated attacks—particularly the infiltration of industrial control systems (ICS).

What Role Will Proxy Forces Play?

There is no scenario in which Iran’s proxy forces would not be utilized—and heavily—in a cyber conflict with the United States. They are vital to Iran’s overall strength in cyber, and its “show of force” tactics.

However, between Iran’s questionable control of these groups and their reduced capabilities when compared with the IRGC, they would most likely be used in regional attacks on Gulf states—and, if extended to the United States, to soft targets only.

How Would Iran Attack America?

The Center for Strategic & International Studies (CSIS) offers this assessment of Iran: “Iranian [cyber] attacks are likely to be retaliatory, intending to make the point that the United States is not invulnerable but without going too far.” It goes on to say that, “Attacking major targets in the American homeland would be escalatory, something Iran wishes to avoid.”

This is a fair assessment of Iran, but there is a lot of wiggle room in terms of what is considered “retaliatory”—as well as what Iran deems to be instigative and the timeframe for a response—and what constitutes “major targets” in the United States. Remember, Iran has already shown itself to be brazen in its attacks on U.S. homeland targets—and some describe the early 2010s cyber skirmishes with Iran as America’s first known cyberwar.

Iran is likely to carry out the bulk of any attacks on Gulf state rivals, with a particular focus on the royals, government assets and oil and gas industry infrastructure. But we should not underestimate its ability or willingness to attack important targets within the United States. Whether it limits these attacks to soft targets, like media companies, think tanks, outspoken critics of Iran, etc., or instead goes after hard targets like the U.S. financial system, energy industry and government assets depends entirely on how escalatory the regime considers U.S. actions to be.

What Trump calls “maximum pressure,” the Iranians view as “economic terrorism.” To Iran’s leaders, any cyber offensive action taken at any time during the current standoff and destabilizing economic sanctions may be deemed justified as a retaliatory measure.

Could a Cyber War Escalate?

Yes. The question isn’t so much “if” as “by how much?” Already, the United States, Iran and Saudi Arabia are in the early phases of conflict. It’s not unlikely that the United States will turn to Israel for additional support.

A recent report by DarkMatter showed that cyber attacks (linked to Iran) have been increasing generally in the Middle East, particularly against the United Arab Emirates. We can expect that trend to continue and worsen as tensions mount.

Iran is more likely to be the aggressor in these regional attacks, with countries like Saudi Arabia and the UAE largely playing defense. Iran and its proxies will target the energy infrastructure, critical infrastructure and government networks of its regional rivals, as it attempts to weaken those governments, signal the growing danger it can pose to the global energy market and in general create complications for the United States.

A key question is what role China will play in the event of a serious escalation in cyber incidents. China is Saudi Arabia’s largest oil customer, and its economy can’t afford price hikes or supply disruptions.

Conclusion

Iran is a potent force in the cyber domain and the threats it poses should be taken seriously. The chances are high that we will see an extended cyber conflict between the United States and Iran, which will likely spill over into other regional players.

The key uncertainty is “how far will it go”—but what we can be sure of is Iran’s unpredictability. This nation has shown itself to be one of the most aggressive actors in cyber warfare, and it hasn’t shied away from attacking the United States on its own soil.

While a major oil supply disruption or kinetic attack in the United States is less likely, one cautionary note to bear in mind is that cyber attacks on industrial environments can produce unexpected outcomes. Therefore, it is possible for an Iranian miscalculation to accidentally trigger a dire event that could have far-reaching consequences.

David Kennedy, founder/CEO of TrustedSec (www.trustedsec.com), is a former hacker for the NSA and Marine Corps, where he worked in signal intel and electronic warfare operations, and completed two tours in the Middle East. He served as a technical advisor to the Mr. Robot show and has testified twice before Congress. David's company specializes in penetration testing, vulnerability research and nation-grade adversary simulation, which they provide to the U.S. government, foreign governments and Fortune 100s. TrustedSec also provides training to the U.S. military's cyber protection teams (i.e., rapid response units).