Months
of research in Iranian networks is uncovering at least 16000 systems
controlled by Iran outside borders and 2000 of these were infected
machines of businesses in the US, Israel and other countries.
Many
of the Internet Protocol addresses (IPs) of those machines are
hosting .ir websites, domains that are used as platforms for attacks.
According to the company, in many cases visitors to those sites are
later infected with malware, software designed specifically for
surveillance and to obtain valuable data from target organisations.
Most
targets are in the US although attacks have also hit including UK,
Israel, Germany and Canada. Various US and European hosting companies
also have been abused. Cloud and hosting services of industry giants
like Amazon and GoDaddy are used to launch the attacks.
Norse
believes previous research into Iranian activity may included false
assumptions about the actors involved as Iran has been able at
creating disinformation and used more than 5000 fake social
networking profiles to trick viewers to following tracks to nobody
and nowhere.
iSight
released a report and claimed that these fake profiles were
used to spy on military leaders and political staff across the world.
Norse
set up fake systems that appeared to belong to businesses and
critical infrastructure providers that was attractive to attackers.
The organization collected data of subsequent attacks and traced a
large number to Iran. Norse also used "millions of sensors
dropped all over the world" and analysis tools for tracing.
Turkey
and Iran collaborate on cyber issues and is reported that Turkey in
exchange for oil and other goods helped Iran circumvent US and
European sanctions that were implemented in response to that
country's nuclear programs.
Rival
security research firm CrowdStrike says that it tracks four different
Iranian groups that it calls Kittens. Each Kitten is separate from
the other and has its own modus operandi and target list. Finally
there is Cutting Kitten.
Role
of Iran’s Universities
Islamic
Republic of Iran has other ways in encour aging IT entrepreneurs
follow its commands. For example the role of government in Iran’s
university system is enormous. The regime invested large amounts in
building IT and other scientific infrastructure at the top
educational institutions including Sharif
Univer sity of Technology,
Shahid
Beheshti University
and IRGC
linked Malek Ashtar University and
in
return can direct research in ways to pursue regime objectives.
The
development of Iran’s nuclear weapons program after 2003 is an
example for understand ing the evolution of the relationship between
gov ernment, security services and universities in IT. When Supreme
Leader Khamenei ordered stop to Iran’s state nuclear weapons
research program after the US invasion to Iraq in 2003 and his
lieutenants built a new structure that spread rel evant research
through the university system.
The
scale and effects of this effort are visible but assessing the level
of awareness and or willingness of all the univer sity participants
in it is not easy and Iran’s IT sector works in a similar fashion.
Government and secu rity institutions collaborate with universities
in research to achieve government aims and make faculties and
students components of regime strategic efforts. Students after
graduation find themselves in a network of associations and research
projects that mostly also supports regime priorities, whether they
know or not.
The
Islamic Republic also uses incentives created by mandatory military
service to encourage aspiring young programmers to support state
security efforts directly. At least one scientist involved in
research related to development of nuclear weapons writes in his
resume that he was exempted from com pulsory military service in
exchange for work on a project deemed useful to the armed forces.
This pro gram of exemption was developed in 2007.
Therefore
Iran’s leaders have carefully and consciously built national IT,
education and corporate infrastruc tures that produce excellently
educated developers with incentives to pursue government objectives
and not use skills against the government. They have involved Iran’s
security organs especially the IRGC, through these structures in ways
to allow the regime uses these IT and hacking capabilities with
plausible deniability. In addition they have built an internet
infrastructure designed to hide the sources of malicious activity and
give the government the ability to monitor, regulate and control
citizens access to the internet in extremely detailed ways.
Full
details of the Norse Project Pistachio Harvest report are found here:
www.pistachioharvest.com/#/dashboard
