8 November 2015

U.S. Has Detected Sudden Increase in Iranian Hacking Attempts in Recent Days

Jay Solomon
November 5, 2015

U.S. Detects Flurry of Iranian Hacking 

Iran’s powerful Revolutionary Guard military force hacked email and social-media accounts of Obama administration officials in recent weeks in attacks believed to be tied to the arrest in Tehran of an Iranian-American businessman, U.S. officials said.

The Islamic Revolutionary Guard Corps, or IRGC, has routinely conducted cyberwarfare against American government agencies for years. But the U.S. officials said there has been a surge in such attacks coinciding with the arrest last month of Siamak Namazi, an energy industry executive and business consultant who has pushed for stronger U.S.-Iranian economic and diplomatic ties.

Obama administration personnel are among a larger group of people who have had their computer systems hacked in recent weeks, including journalists and academics, the officials said. Those attacked in the administration included officials working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs.

“U.S. officials were among many who were targeted by recent cyberattacks,” said an administration official, adding that the U.S. is still investigating possible links to the Namazi case. “U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others.”Friends and business associates of Mr. Namazi said the intelligence arm of the IRGC confiscated his computer after ransacking his family’s home in Tehran.


The cyberattacks on the U.S. government come at an important juncture for U.S.-Iran relations. President Barack Obama and Secretary of State John Kerry have voiced hopes that the Iran nuclear agreement reached in July could spur greater cooperation between Washington and Tehran on regional issues. Last week, Iran for the first time took part in international talks aimed at ending the multisided war in Syria, where Tehran is backing the regime.

But the IRGC cyberattacks are the latest sign that hard-line factions inside the regime, including the military and office of Supreme Leader Ayatollah Ali Khamenei, haven’t moderated their hostility toward Washington despite the landmark accord between Iran and six global powers including the U.S. Mr. Khamenei has repeatedly claimed in recent weeks that the U.S. was seeking to use the agreement, which constrains Iran’s nuclear program in exchange for the lifting of international sanctions, to undermine and weaken the country’s Islamist government.

The arrests of Mr. Namazi and a Lebanese businessman with a U.S. green card have sparked new criticisms from Congress of the nuclear accord. Some lawmakers have called for the White House to ramp up sanctions on the IRGC, a move that Mr. Khamenei has said would violate the nuclear deal.

“Iran’s threatening behavior will worsen if the administration does not work with Congress to enact stronger measures to push back, including…targeted pressure against Iran’s Revolutionary Guard,” Sen. Mark Kirk (R., Ill.) said Friday.

A spokesman at Iran’s United Nations mission in New York said Tehran has repeatedly been falsely accused of conducting cyberwarfare. “Iran itself was [the] target of many cyberattacks,” the diplomat said.

Supporters of Mr. Namazi say they are concerned the Revolutionary Guard is seeking to build a false espionage case against the businessman, who has been a strong proponent of the U.S. government forging the nuclear accord with Tehran and getting international sanctions lifted. He argued publicly that sanctions disproportionately hurt average Iranians by, for example, denying them access to Western medicines.

The Obama administration has declined to comment on Mr. Namazi’s status.The IRGC has used cyberwarfare against other Iranian-Americans and people tied to them in recent years, including Washington Post Tehran Bureau Chief Jason Rezaian, according to family members.

In the days surrounding the journalist’s arrest in July 2014, Iran’s security services gained access to the social-media accounts of Mr. Rezaian and his Iranian wife. They tried to use the sites to communicate with third parties and connect them to their investigation, family members said.

“The Iranian security services attacked Jason’s and his wife’s computers both before and after they were taken,” said Ali Rezaian, the journalist’s brother. “Iranian authorities used Jason’s social media in an attempt to engage and entrap his friends.”

Mr. Rezaian was convicted last month of espionage by an Iranian court. No sentence has been announced.

Computer experts have noted that by hacking a target’s contacts—particularly their social-media accounts—the number of people associated with that target can grow exponentially. If the target’s Facebook account has 200 friends, and each of those had 200 friends, a skilled hacker could potentially gain access to 40,000 users—even if most of them aren’t actually associated with the original target.

