Iranian hackers believed to have targeted US dam

Us iran dam

Iranian hackers are believed to have gained accessed to a flood control dam in New York State, back in 2013.

The Wall Street Journal reported over the weekend that according to an unclassified Homeland Security document, hackers associated with the Iranian government gained access to the dam via a cellular modem.

This document does not specify the type of infrastructure affected. However, two individuals charged with investigating the incident confirmed that a breach had occurred at the Bowman Avenue Dam, "a very, very small" structure used for flood control near Rye, NY.

Bowman Ave dam

U.S. intelligence agencies first discovered the intrusion while they were monitoring computers linked to Iranian hackers who had previously targeted a number of American firms, including Capital One Financial Corp., PNC Financial Services Group, and SunTrust Banks Inc.

All of these attacks occurred just a few years after the United States and Israel had allegedly collaborated on Stuxnet, a sophisticated computer worm that disrupted the activities of Iran's Natanz nuclear power plant.

At the time, investigators noticed that one of the suspected Iranian hackers' machines was crawling the web looking for vulnerable U.S. industrial control systems, writes the WSJ. Analysts with the National Security Agency were able to determine that the hackers were focusing in on a particular address relating to a "Bowman" dam.

Arthur Bowman damOriginally, the targeted structure was believed to be the Arthur R. Bowman Dam in Oregon, a 245-foot-tall structure that irrigates agriculture and prevents local flooding approximately 150 miles southeast of Portland.

Investigators therefore notified the White House with the assumption that Iran had escalated its digital attacks against the United States, as noted by FOX News.

Further analysis ultimately revealed that it was actually the Bowman Dam in Rye, New York that had been targeted.

Though the actual interest of the Iranian hackers turned out to be less serious than initially thought, the fact that the attackers were able to breach a dam highlights the increasing threat posted to American industrial control systems by hackers.

In the 12 months leading up to September 30 of this year, the Department of Homeland Security received reports of 295 separate incidents of attempted hacks against industrial control systems - up from 245 last year.

These attacks, points out the BBC, generally do not cause harm to the intended targets nor to any of the other 57,000 industrial control systems located in the United States that are connected to the web.

Instead they mainly seek to gather information - data which could be used as leverage in times of strained diplomatic relations.

Homeland Security spokesman S.Y. Lee did not confirm the Bowman breach but instead stated that the Department's 24-hour cyber security information-sharing hub and an emergency response team coordinate responses to threats to and vulnerabilities in critical infrastructure, observes The Huffington Post.

Clearly, hacking sponsored by nation states has been around for several years now. What is remarkable is the extent to which nations have exercised restraint with regards to the possibility of using targeted attacks to cause kinetic damage.

Iran could have chosen to degrade the Bowman Avenue Dam, but it chose not to do so. Perhaps this is less a tactical choice than it is strategic.

Mutually assured destruction (MAD) might be alive and well in the digital realm insofar as attacking critical national infrastructure is concerned. Stealing information is one thing, but degrading a target's energy capabilities seems to constitute a line that most "cyber" powers are wary to cross - that is, at least for the time being.

We can hope that it remains this way into the future, but doing so unfortunately requires a certain degree of naivete on our part.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

,

One Response

  1. Tamas Feher

    December 22, 2015 at 10:50 am #

    The USA probably WANTS an iranian cyber-attack that kills some of its people. That would be a convenient excuse to nuke Iran back to the stone age.

    There was a UN treaty in 1979, banning "geo-physical warfare" like creating artificial earthquakes and floods, but it expired in 2000 and wasn't renewed due to US veto!

Leave a Reply