Head of Iran Cyber Police (FATA) General Seyed Kamal Hadianfar asked for collective efforts by all world states to prevent the spread of cyber crimes throughout the globe.
General Hadianfar said in meeting with the representative of the UN Office on Drugs and Crime (UNODC) to Tehran Leik Boonwaat on Wednesday: “effective international cooperation is an important and determining factor in prosecuting and confronting cyber crimes.”
Boonwaat for his part, vowed that the UNODC will seriously pursue campaign against cyber crimes in Iran.
Iran hosted a conference and a regional workshop on international cooperation and campaign against cyber crimes on August 13-14.
Eight regional countries, representatives of Interpol, UNODC and Iran Cyber Police chief took part in the conference
The conference and the workshop were held to strengthen international cooperation on prosecuting cyber crimes and reinforce cyber space police forces of the neighboring countries.
In October 2013 Iran’s Deputy Police Chief Brigadier General Ahmad Reza Radan said that the country’s Cyber Police unit has greatly improved its infrastructures and is able to discover and detect over 60% of cyber related crimes.
Radan said: “Right now, the Iranian Law Enforcement Police have made eye-catching progress in the field of cyber infrastructures”.
On January 23, 2011 Iran Cyber Police started its work to prevent espionage and sabotage activities through the internet.
Iran became a major cyber terror threat to the US in the last 12 months and targeted several US government agencies but with regard to the Iranian lack of skills in this area it means that for now it has not been possible that Iran causes significant damage. Iran is more than five years behind countries like China, the US and Russia in terms of cyber capabilities but with the right resources that gap could be removed quickly especially considering Iran is the historical enemy of the US.
Security company Mandiant in its latest report describes Iran’s development from cyber-obscurity to becoming a credible but unsophisticated threat. Mandiant is the same company which last year revealed the extent that Chinese government funded cyber espionage was carried out. In the company’s report M Trends 2014 it is written that “threat actors” based in Iran “pose an ever-increasing threat due to Iran’s historical hostility towards US business and government interests.”
The report reveals that it observed “threat actors” based in Iran who target the networks of several US government agencies. In the report it is written that “Employees at a US state government office discovered evidence that someone had accessed multiple systems within their network without authorization. An internal IT department investigation found indications of data theft and unauthorized use of privileged credentials.”
The security company said that the data that these actors steal “lacked a discernible focus or demonstrated intent”. This suggests that the purpose of the attack is more likely “reconnaissance of the potential target’s networks.” Attacks that originate in Iran, are on a very low level of technical skill and those carrying out the attacking use off-the-shelf tools which are relatively easy to defend. Mandiant says that the victim detects 75% of all attacks from Iran.
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library and this weakness allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (im) and some virtual private networks (VPNs).
The Heartbleed bug allows everyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and impersonate services and users.
Although OpenSSL is very popular there are other SSL/TLS options. In addition some web sites use an earlier unaffected version and some didn’t enable the heartbeat feature that was central to the vulnerability.
While the implementation of perfect forward secrecy or PFS, a practice that makes sure encryption keys have a very short shelf life, and are not used forever reduces the impact of the potential damage, but it doesn’t solve the problem. That means if an attacker got an encryption key from a server’s memory, the attacker will not be able to decode all secure traffic from that server because keys use is very limited. While some tech giants like Google and Facebook have started to support PFS, not every company supports it.
How to avoid being affected:
Do not log into accounts from afflicted sites until you are sure that the company has patched the problem
When you received confirmation of a security patch, change passwords of sensitive accounts
Monitor your account statements for the next few days in case of any of your accounts was affected