{"id":33714,"date":"2019-03-01T11:24:43","date_gmt":"2019-03-01T11:24:43","guid":{"rendered":"https:\/\/qatar-news.org\/qatarnewsEn\/?p=33714"},"modified":"2019-03-01T11:24:43","modified_gmt":"2019-03-01T11:24:43","slug":"guns-and-milk-what-they-carried-from-the-caliphate","status":"publish","type":"post","link":"https:\/\/qatar-news.org\/qatarnewsEn\/?p=33714","title":{"rendered":"Guns and milk: What they carried from the \u2018caliphate\u2019"},"content":{"rendered":"<div readability=\"241\">\n<p>\nDUBAI: Iran is one of the biggest threats in cyberspace, according to experts who warn that a global response is needed to repel its rising wave of cyberattacks on government and communications infrastructure worldwide.<\/p>\n<p>\nThe leading state sponsor of terror is extending its malign presence online, with Saudi Arabia among its main targets. Iran\u2019s growing digital prowess is part of its \u201csoft war\u201d strategy to spy on adversaries and spread its rhetoric.\u00a0<\/p>\n<p>\n\u201cIran is increasingly active and a growing cyber threat, though it isn\u2019t the most sophisticated actor,\u201d Michael Eisenstadt, Kahn fellow and director of the military and security studies program at the Washington Institute for Near East Policy, told Arab News. \u201cBut as past Russian hacking efforts in the US have shown, you don\u2019t need to be technologically sophisticated to hack and then leak emails, causing embarrassment to adversaries.\u201d<\/p>\n<p>\nIn recent months, cybersecurity firms and tech companies have exposed attacks linked to faceless enemies in Iran.\u00a0<\/p>\n<p>\n\u201cCyber holds a certain appeal\u201d for the country, Eisenstadt said. \u201cBecause of the difficulty attributing responsibility for cyber-attacks, it provides Tehran with a degree of deniability,\u201d he said. \u201cPerhaps most importantly, it allows Iran to strike its adversaries globally, instantaneously and on a sustained basis, and to achieve strategic effects in ways it can\u2019t in the physical domain.\u201d<\/p>\n<p>\nIran\u2019s greatest adversaries are the US, Israel and Saudi Arabia \u201cin that order,\u201d Eisenstadt said. \u201cIn March 2018, the US government designated an Iranian entity, the Mabna Institute, and nine individuals associated with the institute, for operating a massive hacking and cyberspying operation that targeted hundreds of universities and companies in dozens of countries to steal proprietary data and academic research, presumably to help Iran\u2019s own research and development efforts, to circumvent sanctions, and to compensate for its economic isolation. These activities had been going on for years.\u201d<\/p>\n<p>\n<img loading=\"lazy\" decoding=\"async\" alt=\"\" height=\"643\" src=\"http:\/\/www.arabnews.com\/sites\/default\/files\/userimages\/20\/spotlight_main.gif\" width=\"1000\"><\/p>\n<p>\nJoyce Hakmeh, a research fellow of cyber policy and co-editor at the Journal of Cyber Policy at the International Security Department at Chatham House, said Iran has been linked to several attacks in the Middle East, including in Saudi Arabia. One of the biggest attacks was identified in 2012, when an Iranian hacker group deployed the Shamoon computer virus to cripple thousands of hard drives at Saudi Aramco. \u201cEveryone remembers the big attack against Saudi Arabia in 2012, which affected 35,000 computers. It was called the biggest hack in history at the time,\u201d she said.<\/p>\n<p>\nEisenstadt said there were several attempted strikes on Saudi government and private sector entities using the Shamoon 2.0 malware in 2016 and 2017, and on Italy\u2019s Saipem oil services firm (whose biggest customer is Saudi Aramco) in December 2018.<\/p>\n<p>\nHakmeh said while \u201cattribution is a challenge\u201d when it comes to cyber activity, a host of groups have been linked to Tehran\u2019s terror online, including Magic Hound, MuddyWater, APT33, APT34, APT39, Cobalt Gypsy, Rocket Kitten and NewsBeef.<\/p>\n<p>\nCollectively, these have targeted organizations across the Middle East in industries including finance, government, energy, chemicals and telecommunications.<\/p>\n<p>\nA 2018 report by the Carnegie Endowment for International Peace noted: \u201cWhile Iran\u2019s offensive cyber operations have required modest resources to develop, they have allowed Tehran to project itself as an emerging cyber power able to cause significant harm to its adversaries.\u201d<\/p>\n<p>\nThe report said: \u201cAs judged from the evidence of coordination between security agency actions and observed cyber operations, the campaigns of Iranian threat actors almost certainly have a direct relationship with government entities, specifically the Islamic Revolutionary Guard Corps and the Ministry of Intelligence. Attempts to forecast the future of Iranian cyber operations are constrained by the secrecy on the part of the Iranian state about its activities and an uncertain geopolitical climate.\u201d<\/p>\n<p>\nEisenstadt said when it comes to the biggest threats in cyberspace, the most formidable actors are Russia followed by China, North Korea and Iran. \u201cIran\u2019s activities in the cyber domain generally serve its broader foreign policy objectives. In some cases, the goal might be to advance Iran\u2019s propaganda line. In others, it might be to steal intellectual property and propriety information, in order to circumvent sanctions and benefit its own research and development efforts,\u201d he said.