Monday, 30 September 2013

New British Cyber defense force will protect industry – and “if needed, strike in cyberspace”

A new cyber defense force is being set up in the UK to protect critical private and government computer networks from attack – “if necessary, to strike in cyberspace,” Britain’s Defense Secretary Philip Hammond has said.
The move puts Britain into line with U.S. policy on cyber defense, where the US Defense Department Cyber Command, moved this year from “cyber defensive measures” into a “fully-operational Internet-era fighting force” with close to 5,000 troops and civilians at its disposal.
Britain’s Joint Cyber Reserve Unit will recruit part-time specialists from across the Armed Forces as well as reservists and civilians. Personnel leaving the Armed Forces will also be invited to apply, with recruitment starting next month.
Hammond said in a statement,“In response to the growing cyber threat, we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK’s range of military capabilities. Increasingly, our defence budget is being invested in high-end capabilities such as cyber and intelligence and surveillance assets to ensure we can keep the country safe.”
“The Cyber Reserves will be an essential part of ensuring we defend our national security in cyberspace. This is an exciting opportunity for internet experts in industry to put their skills to good use for the nation, protecting our vital computer systems and capabilities.”
The Ministry of Defense said, it “will recognize the unique attributes of individuals who might otherwise not be attracted to, or able to serve in the reserve forces”.

“One click, then boom”: Spear-phishing could “black out” energy companies, expert warns

Spear-phishing attacks on energy companies are becoming increasingly sophisticated, an expert has warned – and all it takes is one lucky strike to cause devastating damage to the power grid, or to companies which supply oil and gas.
“The way malware is getting into these internal networks is by social engineering people via email,” Rohyt Belani, CEO of anti-phishing training firm PhishMe, told PC World.
The Department of Homeland Security’s ICS-CERT (Industrial Control Systems Cyber Emergency Response Team) documented more than 100 incidents between October 2012, and May 2013. Several involved sophisticated spear-phishing (targeted phishing) emails – using company websites and other data available on the internet, before sending targeted emails.
Belani cited an example of a night-shift worker controlling SCADA systems – the computerised systems which monitor industrial processes – who was targeted with a highly specific and believable spear-phishing attack.
The unknown cybercriminals had researched his name, and the fact he had four children, and sent him an email, seemingly from the company’s HR department, which related to health insurance for workers with three or more children.
“You send them something that’s targeted, that contains a believable story, not high-volume spam,” says Belani. “People will act on it by clicking a link or opening a file attached to it. Then, boom, the attackers get that initial foothold they’re looking for.”
A Congressional survey of electrical utilities earlier this year found that companies faced up to 10,000 attacks per month. Out of 53 companies surveyed, more than a dozen described attacks on their systems as “daily” or “constant”.
One company complained of being under a “constant state of ‘attack’ from malware and entities seeking to gain access to internal systems.”
This April, a spear-phishing attack which targeted an American electrical company was documented in this month’s Monitor report from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Again, in that case, the cybercriminals had done their research. The attack used a published list of attendees at a committee meeting to target employees with a malware-infected phishing email. The company site had listed the email addresses and work titles of everyone at a meeting – which was enough information for cybercriminals to craft a convincing-looking tailored attack directed at the company.
ICS-CERT says it has responded to more than 100 incidents targeting the energy sector between October 2012 and May 2013.
“The majority of these incidents involved attacker techniques such as watering hole attacks, SQL injection, and spear-phishing attacks. In all cases, ICS-CERT evaluates the information available to determine if successful compromise has occurred, the depth and breadth of the compromise, and the potential consequences to critical infrastructure networks.”

