Google is warning thousands of Gmail customers this week that state-sponsored attackers may be trying to compromise their computers, an admonition that comes as authorities in Iran claim that their systems are coincidently being targeted as well.
Although neither Google nor Iran has explicitly singled-out a specific culprit or country as being behind the assaults, the Silicon Valley search engine says attacks on their servers are thought to be “state-sponsored.”
Mike Wiacek, the manager of the company’s information security team, tells The New York Times that suspicious activity is believed to be coming from “a slew of different countries” in the Middle East.
Google first informed customers in June that they suspected malicious activity was targeted a large chunk of their users, dispatching warnings at the time the suspected victims reading, “We believe state-sponsored attackers may be attempting to compromise your account or computer.”
Mr. Wiacek now tells The Times that new intelligence gathered in the three months since has prompted Google to begin warning “tens of thousands of new users” this weekthat they may be targets. A new group of users were cautioned this week, to which several known journalists and foreign policy experts announced over Twitter that they had been recipients of the latest string of warnings.
“Aaaaand I just got Google’s ‘you may be a victim of a state-sponsored attack’ notice. #WhatTookYouSoLong?” Noah Schactman, the editor of Wired’s “Danger Room” blog, wrote over Twitter.
The latest warnings from Google come only days after groups claiming Middle Eastern affiliation credited themselves with temporarily knocking offline the websites of several major US financial institutions, including JPMorgan Chase, Bank of America, Citigroup and Wells Fargo. Responding to those distributed-denial-of-service attacks, CrowdStrike Security President George Kurtz told the Times, “We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cyber capabilities.”
“There is also a strong activist movement underfoot, which should be concerning to many large companies. The threat is real, and what we are seeing now is only the tip of the iceberg,” Mr. Kurtz said.
Meanwhile, authorities in Iran say that their systems are being targeted as well. And although assaults waged at the Iranian computer infrastructure are nothing new, the coinciding attacks suggest a cyber-war could indeed be heating up between American entities and the United States’ foreign adversaries.
Mehdi Akhavan Behabadi, secretary of the High Council of Cyberspace, tells the Iranian Labour News Agency that his country is cracking down on access to content on the Web as investigators try to determine the culprit behind an onslaught of attacks this week that are affecting several sectors of the Iranian e-grid.
“Yesterday we had a heavy attack against the country's infrastructure and communications companies which has forced us to limit the Internet," Behabadi tells Reuters in an article published Wednesday. "Presently we have constant cyber-attacks in the country. Yesterday an attack with a traffic of several gigabytes hit the Internet infrastructure, which caused an unwanted slowness in the country's Internet.”
Iranian official suspect the assault on their systems are state-sponsored as well, but are looking west for a possible guilty party: previously, engineers and computer experts have linked at least two types of viruses acting maliciously on Iran’s computer to the United States: the Stuxnet worm and the Flame virus. This time around, Behabadi once again suggests that the assault is more than just a maneuver from a few well-coordinated computer hackers.
"All of these attacks have been organized. And they have in mind the country's nuclear, oil, and information networks,” he adds to Reuters.
Although the US had not admitted responsibility in either Flame or Stuxnet, the malware has long been assumed to have been developed in cooperation with American engineers. Experts at Russia’s Kaspersy Labs reported last month that they identified three new, similar viruses that they believe are related to the others sent to infect Iran, saying the malware’s coding “fits the profile of military and/or intelligence operations."
Previously, Kaspersky Lab chief security expert Aleks Gostev claimed, “Stuxnet of 2009 had a large piece of code similar to that of Flame, so apparently creators of Stuxnet and Flame were working in close collaboration.” Now both Kaspersky scientists and researcher with the United States’ Symantec Corp. believe that whoever is responsible for those viruses are prepared to unleash upwards of three others. Whether or not the current attack being waged against Iran is related to those viruses has yet to be confirmed.
Earlier this week, the White House announced that hackers attempted to infiltrate an unclassified computer network used by US President Barack Obama. The Washington Free Beacon reported that the Chinese were assumed responsible for “Beijing’s most brazen cyber-attacks against the United States and highlights a failure of the Obama administration to press China on its persistent cyber-attacks,” although the White House did not name any suspects. The alleged “cyber attack,” Washington later confirmed, was an attempted spear-phishing assault — a primitive method of trying to coerce victims into disclosing person information over email.