By SIOBHAN GORMAN and DANNY YADRON
WASHINGTON -- Iranian-backed hackers have escalated a
campaign of cyberassaults against US corporations by launching
infiltration and surveillance missions against the computer
networks running energy companies, according to current and
former US officials.
In the latest operations, the Iranian hackers were able to
gain access to control-system software that could allow them to
manipulate oil or gas pipelines. They proceeded "far enough to
worry people," one former official said.
The developments show that while Chinese hackers pose
widespread intellectual-property-theft and espionage concerns,
the Iranian assaults have emerged as far more worrisome because
of their apparent hostile intent and potential for damage or
US officials consider
this set of Iranian infiltrations to be more alarming than
another continuing campaign, also believed to be backed by
Tehran, that disrupts bank websites by "denial of service"
strikes. Unlike those, the more recent campaigns actually have
broken into computer systems to gain information on the
controls running company operations and, through
reconnaissance, acquired the means to disrupt or destroy them
in the future, the US officials said.
In response, US officials warn that Iran is edging closer to
provoking US retaliation.
"This is representative of stepped-up cyber activity by the
Iranian regime. The more they do this, the more our concerns
grow," a US official said. "What they have done so far has
certainly been noticed, and they should be cautious."
The US has previously launched its own cyberattacks against
Iran. The Stuxnet worm, developed and launched by the US and
Israel, sabotaged an Iranian nuclear facility.
The latest campaign, which the US believes has direct
backing from the Iranian government, has focused on the control
systems that run oil and gas companies and, more recently,
power companies, current and former officials said. Control
systems run the operations of critical infrastructure,
regulating the flow of oil and gas or electricity, turning
systems on and off, and controlling key functions.
In theory, manipulating the software could be used to delete
important data or turn off key safety features such as the
automatic lubrication of a generator, experts said.
Current and former US officials wouldn't name the energy
companies involved in the attacks or say how many there were.
But among the targets were oil and gas companies along the
Canadian border, where many firms have operations, two former
The officials also wouldn't detail the precise nature of the
evidence of Iranian involvement. But the US has "technical
evidence" directly linking the hacking of energy companies to
Iran, one former US official said.
Iranian officials deny any involvement in hacking. "Although
Iran has been repeatedly the target of state-sponsored
cyberattacks, attempting to target Iran's civilian nuclear facilities, power grids, oil
terminals and other industrial sectors, Iran has not ever
retaliated against those illegal cyberattacks," said Iran's
spokesman at the United Nations, Alireza Miryousefi. "In the
lack of international legal instruments to address
cyberwarfare, Iran has been at the forefront of calling for
creating such instruments. We categorically reject these
baseless allegations used only to divert attentions."
So far, the infiltrations don't appear to have involved
theft of data or disruption of operations. But officials worry
the reconnaissance undertaken to datewill provide hackers the
information they need to do damage in the future. Computer
infiltration experts often identify so-called backdoors in
computer systems that permit repeated entries.
While there is no
evidence that systems have been tampered with, some US
officials have likened the types of infiltrations seen in the
US to those at oil company Saudi Aramco that eventually enabled
attacks that destroyed 30,000 computers in August 2012.
It isn't clear whether the hackers are the same individuals
responsible for Saudi Aramco or those involved in the
relentless set of attacks that have bombarded bank websites,
temporarily knocking them offline.
The US Department of Homeland Security earlier this month
warned of an escalation in threats against computerized control
systems, but it didn't cite Iran as the origin of the
In recent months, however, US officials have grown
increasingly alarmed by the growth of what defense officials
describe as a continuing series of cyberattacks backed by the
Iranian government, including its elite Quds Force. The threat
has grown quickly; as recently as 18 months ago, top
intelligence officials were largely dismissive of Iranian
Underscoring the Obama administration's growing concern, the
White House held a high-level meeting late last month on how to
handle the Iranian cybersecurity threat. No decisions were made
at that meeting to take action, however, and officials will
reconvene in coming weeks to reassess, a US official said.
"It's reached a really critical level," said James Lewis, a
cybersecurity specialist at the Center for Strategic and
International Studies, who frequently advises the White House
and Capitol Hill. "We don't have much we can do in response,
short of kinetic warfare."
The Obama administration sees the energy-company
infiltrations as a signal that Iran hasn't responded to
deterrence, a former official said.
In October, then-Defense Secretary Leon Panetta issued a
veiled threat to Iran, which he did not name in his speech, by
warning the Saudi Aramco hack represented a dangerous
escalation in cyberwarfare. Since then, the Iranian attacks
have only ramped up.
Unlike Chinese hacking, the Iranian infiltrations and
cyberattacks appear intended to disrupt and possibly damage
computer systems. "The differentiator is the intent. Stealing
versus disrupting raises different concerns," the US official
said. "That's why they're getting a fair amount of
The recent growth of Chinese infiltrations primarily has
been aimed at stealing military and trade secrets, not doing
"The Chinese believe in stability, and they operate on a
50-year plan," said Tom Kellerman, vice president of Trend
Micro, a cybersecurity research firm. "Iran has been
successfully ostracized from global economics. It is in their
best interest to pursue destructive cyberattacks to not only
empower themselves but to signal to the Western world they are
capable in cyberspace."
Cybersecurity specialists say the electric-power industry
remains under-prepared to fend off attacks, particularly ones
backed by a foreign government.
"If you were worried about cyberattacks against electric
utilities five years ago, you're still worried today," said
Jacob Olcott, a former cybersecurity aide on Capitol Hill now
at GoodHarbor Consulting. "Some within the electric sector have
become more savvy about security in recent years. Many are
Lawmakers on Capitol Hill are stepping up pressure to
bolster cybersecurity in the electric-power sector. Reps.
Edward Markey (D., Mass.) and Henry Waxman (D., Calif.) issued
a report this week citing security gaps in the computer
networks running the electric grid.
Based on a survey of 150 power companies, the report found
that "more than a dozen utilities reported "daily," "constant"
or "frequent" attempted cyberattacks," and one said it was the
target of about 10,000 attempted cyberattacks each month. The
report found that many electric utilities were adopting only
mandatory cybersecurity standards and not implementing
voluntary added precautions.
Dow Jones Newswires