US And Israel Should Prepare For Destructive Iranian Cyberattacks, Ex-Intel Officer Says
In the aftermath of American strikes against multiple Iranian nuclear sites on Saturday, the country retaliated with strikes on Israel and on a U.S. base in Qatar, where no casualties were reported. This morning, a ceasefire was confirmed by all sides, though Israel quickly accused Iran of breaking it. But longer term, in lieu of a nuclear bomb or significant firepower in the face of U.S. and Israeli military might, Iran may turn to cyberattacks.
The country has a 'robust cyber apparatus,' according to Sanaz Yashar, a former intelligence officer in Israel who fled Iran as a teenager and now runs a cybersecurity startup. Its cyber program is spread across three different agencies: the Islamic Revolutionary Guard Corps (IRGC), the Ministry of Intelligence and the Ministry of Defense. Yashar expects Iran's cyber offensive units to respond soon with 'quick and dirty' operations, which will be disruptive but not catastrophic. In the longer-term, 'there will be investment in destructive cyber capabilities' because they're 'impactful and deniable,' Yashar added. On Sunday, the DHS warned of an increased risk of cyberattacks either from Iran-friendly hacktivist groups or from the Iranian regime itself.
'Any new work is going to cause more strain on CISA.' A current CISA employee
U.S. cyber infrastructure, however, may not be adequately prepared because of staff losses at the DHS Cybersecurity and Infrastructure Agency (CISA), which currently lacks a permanent director. The agency has been bleeding talent since many of its leadership, including former director Jen Easterly, have departed or were fired. Trump's nominated director, Sean Plankey, is yet to be confirmed.
One CISA insider told Forbes that if there was to be an increase in Iranian cyber activity, the agency would be stretched to respond to the mass of threats currently facing America in cyberspace. 'Any new work is going to cause more strain on CISA because we aren't even being given the resources needed for our current workload,' they said.
Concerns swirled online about if the problems at CISA could hobble a U.S. response. 'Start scheduling backups and don't be surprised by cyber attacks from Iran or their supporters. Right after dismantling CISA, perfect timing,' wrote Jeff Moss, founder of the DEF CON cyber conference and a former member of the CISA Cyber Security Advisory Council, on BlueSky.
Though manifold reports have pointed to a CISA with low morale and overworked staff, the agency's public affairs director Marci McCarthy told Forbes that CISA had been 'lost and unfocused under Joe Biden,' with a 'ballooning budget.' Now, President Trump and secretary for homeland security Kristi Noem are refocusing CISA, said McCarthy.
'The agency was focused on censorship, branding and electioneering instead of defending America's critical infrastructure,' McCarthy said. 'That era is over. Today CISA is focused squarely on executing its statutory mission: serving as the national coordinator for securing and protecting the nation's critical infrastructure.'
She added that there are currently 'no specific credible threats against the homeland,' but critical infrastructure organizations should remain vigilant.
Iranian hackers have in recent years been accused of some significant cyberattacks. In late 2023, a number of American water plants were breached, which led to the 2024 sanctions of six officials at the IRGC. Earlier this year, the U.S. offered a $10 million reward for information on the identities and whereabouts of members of CyberAv3ngers, a group linked to various attacks on global critical infrastructure, with a focus on targeting Israeli-made equipment.
Yashar said Iran's hackers will want to use attacks as a type of influence operation that will 'show off and enhance regime stability internally.' 'The biggest concern would be they go after databases of naval, aviation and shipping information for further targeting,' she said.
But it's disputed just how much of a digital threat Iran poses. The CISA insider said Iran was not considered a serious cyber threat on the level of China or Russia. Other experts agree. John Hultquist, chief analyst at Google's Threat Intelligence Group, wrote on LinkedIn over the weekend that Iran's main focus for its cyber warfare is psychological. 'There is a real, practical risk to enterprises, but it's important that we don't overhype the threat here and give them the win they're after.'
Israel began bombing Iran in mid-June, targeting its nuclear facilities. The U.S. launched air strikes over the weekend in support of Israel's effort to prevent Iran from building a nuclear weapon. How many years the American attack has put Tehran back is unclear, despite Trump's claims it had "totally obliterated" three of Iran's nuclear sites. Iran's leader Ayatollah Ali Khamenei has not yet spoken publicly about the strikes.
Israel, which has built a major cyber intelligence operation across the IDF's Unit 8200, Mossad and other agencies, has not yet been credited with any significant cyberattacks since it launched airstrikes on Iran. Last week, a pro-Israel hacking crew known as Predatory Sparrow claimed responsibility for a breach of Iran's largest crypto exchange Nobitex, with as much as $90 million stolen. It's unclear what links, if any, Predatory Sparrow has to the Israel government. Iran, meanwhile, reportedly closed off its internet to protect from potential cyberattacks.
One reason for the physical attacks on Iran's nuclear capabilities could be that cyber offensive operations are no longer effective enough. The Stuxnet cyberattacks on the Natanz nuclear facility back in 2009 were reportedly part of a joint U.S.-Israel effort that were estimated to have set Iran's nuclear program back by years. Now the same countries have taken to bombs rather than malware.
