Iranian Hackers Hit With Federal Charges
Seven Iranians have been indicted by the U.S. Attorney and the FBI in connection with 46 different cyberattacks including the 2013 attack on the Bowman Avenue dam in Rye Brook. These hackers apparently were employed by Iranian based ITSecTeam and Mersad Company, however these companies are not mentioned as part of the charges. Per CNet, “Though the attacks weren’t considered sophisticated, they raised concerns within the US government about the security of the country’s infrastructure. Built to run with specialized software that lasts years or decades, the country’s factories, power plants and other industrial systems are difficult to keep safe from hackers, security experts say.” The Iranians were able to take advantage of these antiquated systems and hack into the Rye Brook dam to gain privileged access.
While the attack was successful the gate that controls water flow that they attempted to access happened to be disconnected from the controls for maintenance. It would seem that this was close call, but it demonstrates that we lack adequate protections for the nation’s industrial complex. Per CNet, “not only are these control systems being increasingly targeted by cyber criminals, but they are not being properly monitored,” Shohet said. “The attack against the dam is just the tip of the iceberg.” Many sections of the industrial sector are rampant with vulnerabilities due to the older systems, nonexistence of security patching and an apparent lack of concern for systems such as these.
Until we start to protect the infrastructure we have that right now, can be attacked with relative ease. What methods the Iranians were using wasn’t released but it was reported that they were not sophisticated. When will infrastructure hardening be taken seriously? The statistics are alarming per Govtech:
- 53% of respondents have seen an increase in cyberattacks against critical infrastructure over the past year.
– 76% said cyberattacks were getting more sophisticated.
– Destructive hacking was way up, with 44% of respondents reporting attempts to delete or destroy data.
– 54% of respondents said attackers had tried to “manipulate equipment” through an industrial control system (ICS).
– 44% of survey respondents said attackers tried to destroy information.
– 40% had attempted to shut down computer networks altogether.
Other APS Posts
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.