Sophos Cloud Optix
A group claiming to be from Iran has claimed responsibility for a hack of the International Atomic Energy Agency (IAEA) in an effort to expose what the group says is an Israeli nuclear weapons program.
The group, calling itself “Parastoo” posted the information, which includes email addresses and details on the compromised IAEA server, on the Pastebin website on Sunday.
The hackers claimed the security breach was in response to what the group said was Israeli aggression, including the Stuxnet worm and the assassination of a senior Iranian nuclear scientist.
Gill Tudor, a spokeswoman for the IAEA acknowledged the compromise in an interview with Reuters and said that the attackers breached an “old server that was shut down some time ago.”
The Agency said it “deeply regrets” the publication of the information and will take steps to address the “possible vulnerability in the server,” Tudor told Reuters.
The list of emails includes personal addresses for nuclear scientists working around the globe. Some of the addresses correspond to scientists who work for the Agency, and some do not. There are, also, some departmental email addresses unaffiliated with individual scientists.
“Parastoo,” which takes its name from the Farsi word for the bird known in English as the swallow, called on the scientists whose information was leaked to sign a petition demanding that the IAEA investigate the Israeli nuclear complex in Dimona, Israel (Israel is not bound by the Nuclear Nonproliferation Treaty).
The exact identity of the hackers responsible for compromising the IAEA server and leaking the data is unknown, and there is no proof that the group has any connection to the Iranian regime or the country itself.
Iran’s profile among the ranks of cyber threats has risen in recent months, after the government there took steps to strengthen the country’s cyber defenses, and announced that it was forming an offensive cyber group capable of supporting the Iranian military.
This, after the country’s uranium enrichment facility at Natanz was hit by Stuxnet and Iran’s oil ministry was compromised by the Flame virus in April.
The country has shown that it can punch back.
In particular: Iran is the leading suspect in a string of sophisticated attacks against Western certificate authorities that resulted in bogus digital signing certificates being issued for Google, Yahoo and other prominent online services.
Those certificates could be used to spy on Iranian dissidents within the country, or target individuals and organizations abroad with malware.
In March, the BBC reported that its Persian service had suffered a sophisticated cyber attack with ties back to the Iranian government.
More recently, US Senator Joe Lieberman (I-CT) blamed the group for a string of denial-of-service attacks against prominent western banks in September, though he offered no proof to back up that allegation.
Iranian flag and binary images, courtesy of Shutterstock.
Israel has had nukes for decades. It's the worst kept secret in the world. Why bother "exposing" it?
what I want to know is… how was an "old server that was shut down some time ago." was breached, or for how long they were sitting on this data before releasing it
I guess this proves that just because a server has been shut down doesn't mean that it can't be accessed.
What did you expect? Once they let that genie out of the bottle, everybody's going to be hacking everybody. lol This is just going to get worse.