More from Forbes Forbes Iranian Hackers Abuse Slack For Cyber Spying By Thomas Brewster Forbes Inside OilRig -- Tracking Iran's Busiest Hacker Crew On Its Global Rampage By Thomas Fox-Brewster Forbes Trump Pardoned Him. Now He's Selling His Cyber Business For $200 Million. By Thomas Brewster Forbes Iranians Hacked A Domestic Violence Shelter And U.S. Power Companies In Ransomware Rampage, DOJ Says By Thomas Brewster
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fast Company
30 minutes ago
- Fast Company
WhatsApp just got banned on Capitol Hill. Here's how you can make the Meta messaging platform more secure
The U.S. House of Representatives' Chief Administrative Officer (CAO), Catherine Szpindor, informed congressional staffers this week that WhatsApp is now banned from government phones. The move came after the CAO's Office of Cybersecurity deemed the Meta-owned app to be 'high-risk to users'—a claim that WhatsApp quickly rebutted. But the CAO is correct. While WhatsApp is one of the more secure messaging apps out there, it does have some privacy and security risks. Users can mitigate some of these risks, but others are beyond their control. Here's why WhatsApp is now banned in the U.S. House of Representatives and how you can make the app more secure on your phone. What the Office of Cybersecurity said, exactly The news that the CAO's Office of Cybersecurity had announced a ban on WhatsApp this week came from Axios. On Tuesday, the publication published parts of an internal CAO memo it received, which was sent to congressional staffers on Monday, announcing that WhatsApp was now verboten on government phones. The memo stipulated that 'House staff are NOT allowed to download or keep the WhatsApp application on any House device, including any mobile, desktop, or web browser versions of its products.' It went on to add: 'If you have a WhatsApp application on your House-managed device, you will be contacted to remove it.' The reason? According to the memo, 'The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.' The CAO didn't provide further details in the memo regarding the above risks. Still, it's easy to interpret some of the things that may have made the CAO leery about the continued use of WhatsApp by Congressional staffers. WhatsApp's transparency issue WhatsApp, like competing secure messaging apps including Apple's iMessages and Signal, is end-to-end encrypted, meaning that no parties other than the ones in the chat, even including Meta, can read the chat messages. But WhatsApp collects a lot more metadata from each chat than other secure messaging apps do, and it sends this info to Meta A chat's metadata includes information such as the identities of the chat participants, IP addresses, phone numbers, and the timestamps of messages. No one knows exactly what Meta does with this metadata. Still, it is shared with Meta's other platforms, including Instagram and Facebook. It is likely used to help the company build social graphs of users, leveraged for advertising purposes, and analyzed by the company to understand who is using their apps, and when and where. This opaqueness is likely some of the 'lack of transparency' risk that the CAO was referring to. As for the 'absence of stored data encryption,' the CAO may have been referring to the default method by which WhatsApp backs up a user's chats. While WhatsApp chats are end-to-end encrypted, if a user backs up those chats to the cloud, the backup itself is not end-to-end encrypted by default. This means that if a bad actor gains access to a WhatsApp user's cloud backup, they could read all of that user's messages. It's no wonder the CAO's Office of Cybersecurity finds this worrying. WhatsApp also doesn't have other privacy and security features on by default, including the ability to lock the app behind biometrics and requiring two-step verification when a WhatsApp account is installed on another phone. If you don't work in the House of Representatives, you can still keep WhatsApp on your phone. But you might want to mitigate its privacy and security risks. Here's how. How to make WhatsApp more secure on your phone Unfortunately, there's nothing you can do about WhatsApp's metadata problem. Meta designs WhatsApp so that the metadata of your chats is sent directly to the company. There's no way you can turn this data collection off. But you can make the app more secure on your phone by following some simple steps, including: End-to-end encrypt your WhatsApp backups: In WhatsApp, go to Settings>Chats>Chat Backup>End-to-End Encrypted Backup and turn this option on. Now your chat backups saved in the cloud will be end-to-end encrypted. Lock WhatsApp: You can set WhatsApp to refuse to open without further authentication by locking the app. This means that even if someone has access to your unlocked phone, they won't be able to open WhatsApp unless they know your phone's PIN, or have your face or fingerprint. To lock WhatsApp, go to WhatsApp's Settings>Privacy>App Lock and toggle the feature on. Enable two-step verification: If someone logs into your WhatsApp account on their phone, they'll be able to see your messages. That's why you should set up two-step verification for your account. This will require a PIN that you set to be entered whenever an attempt is made to log into your WhatsApp account on a new device. If the PIN isn't entered correctly, the new device won't have access to your account. To enable two-step verification, go to WhatsApp's Settings>Account>Two-Step Verification and toggle the feature on. Apps the CAO suggests using instead When reached for comment on the CAO's decision to ban WhatsApp, the organization's chief administrative officer, Catherine Szpindor, told Fast Company, 'Protecting the People's House is our topmost priority, and we are always monitoring and analyzing for potential cybersecurity risks that could endanger the data of House Members and staff. We routinely review the list of House-authorized apps and will amend the list as deemed appropriate.' In the past, the CAO has banned or imposed partial bans on various foreign apps, including those from ByteDance, such as TikTok. But the CAO has also previously announced bans or restrictions on apps made by American companies, including Microsoft Copilot and the free versions of ChatGPT. As for Meta, a company spokesperson told Fast Company that it disagrees with the CAO's characterization of WhatsApp 'in the strongest possible terms.' The spokesperson also asserted that, when it comes to end-to-end encryption, WhatsApp offers 'a higher level of security than most of the apps on the CAO's approved list that do not offer that protection.' In the Office of Cybersecurity's memo, the agency provided guidance on alternative secure messaging apps that House staffers could use now that WhatsApp had been banned. According to Axios, those apps include Apple's iMessage and FaceTime, Microsoft Teams, Wickr, and Signal.