<\/p>\n<p>\nHakmeh said countries, especially in the Middle East, need to build resilience against cyberattacks by sharing information, preparing strategies and educating people about good \u201ccyber hygiene,\u201d such as changing passwords. \u201cWhile Iran for some years has been considered a third-tier threat, the threat is considerable. It\u2019s a country to monitor, to keep on the map,\u201d she added. \u201cIt doesn\u2019t have the same capabilities as China, Russia or the US, but it has been able to be very destructive.\u201d\u00a0<\/p>\n<p>\nWhile Iran spreads fake news to support its rhetoric against Israel, Saudi Arabia and the US, its more serious attacks are geopolitically motivated, said Hakmeh. \u201cMost of the attacks that Iran has been linked to are for espionage reasons to get a competitive advantage \u2014 Saudi Arabia\u2019s petrochemical industry, for example, to see what technology it\u2019s using \u2014 or to gain insight into Saudi Arabia\u2019s military capacities so Iran can enhance its own,\u201d she said.<\/p>\n<p>\nDr. Johannes Ullrich, dean of research at the SANS Institute, a US company that specializes in information security and cybersecurity training, said as Iran\u2019s conflict with its neighbors grows, so has its presence on the dark web.<\/p>\n<p>\n\u201cIran is believed to maintain a significant effort to conduct offensive cyber operations against its adversaries,\u201d he added. \u201cIt may not be among the most sophisticated, but it\u2019s very aggressive in applying the skills it has.<\/p>\n<p>\n\u201cOne technique that has been employed in the attacks is domain hijacking. For this attack, an administrator\u2019s password is used to alter settings for an organization\u2019s domain. The attack itself is pretty simple, and the hard part is to get the administrator\u2019s password. It isn\u2019t clear how the administrator password was obtained in these cases, but typically phishing attacks are used. Overall these attacks aren\u2019t terribly sophisticated, but the impact can be huge.\u201d<\/p>\n<p>\nAside from hacks on government and company infrastructure, Iran has been linked to a global network of fake news websites. ClearSky, a Tel Aviv-based cyber tech security firm, recently issued a report linking Iranian propagandists to fake news sites in 28 countries that spread misinformation about their targets \u2014 chiefly in the Middle East and Asia \u2014 and advance Tehran\u2019s ideological and geopolitical interests.<\/p>\n<p>\nIn recent months, FireEye, a US\u00a0 cybersecurity firm, issued a warning about fake news sites and profiles on Facebook and Twitter that it believed were operated<br \/>by Tehran as part of its cyber-<br \/>influence campaign.\u00a0 Such campaigns were also exposed by Twitter, which posted 1 million tweets generated by fake accounts.\u00a0<\/p>\n<p>\nFacebook said it had deleted dozens of fake profiles. Just this month, the platform said it removed 783 accounts tied to Iran that appeared to be engaging in a manipulation campaign against people in almost 30 countries.<\/p>\n<p>\nStill, experts at the Institute for National Security Studies in the US have said Tehran\u2019s efforts have not been foolproof, with a report noting: \u201cUse of Iranian contact data (such as phone numbers and email addresses), copied content and poor writing has led to their public exposure. Until then, however, Iran managed to reach many people \u2026 some contents were viewed by millions of views, and some earned responses by hundreds of thousands of surfers.\u201d<\/p>\n<p>\nSimone Vernacchia, cybersecurity and digital infrastructure advisory lead at PwC Middle East, said that while it is against his company\u2019s policy to attribute cyberattacks to a specific \u201cnation-state actor,\u201d the firm had noted an \u201cincrease in disruptive attacks, which may be sponsored by a nation-state.\u201d<\/p>\n<p>\nAlthough there has been a big increase in investment in cybersecurity in past months, many Middle Eastern countries\u2019 defense systems remain less advanced than those in the West, he said.<\/p>\n<p>\n\u201cA stronger collaboration among privately owned critical infrastructure and government defense systems, as well as a strong and periodically tested set of organizational and technical interfaces, would strengthen the ability to respond to crises,\u201d he said.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>DUBAI: Iran is one of the biggest threats in cyberspace, according to experts who warn that a global response is needed to repel its rising wave of cyberattacks on government and communications infrastructure worldwide. The leading state sponsor of terror is extending its malign presence online, with Saudi Arabia among its main targets. Iran\u2019s growing&hellip;<\/p>\n","protected":false},"author":10,"featured_media":33715,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-33714","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-middle_east_news"],"_links":{"self":[{"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=\/wp\/v2\/posts\/33714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=33714"}],"version-history":[{"count":0,"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=\/wp\/v2\/posts\/33714\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=\/wp\/v2\/media\/33715"}],"wp:attachment":[{"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=33714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=33714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qatar-news.org\/qatarnewsEn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=33714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}