In so doing, the Iranian hard-liners could try to amass a case based on people with some digital affiliation to an individual who, in reality, are several times removed as friends of Facebook friends or followers of Twitter followers, according to computer experts.

In Mr. Rezaian’s case, state media has described the Iranian-American journalist as part of a powerful U.S.-led spy ring. His family and the Washington Post have denied all the allegations. Post Editor Martin Baron said Mr. Rezaian’s conviction was “an outrageous injustice” that resulted from a “contemptible” judicial process.

After the conviction of Mr. Rezaian last month, Iran’s military tested a ballistic missile, which many U.S. officials believe is designed to carry a nuclear warhead.

In recent days, IRGC commander Mohammad Ali Jafari warned that the nuclear deal opened Iran up to “sedition” and that the country needed to guard against infiltration. He spoke Monday at a conference called “the first anti-American gathering after the nuclear agreement,” according to Iranian media.

“If this belief is created among the people, that [since] the nuclear deal there is an agreement and so on other issues we can reach an agreement, this is a danger of sedition,” Mr. Jafari said, according to a translation of his speech by the Middle East-focused website, Al Monitor.

U.S. officials say the IRGC has developed an army of cyberattackers, trained by Russia, who have focused on targets as varied as Wall Street banks, Saudi oil companies and both internal and external opponents of the regime. A spokeswoman for Russia’s Foreign Ministry denied Moscow trained Iranians in cyberwarfare and said such attacks are illegal under Russian law.

Iran also was on the receiving end in recent years of the U.S.-planted Stuxnet computer virus, which disabled a portion of the country’s nuclear infrastructure.

Iran’s cyberattacks have included regular operations to test the U.S. government’s cyberdefenses, U.S. officials said.

These officials said, however, the surge in these attacks has occurred over the past month, specifically focused on U.S. officials working on Iran policy. U.S. officials are trying to learn if these attacks were specifically tied to the fate of detained Iranian-Americans or other geopolitical issues. For example, the nuclear deal with Iran was formally adopted about the same time Mr. Namazi came under Iranian scrutiny.

Supporters of Mr. Namazi produced a “fact sheet” on his career that was published on an Iran-focused website on Tuesday.

Mr. Namazi studied in the U.S. and had fellowships at Washington-based think tanks, including the National Endowment for Democracy and the Woodrow Wilson International Center for Scholars. He also previously was managing director of Atieh Bahar, a consulting firm that promoted foreign investment in Iran.

The fact sheet said he studied at Tufts and Rutgers universities but returned to Iran in the late 1990s for military service. It said he largely stayed out of discussing U.S. or Iranian political questions in recent years, except for the very public role he played describing the adverse impact of Western sanctions on the Iranian population.

The article said Mr. Namazi’s stance garnered him a lot of criticism from opponents of Iran abroad.

“Though Siamak used to speak at international conferences during his tenure at Atieh Bahar, since moving to Dubai in 2007, he stopped speaking on Iran-related matters, with the exception of the medicine/sanctions issue,” the fact sheet said. “His growing interest and expertise was on regional gas matters.”

U.S. officials said Mr. Kerry raised the status of detained U.S. citizens in Iran with his Iranian counterpart, Javad Zarif, last week in Vienna, but declined to elaborate.

“This is something that we continue to have dialogue on,” said Elizabeth Trudeau, a State Department spokeswoman.

Hard-line forces in Tehran, particularly Mr. Khamenei and the IRGC, appear determined to stop any significant U.S. influence from gaining hold in Iran. Mr. Khamenei, in the wake of the nuclear deal, has barred the import of U.S. consumer products and any direct negotiations with Washington outside of the nuclear issue.

In this environment, Iranian-Americans, such as Messrs. Namazi and Rezaian, are particularly vulnerable.

“The targets are people who have networks outside Iran,” said a former adviser to Iranian President Hassan Rouhani.

No comments: