Tracking Iran’s cyberterrorism

Updated 01 March 2019
Follow

Tracking Iran’s cyberterrorism

  • Tehran is stepping up its malicious online attacks, experts say — and Saudi Arabia is one of its main targets
  • In 2012, some 35,000 computers were affected by a major cyberattack against Saudi Arabia

DUBAI: Iran is one of the biggest threats in cyberspace, according to experts who warn that a global response is needed to repel its rising wave of cyberattacks on government and communications infrastructure worldwide.

The leading state sponsor of terror is extending its malign presence online, with Saudi Arabia among its main targets. Iran’s growing digital prowess is part of its “soft war” strategy to spy on adversaries and spread its rhetoric. 

“Iran is increasingly active and a growing cyber threat, though it isn’t the most sophisticated actor,” Michael Eisenstadt, Kahn fellow and director of the military and security studies program at the Washington Institute for Near East Policy, told Arab News. “But as past Russian hacking efforts in the US have shown, you don’t need to be technologically sophisticated to hack and then leak emails, causing embarrassment to adversaries.”

In recent months, cybersecurity firms and tech companies have exposed attacks linked to faceless enemies in Iran. 

“Cyber holds a certain appeal” for the country, Eisenstadt said. “Because of the difficulty attributing responsibility for cyber-attacks, it provides Tehran with a degree of deniability,” he said. “Perhaps most importantly, it allows Iran to strike its adversaries globally, instantaneously and on a sustained basis, and to achieve strategic effects in ways it can’t in the physical domain.”

Iran’s greatest adversaries are the US, Israel and Saudi Arabia “in that order,” Eisenstadt said. “In March 2018, the US government designated an Iranian entity, the Mabna Institute, and nine individuals associated with the institute, for operating a massive hacking and cyberspying operation that targeted hundreds of universities and companies in dozens of countries to steal proprietary data and academic research, presumably to help Iran’s own research and development efforts, to circumvent sanctions, and to compensate for its economic isolation. These activities had been going on for years.”

Joyce Hakmeh, a research fellow of cyber policy and co-editor at the Journal of Cyber Policy at the International Security Department at Chatham House, said Iran has been linked to several attacks in the Middle East, including in Saudi Arabia. One of the biggest attacks was identified in 2012, when an Iranian hacker group deployed the Shamoon computer virus to cripple thousands of hard drives at Saudi Aramco. “Everyone remembers the big attack against Saudi Arabia in 2012, which affected 35,000 computers. It was called the biggest hack in history at the time,” she said.

Eisenstadt said there were several attempted strikes on Saudi government and private sector entities using the Shamoon 2.0 malware in 2016 and 2017, and on Italy’s Saipem oil services firm (whose biggest customer is Saudi Aramco) in December 2018.

Hakmeh said while “attribution is a challenge” when it comes to cyber activity, a host of groups have been linked to Tehran’s terror online, including Magic Hound, MuddyWater, APT33, APT34, APT39, Cobalt Gypsy, Rocket Kitten and NewsBeef.

Collectively, these have targeted organizations across the Middle East in industries including finance, government, energy, chemicals and telecommunications.

A 2018 report by the Carnegie Endowment for International Peace noted: “While Iran’s offensive cyber operations have required modest resources to develop, they have allowed Tehran to project itself as an emerging cyber power able to cause significant harm to its adversaries.”

The report said: “As judged from the evidence of coordination between security agency actions and observed cyber operations, the campaigns of Iranian threat actors almost certainly have a direct relationship with government entities, specifically the Islamic Revolutionary Guard Corps and the Ministry of Intelligence. Attempts to forecast the future of Iranian cyber operations are constrained by the secrecy on the part of the Iranian state about its activities and an uncertain geopolitical climate.”

Eisenstadt said when it comes to the biggest threats in cyberspace, the most formidable actors are Russia followed by China, North Korea and Iran. “Iran’s activities in the cyber domain generally serve its broader foreign policy objectives. In some cases, the goal might be to advance Iran’s propaganda line. In others, it might be to steal intellectual property and propriety information, in order to circumvent sanctions and benefit its own research and development efforts,” he said.

Hakmeh said countries, especially in the Middle East, need to build resilience against cyberattacks by sharing information, preparing strategies and educating people about good “cyber hygiene,” such as changing passwords. “While Iran for some years has been considered a third-tier threat, the threat is considerable. It’s a country to monitor, to keep on the map,” she added. “It doesn’t have the same capabilities as China, Russia or the US, but it has been able to be very destructive.” 

While Iran spreads fake news to support its rhetoric against Israel, Saudi Arabia and the US, its more serious attacks are geopolitically motivated, said Hakmeh. “Most of the attacks that Iran has been linked to are for espionage reasons to get a competitive advantage — Saudi Arabia’s petrochemical industry, for example, to see what technology it’s using — or to gain insight into Saudi Arabia’s military capacities so Iran can enhance its own,” she said.

Dr. Johannes Ullrich, dean of research at the SANS Institute, a US company that specializes in information security and cybersecurity training, said as Iran’s conflict with its neighbors grows, so has its presence on the dark web.

“Iran is believed to maintain a significant effort to conduct offensive cyber operations against its adversaries,” he added. “It may not be among the most sophisticated, but it’s very aggressive in applying the skills it has.

“One technique that has been employed in the attacks is domain hijacking. For this attack, an administrator’s password is used to alter settings for an organization’s domain. The attack itself is pretty simple, and the hard part is to get the administrator’s password. It isn’t clear how the administrator password was obtained in these cases, but typically phishing attacks are used. Overall these attacks aren’t terribly sophisticated, but the impact can be huge.”

Aside from hacks on government and company infrastructure, Iran has been linked to a global network of fake news websites. ClearSky, a Tel Aviv-based cyber tech security firm, recently issued a report linking Iranian propagandists to fake news sites in 28 countries that spread misinformation about their targets — chiefly in the Middle East and Asia — and advance Tehran’s ideological and geopolitical interests.

In recent months, FireEye, a US  cybersecurity firm, issued a warning about fake news sites and profiles on Facebook and Twitter that it believed were operated
by Tehran as part of its cyber-
influence campaign.  Such campaigns were also exposed by Twitter, which posted 1 million tweets generated by fake accounts. 

Facebook said it had deleted dozens of fake profiles. Just this month, the platform said it removed 783 accounts tied to Iran that appeared to be engaging in a manipulation campaign against people in almost 30 countries.

Still, experts at the Institute for National Security Studies in the US have said Tehran’s efforts have not been foolproof, with a report noting: “Use of Iranian contact data (such as phone numbers and email addresses), copied content and poor writing has led to their public exposure. Until then, however, Iran managed to reach many people … some contents were viewed by millions of views, and some earned responses by hundreds of thousands of surfers.”

Simone Vernacchia, cybersecurity and digital infrastructure advisory lead at PwC Middle East, said that while it is against his company’s policy to attribute cyberattacks to a specific “nation-state actor,” the firm had noted an “increase in disruptive attacks, which may be sponsored by a nation-state.”

Although there has been a big increase in investment in cybersecurity in past months, many Middle Eastern countries’ defense systems remain less advanced than those in the West, he said.

“A stronger collaboration among privately owned critical infrastructure and government defense systems, as well as a strong and periodically tested set of organizational and technical interfaces, would strengthen the ability to respond to crises,” he said.


Israel’s warfare in Gaza consistent with genocide, UN committee finds

Updated 5 sec ago
Follow

Israel’s warfare in Gaza consistent with genocide, UN committee finds

  • Committee’s report states ‘Israeli officials have publicly supported policies that strip Palestinians of the very necessities required to sustain life’
  • It raises ‘serious concern’ about Israel’s use of AI to choose targets ‘with minimal human oversight,’ resulting in ‘overwhelming’ casualties among women and children

NEW YORK: Israel’s methods of warfare in Gaza, including the use of starvation as a weapon, mass civilian casualties and life-threatening conditions deliberately inflicted on Palestinians in the territory, are consistent with the characteristics of genocide, the UN Special Committee to Investigate Israeli Practices said in a report published on Thursday.

“Since the beginning of the war, Israeli officials have publicly supported policies that strip Palestinians of the very necessities required to sustain life: food, water and fuel,” the committee said.

Statements from Israeli authorities and the “systematic and unlawful” blocking of humanitarian aid deliveries to Gaza make clear “Israel’s intent to instrumentalize life-saving supplies for political and military gains,” it added.

The committee, the full title of which is the UN Special Committee to Investigate Israeli Practices Affecting the Human Rights of the Palestinian people and other Arabs of the Occupied Territories, was established by the UN General Assembly in 1968 to monitor the human rights situation in the occupied Golan heights, the West Bank, including East Jerusalem, and the Gaza Strip. It comprises the permanent representatives to the UN from three member states, currently Malaysia, Senegal and Sri Lanka, who are appointed by the president of the General Assembly.

Its latest report, which covers the period from October 2023 to July 2024, mostly focuses on the effects of the war in Gaza on the rights of Palestinians.