Britain to recruit IT experts for Cyber Reserves unit in security boost

Toy soldiers on keyboard representing cyber security
The UK Ministry of Defence (MoD) has pledged to recruit hundreds of computer experts for a reserve task force dedicated to developing and, if required, mounting offensive cyber operations.
Defence secretary Philip Hammond announced yesterday that the experts will work alongside regular military forces and government agencies to develop offensive as well as defensive tools and strategies. He said the creation of the Reserves unit is an essential step in the government's ongoing battle to protect itself and businesses from the growing cyber threat facing them.
"In response to the growing cyber threat, we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK's range of military capabilities. Increasingly, our defence budget is being invested in high-end capabilities such as cyber and intelligence and surveillance assets to ensure we can keep the country safe," said Hammond.
"The Cyber Reserves will be an essential part of ensuring we defend our national security in cyberspace. This is an exciting opportunity for internet experts in industry to put their skills to good use for the nation, protecting our vital computer systems and capabilities."
The unit's creation comes during widespread reports that Europe is suffering a cyber skills shortage. Numerous government departments and businesses have said recruiting skilled cyber professionals is an ongoing challenge.
Prior to this announcement the National Audit Office (NAO) estimated the gap will last 20 years and will cost the nation £27bn a year.
Last week F-Secure chief research officer Mikko Hypponen uncovered evidence that government agencies such as the GCHQ and NSA are already outsourcing cyber missions to third-party security companies as they do not have enough skilled professionals in-house.
The government will launch a tailored recruitment strategy in October to get around the skills gap. It will look for three types of recruits: regular personnel leaving the Armed Forces, current and former reservists with the necessary skills and a select number of experts with no previous military experience, but with "the technical knowledge, skills, experience and aptitude to work in this highly specialised area."
The strategy has been praised by the wider security community. Royal Holloway University Information Security department head Professor Keith Martin told V3 the focus on creating offensive tools is of little surprise.
“It doesn’t surprise me people would want to build offensive capabilities. The government already all but explicitly acknowledged we do have cyber offensive capabilities, so I think it’s something that already exists now,” he said.

“In terms of knowing what extra capabilities they’re looking for I can’t say, but it’s fairly obvious this is an increasingly important medium where conflicts and diplomacy are going happen.”

However, Martin said even with the strategy the lack of clarity about what specific talents the GCHQ wants its reservists to have combined with the ongoing skills gap may still be an issue.
“I think there is a shortage, in the sense there’s a healthy jobs market with people that require these skills. Regarding whether there is a ready supply of these skills for the government to tap, it’s difficult to say as we don’t know what they want," he noted.
"But, there is a relatively short supply of these security skills within companies. Whether people within companies with these skills would be willing to give up their time, I don’t know, but I imagine there will be an issue,” he said.
Peter Armstrong, director of cyber security at Thales UK, added that he expects the strategy to prove effective and lead to an overall boost in the number of security experts operating in the UK.

"With the advent of cyber espionage and attacks which threaten national critical infrastructure, the need for a holistic approach to national security is long overdue. It's great to see the MoD taking its share of responsibility for this alongside its traditional physical defence remit," he said.
"In addition, and just as importantly, this move will help enormously in positioning public sector cyber security as an attractive career prospect for the next generation."
The UK government announced its Cyber Reserves initiative alongside announcing plans to create a new British Computer Emergency Response Team (CERT) in 2012. These initiatives are part of the government's wider cyber security strategy, which was announced in 2011 when the UK government pledged to invest £650m to help bolster the nation's cyber defences.

