WASHINGTON: A former U.S. government official said Thursday that American authorities firmly believe that Iranian hackers, likely supported by Tehran, were responsible for recent cyberattacks against oil and gas companies in the Persian Gulf.
The ex-official added that the attacks appeared to be in retaliation for the latest round of U.S. sanctions against the country.
The former official spoke to the Associated Press shortly before Defense Secretary Leon Panetta, in a speech to business leaders in New York City Thursday night, became the first U.S. official to publicly acknowledge the computer-based assaults.
He called them probably the most destructive cyberattacks the private sector had seen to date.
And while Panetta did not directly link Iran to the Gulf attacks, he made it clear that the U.S. had developed advanced techniques to identify cyberattackers and was prepared to take action against them.
Another U.S. official said the administration knew who launched the cyberattacks against the Gulf companies and that it was a government entity.
U.S. agencies have been assisting in the Gulf investigation and concluded that the level of resources needed to conduct the attack showed there was some degree of involvement by a nation state, said the former official.
The officials spoke on condition of anonymity because the investigation was classified as secret.
“Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for their actions that may try to harm America,” Panetta said in a speech to the Business Executives for National Security. He later noted that Iran had “undertaken a concerted effort to use cyberspace to its advantage.”
While Panetta chose his words carefully, one cybersecurity expert said the Pentagon chief’s message to Iran in the speech was evident.
“It’s not something where people are throwing down the gauntlet, but I think Panetta comes pretty close to sending a clear warning [to Iran]: We know who it was, maybe you want to think twice before you do it again,” said cybersecurity expert James Lewis, who is with the Center for Strategic and International Studies. “I think the Iranians will put two and two together and realize he’s sending them a message.”
He said Panetta’s remarks were an important step by the U.S. because the Iranian cyberthreat “is a new dimension in 30 years of intermittent conflict with Iran for which we are ill-prepared. It’s really important to put them on notice.”
The cyberattacks hit Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas using a virus, known as Shamoon, which can spread through networked computers and ultimately wipe out files by overwriting them.
Senior defense officials said that the Pentagon is particularly concerned about the growing Iranian cyber capabilities, as well as the often discussed threats from China and Russia.
In his speech, Panetta said the Shamoon virus replaced crucial system files at Aramco with the image of a burning U.S. flag, and also overwrote all data on the machine, rendering more than 30,000 computers useless and forcing them to be replaced. He said the Qatar attack was similar.
Panetta offered no new details on the Pentagon’s growing cyber capabilities or the military rules of engagement the department is developing to guide its use of computer-based attacks when the U.S. is threatened.
He said that the department was investing more than $3 billion a year in cybersecurity to beef up its ability to defend against and counter cyberthreats, including investment in U.S. Cyber Command.
Panetta used the Gulf attacks in his remarks as a warning to the business community that it must embrace stalled legislation that would encourage firms to meet certain cybersecurity standards. And he is endorsing a planned move by President Barack Obama to use his executive powers to put some of those programs, including voluntary standards, in place until Congress can act.
“These attacks mark a significant escalation of the cyber threat,” Panetta said. “And they have renewed concerns about still more destructive scenarios that could unfold.”
“We know of specific instances where intruders have successfully gained access to these control systems,” Panetta told the business group. “We also know that they are seeking to create advanced tools to attack these systems and cause panic and destruction, and even the loss of life.”
Panetta pressed businesses to support the stronger cybersecurity measures, warning that failure to do so could have catastrophic consequences.
“Before Sept. 11, 2001, the warning signs were there. We weren’t organized. We weren’t ready. And we suffered terribly for that lack of attention,” said Panetta. “We cannot let that happen again. This is a pre-9/11 moment.”