{"id":75382,"date":"2019-02-01T19:31:40","date_gmt":"2019-02-02T01:31:40","guid":{"rendered":"https:\/\/news.medill.northwestern.edu\/chicago\/?p=75382"},"modified":"2019-02-05T16:52:46","modified_gmt":"2019-02-05T22:52:46","slug":"federal-agencies-iran-cyberattck","status":"publish","type":"post","link":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/","title":{"rendered":"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks"},"content":{"rendered":"<p><strong>By Tyler Sonnemaker<\/strong><br \/>\n<em>Medill Reports<\/em><\/p>\n<p class=\"dropcap\">The Department of Homeland Security last week instructed all federal civilian agencies to take immediate actions to address \u201csignificant and imminent risks to agency information and information systems\u201d resulting from an ongoing wave of cyberattacks.<\/p>\n<p>In an <a href=\"https:\/\/cyber.dhs.gov\/ed\/19-01\/\">emergency directive<\/a> issued Jan. 22, DHS\u2019 Cybersecurity and Infrastructure Security Agency said it is aware of \u201cmultiple executive branch agency domains\u201d impacted by the campaign and has notified the agencies that maintain them.<\/p>\n<p>FireEye, a cybersecurity firm based in California, indicated it had identified attacks that affected at least 50 government, telecommunications and internet infrastructure entities globally on an \u201calmost unprecedented scale,\u201d according to a company <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/01\/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html\">blog post<\/a> published Jan. 9.<\/p>\n<p><!--more--><\/p>\n<p>FireEye&#8217;s initial analysis of the attackers\u2019 techniques and targets suggests a likely connection to Iran, according to the blog post.<\/p>\n<p>A CISA spokesperson said that the agency has not yet made its own determination with regards to the source of the attacks.<\/p>\n<p>FireEye senior manager Ben Read said that the firm had been monitoring the activity and \u201cwanted more details before going public, but the impact was so widespread that we felt the need to do so.&#8221;<\/p>\n<p>FireEye&#8217;s research reported in the blog and the CISA directive said that the attackers exploited a fundamental but insecure part of the internet called the Domain Name System, which functions much like a phone book. When a user types in a website address (e.g. https:\/\/www.dhs.gov), their browser contacts a DNS server, which looks up that address in the site\u2019s DNS records and translates it into a numerical IP address that the browser then navigates to.<\/p>\n<p>The hackers \u2014 using stolen login credentials \u2014 were able to access and change the DNS records for target sites, allowing them to intercept data as it traveled between users and agency sites and route it through IP addresses they controlled, where they could manipulate or monitor the data before passing it along to the intended destination.<\/p>\n<p>With access to the DNS records, the attackers also obtained legitimate encryption certificates for the sites, enabling them to decrypt the stolen data and making it difficult for users to detect any malicious activity.<\/p>\n<p>To minimize further exposure, the CISA directive requires agencies to audit their DNS records, change passwords and add multi-factor authentication for accounts with access to DNS records, and begin monitoring new CISA-issued encryption certificates.<\/p>\n<p>The directive states that agencies have until Feb. 5 to complete these actions, which could prove challenging as employees return to a backlog of work following the partial government shutdown.<\/p>\n<p>According to Lee Neubecker, president and CEO of Chicago-based cybersecurity firm Great Lakes Forensics, this type of tampering would have been substantially more difficult had the sites configured a security measure called DNS security, or DNSSEC.<\/p>\n<p>\u201cThere needs to be more accountability for agencies that don\u2019t have DNS[SEC] enabled,\u201d Neubecker said, noting that he has attempted in the past to notify agencies about improperly secured domains, but hasn\u2019t always received responses.<\/p>\n<p>CISA has not disclosed which agencies have been impacted or what information might be compromised, but stated in the directive that it is continuing to monitor the situation &#8220;in coordination with government and industry partners.&#8221;<\/p>\n<div class=\"featurecaption\">Photo at top: Multiple federal agencies were impacted by a wave of<br \/>\ncyberattacks that hijacked traffic by manipulating\u00a0 IP addresses. Image courtesy of SparkFun Electronics\/FLICKR under CC-BY 2.0)<\/div>\n","protected":false},"excerpt":{"rendered":"<p>By Tyler Sonnemaker Medill Reports The Department of Homeland Security last week instructed all federal civilian agencies to take immediate actions to address \u201csignificant and imminent risks to agency information and information systems\u201d resulting from an ongoing wave of cyberattacks. In an emergency directive issued Jan. 22, DHS\u2019 Cybersecurity and Infrastructure Security Agency said it [&hellip;]<\/p>\n","protected":false},"author":547,"featured_media":75853,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[452,27,28,29,2951,4630,4559],"tags":[4609,4603,4589,4604,4608,4605,171],"class_list":["post-75382","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beyond-chicago","category-business","category-general-interest","category-health-and-science","category-politicsnational-security","category-technology","category-winter-2019","tag-cisa","tag-cyberattack","tag-cybersecurity","tag-dhs","tag-dns","tag-omb","tag-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Multiple federal agencies hit by wave of possible Iran-linked cyberattacks - Medill Reports Chicago<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks - Medill Reports Chicago\" \/>\n<meta property=\"og:description\" content=\"By Tyler Sonnemaker Medill Reports The Department of Homeland Security last week instructed all federal civilian agencies to take immediate actions to address \u201csignificant and imminent risks to agency information and information systems\u201d resulting from an ongoing wave of cyberattacks. In an emergency directive issued Jan. 22, DHS\u2019 Cybersecurity and Infrastructure Security Agency said it [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/\" \/>\n<meta