American officials have complained for years that U.S. networks were crawling with Russian and Chinese hackers. On Tuesday, the nations top intelligence official told Congress that theres a new danger to Americas information security: Iran. Too bad he didnt provide much evidence to back up the claim.
Russia and China are aggressive and successful purveyors of economic espionage against the United States, Director of National Intelligence James Clapper noted in his prepared testimony (.pdf) to the Senate Select Committee on Intelligence. Irans intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity. We assess that FIS [Foreign Intelligence Services] from these three countries will remain the top threats to the United States in the coming years.
Tensions between Iran and the United States have been on the rise, as the Tehran regime builds up its nuclear program and threatens to close one of the worlds most important waterways. In recent days, as many as three U.S. aircraft carrier groups have been in the vicinity of Irans shores. Tehran apparentlycaptured a stealthy American spy drone largely intact and put the remains on display for the world to see. The possibility of an Israeli preemptive strike on Iran is being openly floated in the international press. Iranian nuclear scientists are being regularly killed by magnetic mines a likely component of a campaign of physical and online sabotage that shows no sign of let-up.
The idea that Tehrans spies are actively hacking the U.S. thats a new dimension to the stand-off, however. Yes, Irans military claimed that it spoofed the American drones GPS guidance system in order to bring it down. And yes, an Iranian student was blamed for stealing the digital certificates that authenticate communications with major sites like Google. But there have been no discussions, at least in public, of Tehran infiltrating American networks.
Clapper (pictured above, right) didnt elaborate on his assessment during a Congressional hearing today, nor did he provide any evidence of Iranian state-sponsored hacking. His prepared testimony did note, however that the compromise of U.S. and Dutch digital certificate issuers in 2011 represents a threat to one of the most fundamental technologies used to secure online communications and sensitive transactions.
Instead, Clapper said that American networks were under an enormous range of assaults from industrial thieves to foreign spies to pranksters just in it for the lulz. In the last year, we observed increased breadth and sophistication of computer network operations by both state and nonstate actors, he noted.
Foreign intelligence services have launched numerous computer network operations targeting U.S. Government agencies, businesses, and universities. We assess that many intrusions into U.S. networks are not being detected, Clapper added.
Meanwhile, hacker groups, such as Anonymous and Lulz Security (LulzSec), have conducted distributed denial of service attacks and website defacements against government and corporate interests they oppose, he continued. Entities within China and Russia are engaging in the wholesale plundering of our intellectual property, Clapper told the committee. And these intruders have pretty much carte blanche to penetrate American businesses networks across the board.
As the hearing wore on, senators grew increasing frustrated with what they saw as a major disconnect. Clapper and his fellow panelists including FBI director Robert Mueller, CIA director David Petraeus, and DHS Under Secretary for Intelligence Caryn Wagner claimed that cybersecurity was a concern topped only by terrorism and weapons of mass destruction. Yet the nations electronic defenses remain a patchwork affair, at best.
Im using this forum to scream out, whos going to start paying attention to this? Sen. Jay Rockefeller said. We have made no progress. No progress. And that is embarrassing especially in light of what you and your predecessors have said about the nature of the threat.