As tensions grow between the US and Iran, fears of retaliation are being justified with a US website being defaced with pro-Iranian messages.
Tensions have been building between the US and Iran. A few days ago, the impeached US president, Donald Trump, ordered an airstrike that killed Iranian general, Qassem Suleimani. The White House argued that Trump ordered the airstrike to avert an imminent threat of an attack on the US. In the days since, no evidence of that “imminent threat” ever emerged. That is leading to some serious questions over whether the attack was justified or not.
Iran, for its part, declared three days of mourning. However, images emerged from the region with the US flag being burned and people chanting “death to America”. A funeral procession was also held today for Suleimani.
Tensions continued to rise when Iraq’s parliament voted to expel Canadian and American troops in their country over fears that the country would get caught in the crossfire. It’s unclear what role Canada played in any of this – if any role at all. Additionally, Iran made it official, saying that they would abandon the nuclear deal that impeached Trump pulled out of a while back now. With 3,000 US troops heading to the region and Iranian threats of retaliation, many observers are worried about a full scale war looming.
One way some were speculating that Iran could retaliate is through what the media is dubbing “cyber warfare”. While the term doesn’t really have that much meaning these days, a development seems to justify those fears for some. A US website was defaced with pro-Iranian messages. A group of Iranian’s claimed responsibility. From USA Today:
A federal website was offline Sunday after a hacker uploaded photos to the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.
The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.
“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”
The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.
In the hacking world, defacing a website is basically the equivalent of spraying some graffiti on the wall. Yes, it does show that there are security vulnerabilities somewhere in the system, but usually, the act alone is just simple mischief. It’s low level and largely harmless.
As the report points out, there is no evidence that this is state-sponsored as well. So, it could have been a random hacker or hackers acting on their own in response to what they heard on the news. For some, it’s unclear if these people are even in Iran.
Some think that when state-sponsored hackers hit, it’ll be to take out critical infrastructure instead of defacing an obscure website. This largely goes back to an argument I made when then US president Barack Obama argued for warrantless wiretapping in 2012. In that argument, I pointed out that critical infrastructure should not be connected to the Internet in the first place. While it’s little surprise that the warning against connecting critical infrastructure to the Internet was ignored, it is also little surprise that the decision to ignore that warning could potentially bite the US now. Here’s what I said back in 2012:
So, if we are talking about major facilities and vital infrastructure here, the real question then becomes how best to protect them. There’s a very old and very effective way to protect any sort of computing system – don’t connect it to the Internet. If a computer system is not WiFi capable and does not have any connection to the Internet, then the only way to break into it is to physically be there at the computer. At that point, it becomes a question of how to humanly protect that computer. There’s no fears of people half way around the world hacking into that computer, no DDOS attacks from multiple computers around the web destroying the system, nothing. If a system has to have some sort of network up and running, make it an intranet system instead of exposing it to the wider Internet.
I agree that the Internet can be critical and very useful and that increased connectivity is a great thing, but there are certain things that should not be on the Internet – that includes critical infrastructure. If you connect critical infrastructure to the Internet, that is basically asking criminals to break in and wreak havoc. Even if there is some convenience to be gained by connecting something like critical infrastructure to the Internet, the risks make any convenience not worth it. If you can shut down a power grid by breaking into the right computer network from hundreds of miles away, you’re doing security wrong.
The advice holds true 8 years ago and it still holds true today.
Like most observers, we’re here holding our collective breath over what is going to happen next in this escalation between the US and Iran. We’ll continue to bring you updates as we find them on the technical side of things.
Drew Wilson on Twitter: @icecube85 and Facebook.