December 11, 2019
Iran’s Communications Minister today admitted a “massive state-sponsored cyber-attack” aimed at Iranian government’s cyber infrastructure and websites but did not name the state behind the attack.
After a cabinet meeting today Mohammad-Javad Azari-Jahromi told reporters the attack was repelled by the national firewall known as Dezhfa, a home-developed fire wall. He did not reveal any details or when this occurred. “More details will be announced later,” he said.
Over the years, Iran’s government structures were the target of several major attacks. In 2011 its nuclear facilities were targeted by Stuxnet, a malware that wreaked havoc on uranium-enriching centrifuges.
In September, NetBlocks, an NGO that monitors cybersecurity and the governance of the Internet reported a limited cyber-attack on Iranian oil infrastructures. In a statement the Strategic Management Center of the Iranian President’s Office, however, declared that “despite western media’s claims” there had been no effective attacks on Iran’s oil facilities or other vital infrastructures.
Following the attack on Saudi oil facilities in September, blamed on Iran, Associated Press said the retaliatory options Washington was considering included “less visible moves such as cyberattacks”.
In October Azari-Jahromi at the Munich Security Conference claimed DEZHFA had prevented 33 million cyber-attacks from destroying the country’s systems.
The cyber-attack referred to by Jahromi seems to be different from a major cyber security breach and hacking of three major Iranian banks reported by The New York Times yesterday.
On December 2, a Twitter user warned Iranians that the account information of millions of Iranian bank customer including details of their debit cards had been leaked. The content of the tweet was widely shared on various social media platforms.
The hackers themselves had used Telegram, a very popular mobile phone application that has more than 40 million users in Iran and engages 60 percent of the country’s Internet bandwidth, to announce their feat a few days earlier.
A Telegram channel called Your Bank Card created on November 27, soon after the protests that rattled the country, said in a post they had hacked the systems of Mellat, Tejarat and Sarmayeh banks.
In the Telegram post the hackers said they had accessed the card information of millions of customers and had given the banks an ultimatum to pay ransom or they would leak the information, but the banks had ignored the warning.
During an unprecedented security breach in 2012 an information technology specialist hacked more than 20 Iranian banks to prove security loophole in Iran’s electronic systems.
The hackers also sent emails to the customers of these banks which contained a link to a file containing the card details of 10 million individuals.
On December 1 Iran’s Revolutionary Guards affiliated Fars News Agency quoted an “informed source” as saying that the leaked information had not led to money transfer from any of the accounts but according to media reports Iran’s Cyber Police (FATA) confirmed that the information received in the file sent in the email was authentic.
FATA then sent an email to a large number of bank customers informing them of the breach and advising them to only use cash and to ask their banks for new cards.
“They forced us to deal a heavy blow to their authority,” the post said and referring to the protests against the hike in the price of gasoline added: “We will destroy the reputation of their banks just as we torched their banks. We will make it hell for them and drive them to ruin and dissolution.”
Later the hackers published a video that showed how the bank customers’ stolen information could be used to forge cards.
Azari-Jahromi only reacted to the news on the hacking of the banks on December 8 when he claimed the systems of the banks had not been hacked but a disgruntled technical contractor who had made a copy of the information was “making threats and asking for ransom”. Iran’s Central Bank has not yet commented on the breach.
The New York Times alleges that the attacks on the banks were carried out by an agent of a foreign government and can pose a great financial challenge to the economy of Iran which is already ailing under the heavy pressure of U.S. sanctions.