An Iranian group is taking credit for hacking a dam less than 20 miles outside of New York City.
The group, SOBH Cyber Jihad, conveyed the message to software provider Flashpoint Intelligence through another Iranian hacking group called Parastoo. They added that technical information to prove the claim would be forthcoming.
The Wall Street Journal reported that the Bowman Avenue Dam, located in Rye, N.Y., was hacked in 2013 by hackers linked to Iran, though it wasn’t clear whether they were linked to the Iranian government. The attack came as the country’s government sponsored “botnet” attacks against major American banks, overwhelming and crashing their websites.
In its statement, SOBH Cyber Jihad said it had remained silent until now because of a “state level” warning to keep quiet “for the greater good.”
“This cyberattack surely serves as a bucket of ice water to the face,” Sen. Chuck Schumer, D-N.Y., said at a Wednesday press conference. “There are larger dams, there are public utilities, there are nuclear power plants… We don’t know how many attacks like this have been attempted,” Schumer said.
Officials originally feared the hackers had accessed the Arthur R. Bowman Dam in Oregon, a 245-foot-tall structure that irrigates and prevents flooding for nearby residents. That’s in contrast to the 20-foot Bowman Dam located in Rye, constructed decades ago for the purpose of ice production.
Department of Homeland Security documents indicate the perpetrators managed to access usernames and passwords, but never manipulated the dam. Leo Taddeo, former special agent in charge of the Cyber Division of the New York FBI, said the problem comprised preventable issues often cited by cybersecurity officials.
“The lesson is network operators have to be vigilant, have to keep systems updated and patched and make sure their perimeter protections are in place and they have to harden their interiors,” Taddeo told NBC News.
In comments to the Washington Examiner, another cybersecurity expert described the Iranian groups involved in the incident. “Parastoo, and now SOBH, have both expressed interest in exploiting vulnerabilities in US critical infrastructure,” the expert stated. In particular, Parastoo is most interested in Supervisory Control and Data Acquisition systems that include nuclear power plants, utilities, and the electrical grid; air traffic control; and telecommunication systems.
“SOBH’s end goal is likely to [influence] the foreign policy decisions of the U.S. and Israel by issuing cyber threats and making the two countries feel vulnerable,” the expert added. “It is not possible to say the organization would never adopt an aggressive stance that sought to cause harm to U.S. citizens, but so far the group has been content to release information and make cryptic threats.”
A separate report on Monday indicated the U.S. electrical grid has been hacked at least a dozen times over the past decade, which can also be largely attributed to antiquated hardware and lackluster security practices.
Related Story: http://www.washingtonexaminer.com/article/2578858?custom_click=rss
Schumer added that he was going to ask DHS to investigate vulnerabilities in critical infrastructure, calling the problem “malignant” and warning, “It could be metastasizing.”
