|
- Iran: Eight Prisoners Hanged on Drug Charges
- Daughter of late Iranian president jailed for ‘spreading lies’ - IRAN: Annual report on the death penalty 2016 - Taheri Facing the Death Penalty Again - Dedicated team seeking return of missing agent in Iran - Iran Arrests 2, Seizes Bibles During Catholic Crackdown
- Trump to welcome Netanyahu as Palestinians fear U.S. shift
- Details of Iran nuclear deal still secret as US-Tehran relations unravel - Will Trump's Next Iran Sanctions Target China's Banks? - Don’t ‘tear up’ the Iran deal. Let it fail on its own. - Iran Has Changed, But For The Worse - Iran nuclear deal ‘on life support,’ Priebus says
- Female Activist Criticizes Rouhani’s Failure to Protect Citizens
- Iran’s 1st female bodybuilder tells her story - Iranian lady becomes a Dollar Millionaire on Valentine’s Day - Two women arrested after being filmed riding motorbike in Iran - 43,000 Cases of Child Marriage in Iran - Woman Investigating Clinton Foundation Child Trafficking KILLED!
- Senior Senators, ex-US officials urge firm policy on Iran
- In backing Syria's Assad, Russia looks to outdo Iran - Six out of 10 People in France ‘Don’t Feel Safe Anywhere’ - The liberal narrative is in denial about Iran - Netanyahu urges Putin to block Iranian power corridor - Iran Poses ‘Greatest Long Term Threat’ To Mid-East Security |
Sunday 28 December 2014Iran could be behind state hacking campaignA previously undisclosed hacking campaign against military targets in Israel and Europe is probably backed by a country that misused security-testing software to cover its tracks and enhance its capability, researchers said. The researchers from CrowdStrike and startup Cymmetria will present their unusual findings at the annual Chaos Communication Congress security conference in Hamburg on Saturday. Criminal hackers have made use of penetration-testing tools such as Metasploit for years, other experts said, but most major government-sponsored hacks have specially written tools supplemented by free and widely available programs. That is in part because commercial programs could be traced back to specific customers. Over time, however, the exposure of campaigns relying on the same tailor-made tools have made it easier for investigators to attribute those attacks to a specific government. Using the Core Security program, which typically costs $10,000 or $20,000, could help muddy the waters, and CrowdStrike analyst Tillmann Werner said it could also help a second-tier cyber-power skip some of the work frequently undertaken by China, Russia and the United States. "The most likely answer is they didn't have the capability to do it on their own," Werner said of the hackers, adding that "there is no risk of leaving tool-marks." Werner and Cymmetria Chief Executive Gadi Evron, who also chairs the Israeli CERT, said they did not know who was behind the campaign. But Evron said that one suspect would be Iran, judging by the victims and other evidence. The researchers dubbed the new campaign Rocket Kitten, following CrowdStrike's convention for naming all suspected Iranian hacking groups as Kittens. Iran has beefed up its Internet operations in the years since its nuclear program was attacked by Stuxnet, an unusually destructive virus developed by the United States and Israel. Evron said the team had uncovered seven connected attacks so far since April, including attempts to steal information from an Israeli company "adjacent to the defense and aerospace industry," an Israeli academic institution, a German-speaking defense agency, and an Eastern European defense ministry. At least the Israeli attempts failed, he said. The attacks typically began with carefully targeted emails with Excel spreadsheet attachments sent to top executives. The recipients were prompted to allow a type of miniature program known as macros to run inside the Microsoft Corp spreadsheets, and if they agreed, malicious software would install. That software would download part of Core's Core Impact tool, the researchers said. Core's licensing terms forbid use of its program against unsuspecting third parties, and Core Vice President of Engineering Flavio de Cristofaro said the company had not heard of such misuse in at least five years. De Cristofaro said the company would assist the CERT if asked and in any case would try to track down how the software was pried away from the watermarks and other technical restrictions designed to limit its spread. "We will follow that down," de Cristofaro said. Ynetnews |
