Global Weekly Executive Summary, 20 OCT 2017

British Intelligence Suspects Iran in Parliament Email Attacks

British intelligence now suspects that Iran was the source of the June 2017 brute force attacks against 9,000 UK Parliament email accounts.

Key Details:

  • On 23 June of 2017, 9,000 UK parliamentary email accounts were targeted in a 12-hour long brute force attack that included 200,000 attempts to access accounts. (BBC)
  • The accounts of Prime Minister Theresa May and other senior ministers were among those targeted. (Guardian)  
  • Up to 90 Members of Parliament (MP) accounts were compromised because of weak password use. (Times)(Guardian)
  • UK government officials say that although fewer that 1% of the email accounts were compromised, they assume that some sensitive materials were accessed. (Times)
  • Prime Minister May’s emails were considered safe because she uses the more secure account associated with her role as Prime Minister rather than her parliamentary account. (Times)
  • Iran, or groups working in the interests of the Iranian government, have been suspected in major cyber attacks in the past, but they have not been known to target the UK in the past.

Supporting Details:

  • Previously, the attacks were suspected to be state-sponsored, with Russia or North Korea considered to be the possible perpetrators because those countries were believed to be behind previous cyber incidents in the UK. (BBC, Guardian)
  • Articles in The Times and The Guardian revived the story of the June 2017  attack this week, citing “an unpublished assessment by British intelligence” that attributed the attacks to Iran. (Guardian) The Times described “a secret intelligence assessment” as the source for this new attribution.
  • The creator and source of the “unpublished assessment by British intelligence” is not named, but the document was reported on by The Times was independently verified by The Guardian. (SC)
  • The UK National Cyber Security Centre (NCSC) spokesperson declined to confirm or comment on the report “while inquiries are ongoing.” (Guardian)

Significance:

  • This seems to be Iran’s first “significant cyber-attack on a British target” (SC), This may signal Iran’s desire to be considered a leading global “cyberpower.” (Times)
  • Iran is believed to be behind the destructive Shamoon attacks targeting Saudi Aramco and other energy companies in Saudi Arabia. Other cyber campaigns attributed to  Iran include the 2016-2017 “Mia Ash” espionage campaign thought to have been used to compromise the Deloitte accounting firm, the 2011-2013 DDOS attacks on 46 American banks and financial institutions and an attempt at shutting down a New York dam (Reuters) (Hill), and GPS disruption/spoofing of ships in the Persian Gulf. (Times)
  • The 2015 “The DOD Cyber Strategy” document states, “While Iran and North Korea have less developed cyber capabilities, they have displayed an overt level of hostile intent towards the United States and U.S. interests in cyberspace.”  (DOD pdf)
  • This news comes at a time of increased tension between Iran, The UK, and the United States. President Trump has considered withdrawing from the 2015 Iran nuclear deal while the UK, France, and Germany have reaffirmed support of the deal. (BBC)
  • The Times raised a possible theory, “Some experts believe it is possible that elements of Iran’s Islamic Revolutionary Guard Corps are using cyber-attacks to undermine the deal because they want the country to resume its weapons programme.” (Times)

Sources:

SC Media, Iran is being blamed for a cyber-attack against Parliamentary emails

BBC, Iran blamed for Parliament cyber-attack

The Times, Iran attacks 9,000 email accounts in parliament

The Times, Hack attack on parliament brings Tehran out from cyber-shadows

The Guardian, Iran to blame for cyber-attack on MPs’ emails – British intelligence

NYT, British Parliament Hit by Cyberattack, Affecting Email Access

The Guardian, Cyber-attack on parliament leaves MPs unable to access emails

BBC, Iran nuclear deal: Global powers stand by pact despite Trump threat

Reuters, U.S. indicts Iranians for hacking dozens of banks, New York dam

BBC, ‘It was always going to happen’: Inside the cyber-attack on parliament

BBC, Parliament cyber-attack ‘hit up to 90 users’

The Hill, US sanctions Iranian nationals for cyberattacks against banks

Forbes, Iranian Hackers Targeted Deloitte Via A Seriously Convincing Facebook Fake

Defense.gov, The DOD Cyber Strategy