Yahoo
31 minutes ago
- Yahoo
At least 34 killed in Israeli strikes in Gaza as ceasefire prospects inch closer
At least 34 people were killed across Gaza by Israeli strikes, health staff say, as Palestinians face a growing humanitarian crisis in Gaza and ceasefire prospects inch closer. The strikes began late on Friday and continued into Saturday morning, among others killing 12 people at the Palestine Stadium in Gaza City, which was sheltering displaced people, and eight more living in apartments, according to staff at Shifa hospital where the bodies were brought. Six others were killed in southern Gaza when a strike hit their tent in Muwasi, according to the hospital. The strikes come as US President Donald Trump said there could be a ceasefire agreement within the next week. Taking questions from reporters in the Oval Office on Friday, the president said: 'We're working on Gaza and trying to get it taken care of.' An official with knowledge of the situation told The Associated Press that Israel's minister for strategic affairs, Ron Dermer, will arrive in Washington next week for talks on Gaza's ceasefire, Iran and other subjects. The official spoke on condition of anonymity because they were not authorised to speak to the media. Talks have been on and since Israel broke the latest ceasefire in March, continuing its military campaign in Gaza and furthering the dire humanitarian crisis. Some 50 hostages remain in Gaza, fewer than half of them believed to be still alive. They were among some 250 hostages taken when Hamas attacked Israel on October 7 2023, sparking the 21-month-long war. The war has killed more than 56,000 Palestinians, according to Gaza's Health Ministry, which does not distinguish between civilians and combatants. It says more than half of the dead were women and children. There is hope among hostage families that Mr Trump's involvement in securing the recent ceasefire between Israel and Iran might exert more pressure for a deal in Gaza. Israeli Prime Minister Benjamin Netanyahu is riding a wave of public support for the Iran war and its achievements, and he could feel he has more space to move toward ending the war in Gaza, something his far-right governing partners oppose. Hamas has repeatedly said it is prepared to free all the hostages in exchange for an end to the war in Gaza. Mr Netanyahu says he will end the war only once Hamas is disarmed and exiled, something the group has rejected. Meanwhile, hungry Palestinians are enduring a catastrophic situation in Gaza. After blocking all food for more than two months, Israel has allowed only a trickle of supplies into the territory since mid-May. Efforts by the United Nations to distribute the food have been plagued by armed gangs looting trucks and by crowds of desperate people offloading supplies from convoys. Palestinians have also been shot and wounded while on their way to get food at newly formed aid sites, run by the American and Israeli-backed Gaza Humanitarian Foundation, according to Gaza's health officials and witnesses. Palestinian witnesses say Israeli troops have opened fire at crowds on the roads heading toward the sites. Israel's military said it was investigating incidents in which civilians had been harmed while approaching the sites.
New York Times
31 minutes ago
- New York Times
With Supreme Court Ruling, Another Check on Trump's Power Fades
The Supreme Court ruling barring judges from swiftly blocking government actions, even when they may be illegal, is yet another way that checks on executive authority have eroded as President Trump pushes to amass more power. The decision on Friday, by a vote of 6 to 3, will allow Mr. Trump's executive order seeking to end birthright citizenship to take effect in some parts of the country — even though every court that has looked at the directive has ruled it unconstitutional. That means some infants born to undocumented immigrants or foreign visitors without green cards can be denied citizenship-affirming documentation like Social Security numbers. But the diminishing of judicial authority as a potential counterweight to exercises of presidential power carries implications far beyond the issue of citizenship. The Supreme Court is effectively tying the hands of lower-court judges at a time when they are trying to respond to a steady geyser of aggressive executive branch orders and policies. The ability of district courts to swiftly block Trump administration actions from being enforced in the first place has acted as a rare effective check on his second-term presidency. But generally, the pace of the judicial process is slow and has struggled to keep up. Actions that already took place by the time a court rules them illegal, like shutting down an agency or sending migrants to a foreign prison without due process, can be difficult to unwind. Presidential power historically goes through ebbs and flows, with fundamental implications for the functioning of the system of checks and balances that defines American-style democracy. But it has generally been on an upward path since the middle of the 20th century. The growth of the administrative state inside the executive branch, and the large standing armies left in place as World War II segued into the Cold War, inaugurated what the historian Arthur Schlesinger Jr. coined the 'imperial presidency.' Want all of The Times? Subscribe.