“Through its siege over Gaza, obstruction of humanitarian aid, alongside targeted attacks and killing of civilians and aid workers, despite repeated UN appeals, binding orders from the International Court of Justice and resolutions of the Security Council, Israel is intentionally causing death, starvation and serious injury, using starvation as a method of war and inflicting collective punishment on the Palestinian population,” the committee said.

The “extensive” Israeli bombing campaign has wiped out essential services in Gaza and caused an “environmental catastrophe” that will have “lasting health impacts,” it adds.

By early 2024, the report says, more than 25,000 tonnes of explosives, equivalent to two nuclear bombs, had been dropped on Gaza, causing “massive” destruction, the collapse of water and sanitation systems, agricultural devastation and toxic pollution. This has created a “lethal mix of crises that will inflict severe harm on generations to come,” the committee said.

The report notes “serious concern” about Israel’s use of artificial intelligence technology to choose its targets “with minimal human oversight,” the consequence of which has been “overwhelming” numbers of deaths of women and children. This underscores “Israel’s disregard of its obligation to distinguish between civilians and combatants and take adequate safeguards to prevent civilian deaths,” it adds.

In addition, Israel’s escalating censorship of the media and targeting of journalists are “deliberate efforts” to block global access to information, the committee found, and the report states that social media companies have disproportionately removed “pro-Palestinian content” in comparison with posts inciting violence against Palestinians.

The committee also condemned the continuing “smear campaign” and other attacks on the reputation of the UN Relief and Works Agency for Palestine Refugees, and the wider UN.

“This deliberate silencing of reporting, combined with disinformation and attacks on humanitarian workers, is a clear strategy to undermine the vital work of the UN, sever the lifeline of aid still reaching Gaza, and dismantle the international legal order,” it said.

It called on all states to honor their legal obligations to stop and prevent violations of international law by Israel, including the system of apartheid that operates in the West Bank and East Jerusalem, and to hold Israeli authorities accountable for their actions.

“Upholding international law and ensuring accountability for violations rests squarely on member states,” the committee said.

Failure to do this weakens “the very core of the international legal system and sets a dangerous precedent, allowing atrocities to go unchecked.”

The committee will officially present its report to the 79th Session of the UN General Assembly on Monday.


UN to bolster UNIFIL for post-truce support in Lebanon, peacekeeping chief says

Updated 7 min 20 sec ago
Follow

UN to bolster UNIFIL for post-truce support in Lebanon, peacekeeping chief says

  • “I think that has to be very clear. Implementing the 1701 is the responsibility of the parties,” said Lacroix
  • Lacroix said the peacekeeping mission would work with the Lebanese army to “support the implementation of a settlement

BEIRUT: The United Nations intends to bolster its peacekeeping mission in Lebanon to better support the Lebanese army once a truce is agreed but would not directly enforce a ceasefire, UN peacekeeping chief Jean-Pierre Lacroix said on Thursday.
The peacekeeping mission known as UNIFIL is deployed in southern Lebanon to monitor the demarcation line with Israel, an area that has seen more than a year of hostilities between Israeli troops and Iran-backed Hezbollah fighters.
Diplomatic efforts to end the fighting have centered on UN resolution 1701, which ended the last round of conflict between the two heavily-armed foes in 2006 and requires Hezbollah to remove fighters and weapons from areas between the border and the Litani River, which runs about 30 km (around 20 miles) from Lebanon’s southern border.
Israel has for years accused UNIFIL of failing to implement the resolution, and now says peacekeepers must get out of the way as Israeli troops fight Hezbollah. UNIFIL troops have refused to leave their posts, despite repeated Israeli attacks that have wounded peacekeepers.
“I think that has to be very clear. Implementing the 1701 is the responsibility of the parties,” said Lacroix, speaking to reporters on a three-day visit to Lebanon. “UNIFIL has a supportive role, and there is a lot of substance in that supporting role.”
Lacroix said the peacekeeping mission would work with the Lebanese army to “support the implementation of a settlement” and was already in discussions with contributing nations to assess UNIFIL’s needs, including with advanced technology, without necessarily increasing troop numbers.
Following a truce, UNIFIL’s capacities could be expanded to include clearing explosive devices and reopening roads.
“We don’t necessarily think in terms of numbers, we think in terms of what would be the needs and how could they be fulfilled,” he said.
Lacroix said the UN and several member states have repeatedly called on all parties to ensure the safety of peacekeepers and that while incidents had not stopped, they had not increased following international condemnation.


Lebanon says at least three killed in Israeli strike on Baalbek

Updated 14 November 2024
Follow

Lebanon says at least three killed in Israeli strike on Baalbek

  • A ministry statement said body parts were recovered from the site

BEIRUT: Lebanon’s health ministry said at least three people were killed in an Israeli strike Thursday on the main eastern city of Baalbek.
“The Israeli enemy strike... in Baalbek killed three people, in an initial toll,” a ministry statement said, adding that “body parts were recovered from the site and their identities are being verified.”


Cafe in Libya champions recycling and sustainability

Updated 14 November 2024
Follow

Cafe in Libya champions recycling and sustainability

  • Lamma, which means “gathering” or “hangout” in Arabic, has become a cultural hub for locals and other visitors
  • Its central mission, its owner said, is raising awareness of an eco-friendly lifestyle in Libya

TRIPOLI: In Libya’s capital, a cafe’s sleek exterior gives little hint of the vibrant space inside, built entirely from recycled materials to promote sustainability in a country recovering from years of war.
Lamma, which means “gathering” or “hangout” in Arabic, has become a cultural hub for locals and other visitors, featuring an art gallery that showcases Libyan artists, and hosts events and workshops.
But its central mission, its owner said, is raising awareness of an eco-friendly lifestyle in Libya, where green initiatives are scarce as people grapple with the aftermath of a gruelling conflict.
“We use materials that were abandoned in the streets, such as rubber from tires, wood from trees and construction waste” to build the cafe, said Louay Omran Burwais, an architect who designed and founded Lamma.
“The idea is to show people that what is thrown in the street and may seem ugly or useless is actually still valuable,” he told AFP.
Libya was hurled into war after a NATO-backed uprising led to the overthrow and killing of dictator Muammar Qaddafi, followed by years of fighting between militias, mercenaries and jihadists.
Power remains split between a UN-recognized government and a rival authority in the east.
Behind the long, narrow door into Lamma, visitors are greeted with a kaleidoscope of colors and shapes.
The plant-covered walls contrast with a web of suspended metal scraps, alcoves and slide tunnels that children swoop down through.
“There are no places like this in Libya,” said Roula Ajjawi, Lamma’s art director. “We base everything on one aspect that we consider very important: recycling.”
Families gather at Lamma on Thursdays, the start of the Libyan weekend, when the cafe holds art workshops for children.
Others borrow books from the venue’s small library.
Burwais says his team hopes recycling and other eco-friendly practices, which remain rare, start up in Libya, which currently has no recycling facilities.
Visitors to Lamma will recognize familiar everyday objects repurposed throughout the space, Burwais said, but they will “start seeing them differently. We are here to foster a new mindset.”
In Libya, the plastic, metal, and glass left from over a decade of civil war destruction are rarely, if ever, reused or recycled, Ajjawi said.
More often, they are abandoned in nature and on the streets, occasionally washed into the Mediterranean by rain and wind.
But with initiatives like Lamma, objects once destined for the landfill are transformed into works of art — a concept now catching on with locals.
“I love this place,” said Riyad Youssef, now a Lamma regular. “The food is great, the service is excellent, and I appreciate the commitment to reducing waste. Every idea here is amazing.”


Turkiye probes event spending in opposition-run cities

Updated 14 November 2024
Follow

Turkiye probes event spending in opposition-run cities

  • The office said late on Wednesday it would investigate “irregular spendings“
  • The Ankara chief prosecutor’s office has also launched an investigation into two concerts

ISTANBUL: The Istanbul chief prosecutor’s office has opened a probe into allegations of illicit expenditures at some public events organized by the Istanbul municipality, marking the latest legal challenge to opposition-run districts in Turkiye.
The office said late on Wednesday it would investigate “irregular spendings” to determine whether the public experienced financial harm, without elaborating.
The Ankara chief prosecutor’s office has also launched an investigation into two concerts organized by the Ankara municipality on Republic Day celebrations on Oct. 29.
The municipalities, which are Turkiye’s two largest cities and both run by the main opposition Republican People’s Party (CHP), deny the allegations.
Speaking at a career fair on Thursday, Istanbul Mayor Ekrem Imamoglu — who is seen as a potential future challenger to President Tayyip Erdogan — said the probes amounted to “reputation assassination.” The Istanbul municipality did not comment further on the probe when contacted by Reuters.
Late last month the CHP mayor of Istanbul’s Esenyurt district was arrested and accused of belonging to the outlawed Kurdistan Workers’ Party (PKK), charges he and his party reject.
Since then, the interior ministry dismissed and replaced elected mayors from the pro-Kurdish DEM party in some southeastern cities for alleged ties to militants, charges they and their party also deny.