Microsoft reveals no Skype call data handed to government agencies

Skype logo
Microsoft has revealed the extent of government requests for data for the first six months of this year, with 66,539 of the company's user accounts requested for scrutiny.
Skype, which is owned by Microsoft, received 3,509 requests worldwide for customer information relating to 10,585 accounts, with 82 percent of those requests resulting in some data being handed over.
However, none of the data released to agencies regarding Skype users related to "content", meaning no information regarding voice calls or chat messages were given away. This is a notable coup for Microsoft, which demonstrates the tough process government requests must go through in order to be successful.
Microsoft as a whole – including Skype – received 37,196 requests for 66,539 individual user accounts. Seventy-seven percent of the requests were accepted, with less than 1,000 overall resulting in content data being handed over. The remaining 28,698 only saw user data such as login IDs, names, IP addresses and physical addresses released.
Requests for enterprise data were far smaller, with just 19 requests made, all in the US. Only five of these resulted in and information being handed over, and in each case but one it was able to notify the customers of the request. It rejected the other requests.
"For all 19 enterprise requests, the legal demands were from law enforcement entities located in the US, and sought data about accounts associated with enterprise customers located in the US. In addition, to date, Microsoft has not disclosed enterprise customer data in response to a government request issued pursuant to national security laws," Microsoft added.
The UK government made 4,404 requests to Microsoft, and no content information was handed over. Authorities in the UK enjoyed a 78.2 percent success rate when asking for user data, with the vast majority of rejections due to a lack of data being available rather than a lack of legal standing.
The first half of 2013 showed no significant change in the amount of data provided when compared with the whole of 2012, in which roughly 75,000 requests for 137,000 accounts were made.
Earlier in September, web firm Yahoo also revealed similar data which showed a 98 percent hit rate for US security agencies, while the UK saw a lower rate of success, with 27 percent of data requests being rejected.
Facebook, Google and Twitter have also released their own similar data in recent months in a push to both increase customer confidence and show transparency and openness within the law. However, all of these web service giants are unhappy with the level of transparency granted to them by the US government, each of them creating petitions in the hope of being able to release more detailed information on the nature of the requests made. The issue is highlighted once more in Microsoft's report, which made it clear that "any national security orders we receive are not included".
Skype releasing no caller data will go some way to vindicate Microsoft, which was one of the companies initially strongly linked with providing backdoor access to its services for government agencies when the PRISM scandal first emerged. Microsoft has always strongly denied the accusations.

Europol nabs cyber crooks behind 21,000-strong hacked server store

Cyber crime key on keyboard
Europol has arrested the hacker masterminds behind a notorious cyber black market, selling access to 21,000 compromised servers.
The European Cybercrime Centre (EC3) reported arresting two unnamed Ukrainians in Madrid as a part of a joint operation with the Spanish National Police, codenamed Operation Ransom II.
"On 9 July, Spanish National Police arrested the two criminals and searched their house. One of them was caught red-handed, running virtual machines and chatting with other cyber criminals," read the report.
Europol said authorities seized a variety of items during the raid, including €50,000 in cash, as the group raked in huge profits from their scams.
"Their sophisticated money laundering facility was processing around €10,000 daily through various electronic payment systems and virtual currencies," Europol said.
The hackers had reportedly managed to compromise 21,000 company servers and had successfully sold access to them to more than 450 criminal groups. "The 21,000 compromised servers of companies located in 80 countries (1,500 of them in Spain) had a common feature whereby access settings were via a remote desktop (RDP)," read the report.
"With this set-up, the cyber criminal could access all information contained on the servers, using full administrator privileges for the system, i.e. absolute control. The criminals ran an online shop where the compromised machines were 'sold' to 450 of their cyber criminal 'customers' who were able to choose the location (country) of their preferred servers."
At the time of publishing Europol had not responded to V3's request for comment on how many servers were located in the UK.
Europol said the takedown was only possible thanks to cross-department and agency cooperation and data sharing. "This Spanish National Police investigation was supported from the early stages by Europol specialists, who organised and hosted a coordination meeting in April 2013," read the report.
"Europol then facilitated the exchange of criminal intelligence with other EU member states, delivered analytical reports and supported the operation on the spot with a mobile office and technical advice. Europol will receive data on the compromised computers so it can be analysed and distributed to law enforcement authorities, who in turn can notify those server owners affected by the criminals' activity."
Increasing cross-national collaboration regarding cyber threats has been an ongoing goal of the European Commission. The EC3 centre is a central part of this strategy. The centre launched earlier this year with a staff of 40 and an annual €7m budget, drawn from Europol's existing €84m funding.
The Ukrainians are two of many cyber criminals found to be running their nefarious operations out of Spain. Before their arrests Spanish authorities detained a man believed to be one of the heads of the notorious Reveton malware gang.

