A senior US official has admitted that the first ever destructive cyber-attack on an American firm by a nation state last year was carried out by Iranian operatives against the Las Vegas Sands casino group.
Director of national intelligence, James Clapper, confirmed at the Senate Armed Services Committee what up until now had been unsubstantiated reports, according to Bloomberg.
The attack on the world’s largest casino group in February 2014 is said to have shut down servers and PCs, wiping hard drives and taking out key systems such as those which monitor the payouts at the slot machines and gambling tables.
IT staff were even forced to rip out network cables from any computer they could find in a desperate bid to stop the attack from spreading, a report claimed in December.
It’s thought that the attack might have been sanctioned in response to outspoken conservative Sands owner Sheldon Adelson’s remarks that Tehran should be nuked if it doesn’t give up its nuclear weapons program.
The $14bn firm’s website at the time was apparently defaced with a picture of Adelson and Israeli PM Benjamin Netanyahu and a message referencing the comments.
According to Clapper, the Sands attack was the first of its kind on a US organization, to be followed later that year with a similar destructive blitz on Sony Pictures Entertainment which the authorities are blaming on North Korea.
“While both of these nations have lesser technical capabilities in comparison to Russia and China, these destructive attacks demonstrate that Iran and North Korea are motivated and unpredictable cyber-actors,” he reportedly added.
Rather than a single ‘Cyber Pearl Harbor’ style event which takes the country’s critical infrastructure by surprise, crippling the nation, it’s more likely that the future will see more isolated incidents like these two attacks by Iran and North Korea, Clapper claimed.
Iran’s cyber capabilities certainly appear to have grown significantly of late.
In December the FBI warned US firms of a large scale covert campaign against critical infrastructure organizations launched by the Islamic state.
Threat intelligence firm Cylance had earlier the same month branded Iran “the new China” in a report detailing a major information-stealing APT campaign seemingly launched with Tehran’s blessing.
F-Secure security advisor Sean Sullivan welcomed Clapper’s admission that a single catastrophic 'Cyber Pearl Harbor' incident is unlikely, claiming that “clearly it’s a situation of death by a thousand cuts.”
And not just via nation state sponsored attacks: “Criminal organizations are acting with an ever increasing amount of impunity if their targets are located within the territory of a nation state rival. Online crime requires international law enforcement cooperation – and that is one of the casualties in our current state of affairs,” he told Infosecurity by email.
“Yes, we can definitely expect more destructive attacks. Organizations need to think differently. All threats are becoming more persistent. Mission critical information must be better compartmentalized in order to protect it.”