Hackers-for-hire in Iran have already fired first shots in Illinois, Indiana

ByChuck Goudie and Barb Markoff WLS logo
Tuesday, January 7, 2020
Hackers-for-hire in Iran have already fired first shots in Illinois, Indiana
EMBED <>More Videos

Chuck Goudie and the I-Team report that Iran fired the first shot in a cyberwar, long before last week's U.S. drone-death of Iranian General Qasem Soleimani.

CHICAGO (WLS) -- Even as U.S. defense and homeland security officials on Monday were tightening access to potential Iranian terror targets here and around the world, several waves of cyber-terror attacks that authorities say were directed by Iran-backed hackers have already commenced a digital war on hundreds of targets in the Midwest.

The first attack, reported by the ABC7 I-Team in March 2018, included Iranian infiltration of computer systems for the State of Indiana, at the Federal Energy Regulatory Commission, the Department of Labor, the United Nations and 144 U.S. universities. Nine Iranian nationals, still fugitives, have been charged in that case, one of the largest foreign government-sponsored hacking cases ever charged by the Justice Department.

The second attack originating in Iran occurred in November 2018 and targeted a Chicago healthcare technology company. The two men charged in that case are also both federal fugitives.

Most recently, cyber-terror experts point to an attack on the Las Vegas Sands Corporation computers by Iranians after the company's founder, Sheldon Adelson, called for a nuclear attack on Iran.

U.S. law enforcement officials said those cases suggest Iran already has a deeply-rooted ability to wage foreign cyber-war on distant targets as part of any, more conventional, terror attack involving bombs and bullets.

New concerns follow Iran's pledge to attack American entities after the nation's top military official Gen. Qasem Soleimani was drone-killed by U.S. forces as he visited Iraq last week.

"Iranian regime actors and proxies are increasingly using destructive 'wiper' attacks, looking to do much more than just steal data and money," said a new threat assessment alert from the Department of Homeland Security. "These efforts are often enabled through common tactics like spear-phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network."

The two 2018 Iranian-directed attacks that included targets in Chicago and Indiana were different modus operandi.

In the first, hackers stole data and intellectual property across all fields of research, including engineering, medicine, science and technology between 2013 and 2017.

The nine men charged were working in cooperation with Iran's Islamic Revolutionary Guard Corps, according to federal prosecutors. That is the same military organization that Soleimani oversaw in Iran at the time of his death.

Two men charged in the other 2018 U.S. cyber-attack were allegedly running "an extreme form of 21st century digital blackmail" using SamSam ransomware to target vulnerable institutions across the U.S. and Canada.

Faramarz Shari Savandi and Morammad Mehdi Shah Mansouri allegedly engineered the ransomware program and are now named in FBI arrest warrants.

On Monday evening the Cybersecurity and Infrastructure Security Agency (CISA) released new guidance on Iran.

"Increased geopolitical tensions and threats of aggression may result in cyber and physical attacks against the Homeland and also destructive hybrid attacks by proxies against U.S. targets and interests abroad," stated the new federal alert.

Authorities warn of disruptive and destructive cyber operations, cyber-enabled espionage, and disinformation campaigns. They also warn of attacks against U.S. citizens and American interests abroad, IED's and unmanned aircraft systems.