Met Police anti-hacker efforts cost crooks £1.01bn in profits

Metropolitan Police officer on the streets of London
UK law enforcement anti-hacker efforts stopped crooks stealing over £1bn from businesses and citizens in the last two-and-a-half years, according to the Met's Police Central e-crime Unit (PCeU).
The PCeU revealed the figure in its latest Harm and reduction report 2013. As well as the monetary sum the report reveals PCeU operations have led to 126 suspects being charged and the conviction of 89 cyber criminals, with a further 30 awaiting trial.
The operations are also listed as having disrupted 26 national and international cyber-based organised crime groups and secured a total of 184 years imprisonment for the 61 criminals given custodial sentences.
The police force originally pledged to reduce the cost of cyber crime by £504m within four years in 2011. The report highlighted the Allandale and Caldelana operations as key victories that helped it double its projected goal.
Operation Allandale was a sting against a gang conspiring to defraud banks worldwide using a sophisticated phishing scam. The operation resulted in the arrest of three men and is listed as preventing £74m worth of harm in the UK alone.
Operation Caldelana saw police target an organised crime group responsible for a sophisticated phishing scam responsible for stealing vast sums of money from victims' bank accounts. The operation is listed as mitigating £39m worth of harm within the UK.
Commander Steve Rodhouse, head of gangs and organised crime at the Met, said the PCeU was able to exceed its projected goal by collaborating with other countries' law enforcement departments and wider industry.
"The PCeU has exceeded all expectations in respect of making the UK's cyber space more secure. This is due to its innovative partnership work with industry and law enforcement across the globe and its dynamic system for developing intelligence, enforcing the law and quickly putting protection measures in place," he said.
Increasing collaboration with law enforcement and the wider industry when combating cyber crime has been a central goal of the UK government's ongoing Cyber Strategy. The strategy was launched in 2011 when the government pledged to invest £650m to bolster the country's cyber defences.
Since launching the strategy the government has introduced several initiatives to achieve this goal, including the creation of the Cyber Security Information Sharing Partnership (CISP). The partnership is designed to help protect the UK's growing digital economy from hackers by facilitating real-time data sharing between the government and private sector.
Despite the positive development, the £1.01bn figure is only a small chunk of the UK's overall digital economy, which the government currently lists as being worth £82bn.
The news follows widespread reports hackers are developing new, sophisticated ways to increase the monetary yield of their cyber scams. Most recently Microsoft reported the authors of the notorious Sefnit Trojan have resurfaced using advanced infection and click-fraud techniques to earn vast sums of money through bogus advertising.

Hackers-for-hire uncovered using hit-and-run 'Icefog' APT on Mac OS X and Windows systems

