Iran Fingers US Hackers in Oil Ministry Attacks

Tuesday, June 12, 2012



Iranian officials believe they have traced the origins of a cyber attack in April that targeted systems maintained by the nation's Oil Ministry to the United States.

"Two American IPs were identified in the (cyber) attack against the oil ministry," said General Seyed Kamal Hadianfar, Head of Information Production and Exchange Department of the Law Enforcement Police.

The attacks, though serious in nature, proved unsuccessful according to Iranian government sources.

The incident is being instigated by Interpol, and the Iranian foreign ministry is demanding the U.S. provide the identities related to the two IP addresses.

"The nature of the attack and the identity of the attackers have been discovered, but we cannot publicize it since we are still working on the case," said Deputy Oil Minister Hamdollah Mohammadnejad.

Despite the Iranian's level of confidence based on the IP addresses, most security experts point out the difficulty involved in accurate attribution. Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.

In most cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors.

Iranian officials believe the attacks were designed to do more than disrupt operations, and that the attackers intended to fully infiltrate the Ministry's databases.

"In general, the attack was carried out by virus penetration and was aimed at stealing and destroying data and information... those who design and develop such viruses are pursuing specific goals," Mohammadnejad said.

Iranian officials maintain that the attacks posed no long term threat to the nation's security and ability to administer production systems.

"At the time being the computer systems are running with a high level of safety and users are working normally... Whether essential or non-essential, the oil ministry's data have a back up," said Iranian Oil Ministry's Spokesman Alireza Nikzad-Rahbar.


Possibly Related Articles:
Iran Cyberwar Attacks Headlines Network Security Investigation IP Address hackers Attribution Exfiltration
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.