Iran and North Korea cooperating on cyber-defense, ‘domestic Internets’?

UPDATE (28 Mar): Article today from the Times on how hackers from both North Korea and Iran have launched cyber attacks over the past week. No information on a connection between the two, other than their “erratic decision making,” but their skills appear to be growing, with Iran taking down American Express for two hours today.



UPDATE (24 Mar): Good article in PC World today about the threats posed by Iranian and North Korean hackers. The article covers some of what’s been discussed here, but also highlights testimony in the House last week about the unpredictability of Iran and North Korea making them harder to deter than China and Russia. The article points out that while the Iranians and North Koreans lack the cyber skills of the Chinese and Russians, their greater sense of “intent” may make them the more dangerous threats.



UPDATE (18 Jan): U.S. banks have officially sought help from the National Security Agency in dealing with the months-long cyberattacks, according to the Washington Post.



UPDATE (8 Jan): The Times has a story today with U.S. officials blaming Iran for attacks the past few months on “Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC.” The attacks are on a scale available to nation-states, not kids in a basement, “transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.” According to the story, the attacks are expected to continue.



UPDATE (3 Dec): Reuters carried a story from Kyodo yesterday about Iran stationing defense staff at a North Korean military facility, “apparently to strengthen cooperation in missile and nuclear development.” The “staff” reportedly consists of four people from Iran’s Ministry of Defense and “firms close to it.” The group may be in country for longterm collaboration, or to observe North Korea’s upcoming rocket launch.



UPDATE (24 Oct): The Times has an article today on an Iranian cyberattack on Saudi Arabia’s Aramco oil firm in August that is now believed to be, “among the most destructive acts of computer sabotage on a company to date.” The attack is thought to be retaliation for previous cyberattacks on Iranian oil facilities – and may have even used some of the same code. This is shaping up to be an interesting battle, clearly visible even in the open source world.



UPDATE (18 Oct): The cyberattacks on U.S. banks are continuing into their fifth week, with the Wall Street Journal now publicly blaming Iran as the source of the attacks.



UPDATE (1 Oct): The Times has a story this morning about the effects the bank attacks are having on U.S. customers, plus additional speculation on who is behind them, with Iran and the general ‘Middle East’ as the most mentioned sources.



UPDATE (28 Sep): Bloomberg (among others), is reporting an escalating, ongoing cyberattack on U.S. banks that some, including Senator Lieberman (head of the Senate Homeland Security and Governmental Affairs Committee), are blaming on Iran. It may or may not be Iran, part of the ‘beauty’ of cyberattacks is being able to disguise their origin, but the attack points to the growing sophistication of state-level actors (the North Koreans took down a major South Korean bank last year) and the dangers posed to the U.S. private sector by cooperation of the type highlighted below.



A couple of interesting stories on Iran and North Korea so far this week: the Washington Post reports Iran is preparing an internal version of the Internet designed to limit Iranian’s access to the outside Net, plus block foreign cyberattacks. The article stresses the difficulties the mullahs will have establishing the system, while acknowledging the security advantages afforded by such a project.



Nowhere however, does the article mention a connection with North Korea, which has long had a ‘domestic Internet’ of the type described in the article. NK’s internal network offers the exact advantages – security and training for cyber-operatives, mentioned in the Post article.



The second article, from The Christian Science Monitor, on a new Iran-NK pact designed to enhance research cooperation in the fields of “information technology, engineering, [etc.],” makes a connection between the two countries on ‘domestic Internet’ development seem both possible and natural. The focus of the article, and other media attention to the pact, is on shared nuclear weapon and missile development efforts. However, the juxtaposition of the two events highlighted in the stories, the shared interest in walled-off internal networks, and the recent pact formalizing ongoing joint research and development efforts begs the question of whether the North Koreans are also aiding the Iranians in establishing a more cyberattack resistant internal network – thereby removing a tool outsiders use to influence and track Iranian nuclear weapons development.



While this development would be good for the Iranians, it would not be a positive for security and stability in the region. If Israel and the U.S. lose their cyber option for derailing and delaying Iran’s nuclear efforts, kinetic options become more likely – to no one’s benefit. Stay tuned.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.