Kaspersky Labs researchers have linked a cyber mercenary gang to a wave of surgical strikes on military and government agencies, codenamed Icefog.
Kaspersky Lab confirmed uncovering the Icefog campaign in its The Icefog APT: A Tale of Cloak and Three Daggers threat report. The researchers said the campaign has been active since at least 2011 and has hit a number of high profile targets.
"Icefog is an Advanced Persistent Threat that has been active since at least 2011, targeting mostly Japan and South Korea. Known targets include government institutions, military contractors, maritime and shipbuilding groups, telecom operators, industrial and high-tech companies and mass media," read the report.
"There are versions for both Microsoft Windows and Mac OS X. In its latest incarnation, Icefog doesn't automatically exfiltrate data, instead it is operated by the attackers to perform actions directly on the victim's live systems."
Principal security researcher at Kaspersky, Lab Vitaly Kamluk told V3 the attacks are particularly dangerous as they use an atypical, real-time strategy tailored to the victim's systems making. "The Windows machines are infected through ‘hit and run' targeted attacks - a fact that makes Icefog a very unique operation," he said.
"While in other APT campaigns, victims remain infected for months or even years and attackers are continuously exfiltrating data, Icefog operators are processing victims one by one - they locate and copy only specific, targeted information. They set up command-and-control servers, create a malware sample that interacts with it, attack the victim, infect it, and communicate with the victim machine before moving on.
"The nature of the attacks is also very focused - in many cases, the Icefog operators appear to know very well what they need from the victims. The filenames were quickly identified, archived, transferred to the C&C and then the victim was abandoned. Basically, the attackers come, steal what they want and leave."
Kamluk said the attacks hit-and-run nature makes detecting Icefog attacks particularly difficult as it requires them to forensically examine each specific raid on a case-by-case basis, rather than look for general trends.
"While in other cases, victims remain infected for months or even years, and data is continuously exfiltrated, the Icefog attackers appear to know very well what they need from the victims. Once the information is obtained, the victim is abandoned. The shortest amount of time the Icefog attackers spent in the victim's network is a few hours. Before leaving the network, they clean up the system, not to leave traces," he said.
He added the variety of victims indicates the hackers operate on a "for hire" basis, renting their services out to the highest bidder.
"Icefog is a small hit-and-run gang available for hire that attack organisations with surgical precision. Unlike other APT gangs that consist of tens of people (for example NetTraveler which had a team of 50-to-100 people), there are just six-to-12 people in it," he said.
Kamluk said cyber mercenary gangs are a growing problem facing the security community and he expects to see more groups-for-hire mounting similar operations in the very near future. "The discovery of this gang exposes a new trend - the emergence of ‘cyber-mercenaries' - an organised group of people conducting cyber-espionage/cyber-sabotage activities on demand, after order of anyone who pays money," he said.
"This is something new in the area of targeted attacks. And we expect this trend to grow in future, and more small groups of cyber-mercenaries will be available for hire to perform surgical hit and run operations."
He added the hackers' refined attack strategy makes tracking them difficult, but there is evidence to suggest they may be based in China.
"The ‘for hire' nature of the attack makes attribution difficult. Exfiltrated data could be converted into money or used for cyber-espionage purposes. So it may be a nation-state sponsored cyber-espionage/surveillance operation (in cases when attackers were after the budget of Army of one of the countries), or a financially-motivated cyber-criminal operation (in cases when they were after specific blueprints related to design and technologies) -  even both if the gang had several different contractors," he said.
"Based on the list of IPs used to monitor and control the infrastructure, we assume some of the threat actors behind this operation are based in at least three countries: China (the largest number of connections), South Korea and Japan."
State sponsored hacker teams have been a growing problem facing industry, with numerous reports breaking suggesting intelligence are hiring independent groups for cyber offensive operations.
Most recently, F-Secure chief research officer Mikko Hypponen reported uncovering evidence that the NSA's Tailored Access Operations (TAO) unit and GCHQ are outsourcing missions to third-party security companies.

SME fined £5,000 by ICO for failing to encrypt sensitive data

A sole trader has been fined £5,000 by the Information Commissioner’s Office (ICO) for failing to encrypt sensitive data it held on its customers.
The company, Jala Transport Ltd, provides loans and is based in Wembley, London. A hard drive containing data on around 250 customers was stolen when the owner's car boot was opened while it was in a traffic jam. Cash to the value of £3,600 was also taken.
The data included names, dates of birth, addresses, the identity documents used to support loan applications and details of the payments made. Although the device was password protected, it was not encrypted.
The ICO said this failure to encrypt data was a vital oversight and so it had no choice but to levy the fine, as head of enforcement, Stephen Eckersley, explained.
“If the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act,” he said.
“The penalty will have a real impact on this business and should act as a warning to all businesses owners that they must take adequate steps to keep customers’ information secure.”
The ICO said the fine would have been far higher, at £70,000, but owing to the limited financial means of the company, as a sole-traded firm, it had no choice but to reduce it. The fact the breach was reported voluntarily was also noted by the ICO.

New TouchID hack by Iranian team works also on iOS 7_0_2

The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner  which allows them to hack TouchID with multiple Fingerprints also on iOS 7_0_2 .