property=\"og:site_name\" content=\"Medill Reports Chicago\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-02T01:31:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-02-05T22:52:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1100\" \/>\n\t<meta property=\"og:image:height\" content=\"729\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"tylersonnemaker2019\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"tylersonnemaker2019\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/\",\"url\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/\",\"name\":\"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks - Medill Reports Chicago\",\"isPartOf\":{\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg\",\"datePublished\":\"2019-02-02T01:31:40+00:00\",\"dateModified\":\"2019-02-05T22:52:46+00:00\",\"author\":{\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/#\/schema\/person\/a997eaedb8918b85419a9688c6dd3e27\"},\"breadcrumb\":{\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#primaryimage\",\"url\":\"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg\",\"contentUrl\":\"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg\",\"width\":1100,\"height\":729},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/news.medill.northwestern.edu\/chicago\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/#website\",\"url\":\"https:\/\/news.medill.northwestern.edu\/chicago\/\",\"name\":\"Medill Reports Chicago\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/news.medill.northwestern.edu\/chicago\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/#\/schema\/person\/a997eaedb8918b85419a9688c6dd3e27\",\"name\":\"tylersonnemaker2019\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/news.medill.northwestern.edu\/chicago\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5c5cc7818730c636c13f9799e5c6dd5ac2829daf2b40f80964e900727604a38c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5c5cc7818730c636c13f9799e5c6dd5ac2829daf2b40f80964e900727604a38c?s=96&d=mm&r=g\",\"caption\":\"tylersonnemaker2019\"},\"url\":\"https:\/\/news.medill.northwestern.edu\/chicago\/author\/tylersonnemaker2019\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks - Medill Reports Chicago","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/","og_locale":"en_US","og_type":"article","og_title":"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks - Medill Reports Chicago","og_description":"By Tyler Sonnemaker Medill Reports The Department of Homeland Security last week instructed all federal civilian agencies to take immediate actions to address \u201csignificant and imminent risks to agency information and information systems\u201d resulting from an ongoing wave of cyberattacks. In an emergency directive issued Jan. 22, DHS\u2019 Cybersecurity and Infrastructure Security Agency said it [&hellip;]","og_url":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/","og_site_name":"Medill Reports Chicago","article_published_time":"2019-02-02T01:31:40+00:00","article_modified_time":"2019-02-05T22:52:46+00:00","og_image":[{"width":1100,"height":729,"url":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg","type":"image\/jpeg"}],"author":"tylersonnemaker2019","twitter_card":"summary_large_image","twitter_misc":{"Written by":"tylersonnemaker2019","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/","url":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/","name":"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks - Medill Reports Chicago","isPartOf":{"@id":"https:\/\/news.medill.northwestern.edu\/chicago\/#website"},"primaryImageOfPage":{"@id":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#primaryimage"},"image":{"@id":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#primaryimage"},"thumbnailUrl":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg","datePublished":"2019-02-02T01:31:40+00:00","dateModified":"2019-02-05T22:52:46+00:00","author":{"@id":"https:\/\/news.medill.northwestern.edu\/chicago\/#\/schema\/person\/a997eaedb8918b85419a9688c6dd3e27"},"breadcrumb":{"@id":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#primaryimage","url":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg","contentUrl":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-content\/uploads\/sites\/3\/2019\/02\/DHS-server-original.jpg","width":1100,"height":729},{"@type":"BreadcrumbList","@id":"https:\/\/news.medill.northwestern.edu\/chicago\/federal-agencies-iran-cyberattck\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/news.medill.northwestern.edu\/chicago\/"},{"@type":"ListItem","position":2,"name":"Multiple federal agencies hit by wave of possible Iran-linked cyberattacks"}]},{"@type":"WebSite","@id":"https:\/\/news.medill.northwestern.edu\/chicago\/#website","url":"https:\/\/news.medill.northwestern.edu\/chicago\/","name":"Medill Reports Chicago","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/news.medill.northwestern.edu\/chicago\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/news.medill.northwestern.edu\/chicago\/#\/schema\/person\/a997eaedb8918b85419a9688c6dd3e27","name":"tylersonnemaker2019","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/news.medill.northwestern.edu\/chicago\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5c5cc7818730c636c13f9799e5c6dd5ac2829daf2b40f80964e900727604a38c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c5cc7818730c636c13f9799e5c6dd5ac2829daf2b40f80964e900727604a38c?s=96&d=mm&r=g","caption":"tylersonnemaker2019"},"url":"https:\/\/news.medill.northwestern.edu\/chicago\/author\/tylersonnemaker2019\/"}]}},"_links":{"self":[{"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/posts\/75382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/users\/547"}],"replies":[{"embeddable":true,"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/comments?post=75382"}],"version-history":[{"count":0,"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/posts\/75382\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/media\/75853"}],"wp:attachment":[{"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/media?parent=75382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/categories?post=75382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.medill.northwestern.edu\/chicago\/wp-json\/wp\/v2\/tags?post=75382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}