Skip to main content

Hackers target private emails

December 15, 2018 | Expert Insights

Iran-linked hackers known as Charming Kitty targeted private emails of individuals who are involved in economic and military sanctions against the Islamic Republic of Iran as well as politicians, civil and human rights activists and journalists around the world.

Background

Cyberspying, or cyber espionage, is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information from individuals, competitors, rivals, groups and governments for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware.

 The Iranian government has been accused by western analysts of its own cyber-attacks against the United States, Israel and Persian Gulf Arab countries, but deny this, including specific allegations of 2012 involvement in hacking into American banks. The conflict between Iran and the United States is called "history's first known cyber-war" by Michael Joseph Gross.

Cyberwarfare in Iran is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyber warfare, Iran is considered an emerging military power in the field.

Analysis

An Iran – linked hacking group is known as Charming Kitten targeted the private emails of more than a dozen US Treasury officials, key players in enforcing the nuclear deal between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and DC think tank employees. The hacking efforts took place after US President Donald Trump re-imposed harsh economic sanctions on Iran.

The hit list surfaced after Charming Kitten mistakenly left one of its servers open to the internet. Researchers at cybersecurity company, Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers. Although those addresses likely represent only a fraction of the hackers' overall effort, it is not clear how many of the accounts were successfully compromised.

“Presumably, some of this is about figuring out what is going on with sanctions,” said Frederick Kagan, a scholar at the American Enterprise Institute who has written about Iranian cyberespionage and was among those targeted. Kagan said he was alarmed by the targeting of foreign nuclear experts. “This is a little more worrisome than I would have expected,” he said.

Cerfta tied the hackers to the Iranian government, a judgment drawn in part on operational blunders, including a couple of cases where the hackers appeared to have accidentally revealed that they were operating from computers inside Iran. That assessment was backed by others who have tracked Charming Kitten. Allison Wikoff, a researcher with Atlanta-based SecureWorks, recognised some of the digital infrastructures in Certfa's report and said the hackers' past operations left little doubt they were government-backed. "It's fairly clear-cut," she said. “The targets are very specific,” Certfa researcher Nariman Gharib said.

Iran has previously denied responsibility for hacking operations, but an analysis of its targets suggests that Charming Kitten is working in close alignment with the Islamic Republic’s interests. The most striking among them were the nuclear officials — a scientist working on a civilian nuclear project for Pakistan’s Ministry of Defence, a senior operator at the Research and Training Reactor in the Jordanian city of Ramtha, and a high-ranking researcher at the Atomic Energy Commission of Syria. The trio suggested a general interest in nuclear technology and administration. Others on the hit list are Guy Roberts, the U.S. Assistant Secretary of Defence for Nuclear, Chemical, & Biological Defence Programs, Andrew J. Grotto, whose tenure on the U.S. National Security Council straddled the Obama and Trump administrations and who has written about Iran’s nuclear ambitions, Jarrett Blanc, the State Department coordinator responsible for the implementation of the nuclear deal under Obama.

There were Iranian targets too, including media workers, an agronomist and a senior employee of the country’s Department of Environment. Georgetown University professor and South Asia security expert Christine Fair said she had only recently returned from a conference in Afghanistan attended by Iranian officials and a visit to the Iranian border when she learned she was in the hackers’ sights.

More targets are connected to the Iran deal — a 2015 pact negotiated by former U.S. President Barack Obama’s administration and other world powers that called for Tehran to curb its uranium enrichment in exchange for the lifting of international sanctions. Trump tore up the deal in May over the objections of most of America’s allies and has re-imposed a series of punishing restrictions on Iran since.

Iran has cultivated long-term cyber-related strategic objectives in recent years, and that it is becoming one of the most active players in the international cyber warfare arena.

Assessment

Our assessment is that hackers who are supported by the government pick targets according to the policies and international interests for the government. We feel that this type of cyber espionage, one dominated by advancement in technology, will continue aggressively just like the spies did during cold war battle between nations.