Report—US to Blame Iran for Cyberattack on a N.Y. Dam

Report—US to Blame Iran for Cyberattack on a N.Y. Dam

The Obama administration is planning to “name and shame” Iran for a 2013 cyber-attack against a small New York dam.

US officials familiar with the investigation told CNN that the Justice Department has prepared an indictment against people thought to be behind the attack. An announcement could come in the next week.

The Bowman Avenue Dam is about 30 miles north of New York City in suburban Rye Brook, N.Y., and its chief job is flood control. Hackers were able to penetrate its back office systems using off-the-shelf tools in an unsophisticated offensive. But the operational systems of the dam weren’t touched.

The dam may seem an odd target for state-sponsored cyber activity, but the sources said that investigators were able to quickly determine that the attack was indeed carried out by hackers working for the Iranian government. At the time, Iranian hackers also were conducting similar probing attacks on US financial institutions, and the US and Iran were in talks over Iran’s nuclear program.

Reiner Kappenberger, IoT security expert with HPE Security – Data Security, told Infosecurity that these types of attacks show the value of industrial data.

“One has to consider in this aspect that attackers themselves are running a business providing huge amounts of data sets—for pay—to others to perform their actions on potential victims,” he said. “There have already been several cases where governments are using those capabilities to perform targeted attacks for their benefit, as was the case in the Sony attack.”

He also noted that the hackers could have been for-profit types. “Attackers are constantly trying to monetize the data that they have obtained from breaches in any way possible,” he said. “It is inevitable that there will be a shift of those attacks from the traditional monetization through credit card or prescription fraud, towards using this data for other commercial aspects—whether it is through governments, terrorist organizations or regular corporations for their benefit.”

For its part, the Justice Department takes "malicious activity in cyberspace seriously, and we will continue to use all the tools at our disposal to prevent, deter, detect, counter and mitigate such activity,” said agency spokesman Marc Raimondi—who declined to comment on the report.

There is precedent for this kind of public attribution: In 2014, the Justice Department filed charges against members of the Chinese military over a series of cyber-espionage events at US industrial companies. And last year, the FBI and President Obama publicly named North Korea as the culprit behind the attack on Sony Pictures Entertainment.

Photo © Kenneth Keifer

Source: Information Security Magazine