Iranian hackers penetrated computers of a small dam in NY

Iranian hackers penetrated the industrial control system of a dam near New York City in 2013, raising concerns about the security of US critical infrastructure.

It is official, Iranian hackers violated the online control system of a New York dam in 2013. According to reports, the hackers penetrated the control system of the dam and poked around inside the system.

The Wall Street Journal reported that hackers penetrated the system of the critical infrastructure through a cellular modem. The Journal cited an unclassified Homeland Security summary of the case. At the time I was writing the Department of Homeland Security has declined to comment on the cyber attack.

The Wall Street Journal cited to anonymous sources that revealed the hackers targeted the Bowman Avenue Dam, which is a small facility 20 miles outside of New York.

“It’s very, very small,” Rye City Manager Marcus Serrano told the newspaper, confirming that FBI agents investigated the case in 2013.

Fortunately, the intruders were not able to gain complete control of the control systems. The hackers used a machine that scanned the Internet for vulnerable US

The hackers used a machine that scanned the Internet for vulnerable US industrial control systems (ICS) , but the strange circumstance is that threat actors appeared to be focusing on a specific range of internet addresses.

The US cyber experts once discovered the attack have tracked back the intruders, the evidence collected suggests the involvement of Iranian hackers, probably the same groups that focused their operations on American companies and organizations.

Exactly one year ago, the experts at security firm Cylance revealed that Iranian hackers were targeting airlines, energy, defense companies worldwide as part of the Operation Cleaver campaign.

The fact that foreign hackers target US critical infrastructure is not a novelty, a report issued by The Department of Homeland Security (DHS) in November 2014 revealed that Russian hackers have infiltrated several critical infrastructure in the United States.

The US has the highest number of ICS and SCADA systems exposed on the internet and many of them are easily identifiable with search engines like Shodan or Censys. Researchers at Shodan recently revealed that the US have nearly 57,000 industrial control systems connected to the Internet.

A recent wave of attacks conducted by Iranian hackers came after a period of apparent calm. The cyber security experts noticed an evolution of the TTPs of the Iranian hackers that were initially focused on targets belonging to the financial industry, their activities were limited to sabotage and disruption of the targeted infrastructures, such as in the attack on casino company Las Vegas Sands Corp.

The recent attacks against The State Department attack is clearly a cyber espionage operation, they were initially attributed to Chinese hackers who may have infiltrated the department’s unclassified e-mail systems. Let’s remind that security experts at Facebook were first noticed the intrusion of Iranian Hackers in the e-mail accounts of US State Department officials focused on Iran.

Needless to emphasize the importance of activities of threat intelligence to prevent these accidents and mitigate cyber threats.

Pierluigi Paganini

(Security Affairs –Iranian hackers, critical infrastructure)