An Iranian group of iPhone Geeks managing the blog defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints.  The news has been provided in exclusive by the colleagues at The Hackers News security portal that were contacted by the Iranian group.
The new is embarrassing for Apple firm that known for the reliability of its products and the care of security issues.
The new Apple‘s iPhone 5s was recently presented as a new device that includes a powerful feature, a biometrics-based security system called “Touch ID” that read the user’s fingerprint to unlock the phone.
Fingerprint is one of the best passcodes in the world. It’s always with you, and no two are exactly alike,” according to the Apple’s website.
The feature was immediately criticized, many security experts and advocates consider it a violation of user’s privacy, but the troubles were just began. The TouchId features were soon compromised, Germany Hackers of Chaos Computer Club demonstrated how they were able to deceive Apple’s security feature into believing they’re someone they’re not, using a well-honed technique for creating a latex copy of someone’s fingerprint.
The same fate befell the popular iOS 7 just released, the lockscreen feature in reality was not properly working allowing an attacker with physical access to the handset to make calls and access to the user’s data. Too much for a company like Apple!
The company promptly proposed an upgrade for its popular iOS 7, but while all the iPhone users are celebrating for the efficiency of Appleanother tile strikes on their heads.
As remarked by THN post another interesting fact is that, Touch ID is not only designed to scan the fingerprints of your fingers, it works with various human body parts and appendages which are also not fingers.
The concept behind the hack proposed by the Iranian group (Bashir Khoshnevis , Mohsen Lotfi , Shayan Khabazian and other members of support team) is that “No two Fingerprints are exactly alike”.
In the following video a proof of concept provided to The Hacker News in which the Group set up a mixed Fingerprint scan of 5-6 people for an iPhone 5S handset that allowed all of them to unlock the device with their individual fingerprints.

TouchID bug iOS 7_0_2
  The curious data is that Apple  officially declared that TouchID technology will misread 1 finger every 50,000, this is because Touch ID is designed to unlock the device with partial part of the scan, this means that providing a merged thumbscan of multiple users to the unlock settings of an iPhone it will be able to read at least some partial scan of an individual user.
Does the newest iOS 7_0_2 firmware  fix the issue?
Apple released a couple of days ago the new iOS 7_0_2 firmware release to fix the security issues discussed, but the hack proposed by the Iranian Team works also on the iOS 7_0_2 as demonstrated by researchers at the THN  ”Wang Wie” and “Jiten Jain“.  The researchers tested the hack procedure on iOS 7_0_2 firmware and it worked successfully.
ios 7_0_2 -update-20130927
Concluding, it is clear that Apple released too hastily the new patch for the security issues affected its new iOS 7, it is curious that bugs like this last one works on a system just patched. In the specific case it’s clear that Apple hasn’t implemented properly biometric authentication … meantime I suggest the use of old passcode to protect the user’s device.

Senator Feinstein Admits the NSA Taps the Internet Backbone

We know from the Snowden documents (and other sources) that the NSA taps Internet backbone through secret-agreements with major U.S. telcos., but the U.S. government still hasn't admitted it.
In late August, the Obama administration declassified a ruling from the Foreign Intelligence Surveillance Court. Footnote 3 reads:
The term 'upstream collection' refers to NSA's interception of Internet communications as they transit [LONG REDACTED CLAUSE], [REDACTED], rather than to acquisitions directly from Internet service providers such as [LIST OF REDACTED THINGS, PRESUMABLY THE PRISM DOWNSTREAM COMPANIES].
Here's one analysis of the document.
On Thursday, Senator Diane Feinstein filled in some of the details:
Upstream collection…occurs when NSA obtains internet communications, such as e-mails, from certain US companies that operate the Internet background [sic, she means "backbone"], i.e., the companies that own and operate the domestic telecommunications lines over which internet traffic flows.
Note that we knew this in 2006:
One thing the NSA wanted was access to the growing fraction of global telecommunications that passed through junctions on U.S. territory. According to former senator Bob Graham (D-Fla.), who chaired the Intelligence Committee at the time, briefers told him in Cheney's office in October 2002 that Bush had authorized the agency to tap into those junctions. That decision, Graham said in an interview first reported in The Washington Post on Dec. 18, allowed the NSA to intercept "conversations that . . . went through a transit facility inside the United States."
And this in 2007:
[The Program] requires the NSA, as noted by Rep. Peter Hoekstra, "to steal light off of different cables" in order to acquire the "information that’s most important to us" Interview with Rep. Peter Hoekstra by Paul Gigot, Lack of Intelligence: Congress Dawdles on Terrorist Wiretapping, JOURNAL EDITORIAL REPORT, FOX NEWS CHANNEL (Aug. 6, 2007) at 2.
So we knew it already, but now we know it even more. So why won't President Obama admit it?

