NSA leaks suggest Iran learned cyberwarfare from US attacks

Sponsored Links

Mariella Moon
February 10, 2015 11:13 PM
In this article: CyberWarfare, iran
NSA leaks suggest Iran learned cyberwarfare from US attacks

The US government and security experts have connected Iran to many cyberattacks in the past, including one launched against the Navy. Based on a 2013 NSA document leaked by Edward Snowden, published by The Intercept, it's also been long suspected that Iran's state hackers learned their craft from the West. Ironically, from previous attacks against its own networks. The NSA is also worried the country's cyberweapons are becoming more and more potent, as it continues to improve, and not just replicate its enemies' tactics. As you might have guessed, Iran's crusade to give its enemies a taste of their own medicine started with the attacks against its nuclear facility.

While the paper never mentioned Stuxnet by name, it's widely believed that the US was responsible for creating and using the worm to infect the centrifuges to be installed in Iran's nuclear plant -- Israel followed suit using another virus called Flame. At the same time, Iran suffered a separate attack against its oil industry, which targeted and destroyed its computers. Using the intel it gathered from all those instances, Iran is believed to have created a powerful malware called Shamoon that the country used to infect 30,000 Saudi Aramco (the Saudi Arabian Oil Company) computers in 2012. If US cybersecurity firm Cylance is right, the virus was also used to digitally infiltrate over 50 aerospace, airline and petrol corporations, hospitals and even universities around the globe. The FBI goes on to warn that Iran might not be done yet, and there's a possibility that it's launching similar attacks against more companies in the future.

Just like the virus that destroyed Iran's oil company's hard drives, Shamoon erases data in all its victims' computers, rendering their HDDs/SSDs useless. During the Saudi Aramco incident, in particular, it replaced all the info with an image of a burning American flag. Sounds familiar? That's because Shamoon and the previous virus that inspired it are believed to have been the inspiration for the malware that took down Sony Picture's computers. Yes, the one that led to a string of private email and movie leaks that the FBI says was orchestrated by North Korea.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The NSA noted in the documents that it saw no indications that Iran was planning to launch a similar attack against the US when the paper was published in 2013. It did say, though, that the country had been conducting regular DDOS attacks against American financial institutions since 2012, and it was at the third phase of a series of attacks upon publication.

[Image credit: Getty Images]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
View All Comments
NSA leaks suggest Iran learned cyberwarfare from US attacks