Iran hacked US Navy Computers

US officials revealed that Iran hacked unclassified Navy computers in recent weeks in an escalation of cyber attacks against US infrastructures.

The Wall Street Journal reported that Iran hacked unclassified US Navy computers, the allegations were made by US officials that consider the attacks of most serious intrusion within Government Network made by foreign states.
“The U.S. officials said the attacks were carried out by hackers working for Iran’s government or by a group acting with the approval of Iranian leaders. The most recent incident came in the week starting Sept. 15, before a security upgrade, the officials said. Iranian officials didn’t respond to requests to comment.”
US officials sustained that Iranian hackers working for the government of Teheran have repeatedly violated computer systems within an unclassified Navy computer network for cyber espionage purpose.
Despite no sensitive information has been leaked the event is considered very concerning for US Intelligence, similar attacks could expose confidential information such as blueprints of a new cyber weapon, but could also compromise an architecture of the Defense.
Iran’s cyber abilities have increased gradually reaching a concerning level, Teheran has sufficient cyber abilities to attack the US causing serious damages to the critical infrastructures of the country. Iranian state sponsored hackers could hit critical infrastructure using malicious code and tools free available on the internet and purchased in the underground.
The study “Iran: How a Third Tier Cyber Power Can Still Threaten the United States”, published by the Atlantic Council sustains that despite the Iranian cyber capabilities are considered modest, they could be sufficient to launch attacks against the U.S.that would do more damage to public perceptions than actual infrastructure.
“Their ability to also play in this [cyber] sandbox compounds that concern,” a US official said.
US officials added that Congress has been briefed on the attack, Defense Secretary Chuck Hagel and Chairman of the Joint Chiefs of Staff Gen. Martin Dempsey discussed on the necessity further improve government network security.
“The Pentagon wouldn’t confirm the alleged Iranian hacks. A department spokesman said its networks are attacked daily. “We take these attempts seriously and work to learn lessons from every one of them,” the spokesman said.

Iran hacked
“The series of Iranian intrusions revealed a weakness in the Navy network and a shortcoming in the service’s defenses compared with other unclassified military networks, according to U.S. officials.
Once the intruders got into the Navy computer system, they were able to exploit security weaknesses to penetrate more deeply into the unclassified network, the officials said.”
Iranian state-sponsored hackers already hit US in the past, the US major banks were hit by a series of powerful DDoS attacks and energy industry computer networks were hacked, but if the event is confirmed there is the concrete risk that the cyber conflict may escalate.
Between US and Iran there is a dangerous tension that has repercussions in the cyber space while US President Barack Obama and Iranian President Hassan Rouhani are trying to define a diplomatic conduct to reach an agreement on the development of Iranian nuclear program. The two leaders spoke on Friday, from the White House Friday afternoon, Obama announced he just got off the phone with Iranian President Hassan Rouhani and discussed “our ongoing efforts to reach an agreement over Iran’s nuclear program.” 
“I believe we can reach a comprehensive solution,” Obama said, adding that he has asked US Secretary of State John Kerry to continue pursuing a deal with Iran that would prohibit Tehran from pursuing the development of nuclear weapons.
“I do believe that there is a basis for a resolution,” Obama said.
“Rouhani has indicated that Iran will never develop nuclear weapons,” Obama said, hailing that sentiment as a “major step forward in a new relationship between the United States and the Islamic Republican of Iran.”
The cyber war between US and Iran started a long ago, one of most debated event is the sabotage of Iranian uranium enrichment facilities made with cyber weapon known as Stuxnet.
Cybersecurity experts are not concerned only by Iran, most dangerous players in the cyberspace like China and Russia that have more sophisticated hacking capabilities than Iran.
The conflict between US and Iran is ongoing in the cyberspace and could have serious repercussions on the diplomatic dialogue established between the two governments, a cyber attack could have the same effect of a conventional strike … this could be just the beginning.