UK Media Report on 'Iranian Secret Cyber Files' Casts More Doubt Than Confidence, Experts Say
00:48 GMT 27.07.2021 (Updated: 00:53 GMT 27.07.2021)
On Monday, Sky News published a story suggesting that Iran has been conducting clandestine research on the possible impact of cyber attacks on civilian infrastructure, including petrol stations, cargo ships and programmable logic controllers, citing what the media outlet claimed were "classified" documents compiled by Iranian intelligence.
The authenticity of the alleged "Iranian secret cyber files" cited by Sky News, on how cyber attacks could be used against civilian infrastructure objects, is debatable, experts said, shortly after the UK media outlet published so-called 'classified documents' said to have been acquired from Iranian intelligence.
According to the Monday Sky News report
, Iran has been conducting "secret research" into how cyber attacks could affect cargo ships and petrol stations, along with other civilian infrastructure entities. The outlet, citing an unnamed source, attributes the alleged intelligence to the Islamic republic's clandestine Intelligence Team 13 - a cell described as "a sub-group within the IRGC Shahid Kaveh unit", which is reportedly under an individual named Hamid Reza Lashgarian.
The anonymous source who shared the documents with the outlet said he was "very confident" in their authenticity.
Dr. Seyed Mohammad Marandi, a professor of English Literature and Orientalism at the University of Tehran, does not, however, appear to share that confidence, saying that the publication of the so-called classified documents could be "an attempt to ratchet up tensions, especially since they gave it to Sky News."
Marandi noted that the documents do not appear to have a "date or file number", and neither there is an IRGC logo on the cover page, saying that it makes the report look "inauthentic".
Dr. Rasool Nafisi, an Iranian analyst and professor at Strayer University in the US state of Virginia, agreed with the suggestion, underlining a "lack of professional format" in the document.
"The document is not dated, not stamped with security device, it is not typed on especially made papers with transparent emblem. The content is also debatable. It seems more like a dry run for a likely scenario of action. It is not surprising at all if The Islamic Republic of Iran tries to investigate possible cyber interventions, replicating what others have been doing to it for over a decade", Nafisi pointed out.
The so-called classified documents appeared in the UK media ahead of the possible resumption of the Vienna negotiations for the restoration of the Joint Comprehensive Plan of Action (JCPOA), or the Iranian nuclear deal. The talks that initially started in April were postponed and could resume after the inauguration of the new Iranian president, Ebrahim Raisi, set to take place on 5 August. The UK is among the sides involved in the negotiations.
Not everyone is happy about the plausible revival of the nuclear deal with Iran, however. Israel continues to be a vocal opponent of the restoration of the JCPOA, claiming that the accord would pave the way for Iran to create a nuclear weapon
- something that the Islamic republic has consistently denied, insisting that its nuclear program remains exclusively peaceful.
When asked about reasons to attempt to dismantle relations between the UK and Iran by the publication of the unverified documents, Marandi suggested that it could be connected with activities of the "pro-Israeli lobby".
"The Pro-Israeli lobby is working hard to push the two sides towards confrontation. It makes sense for some entity connected to them to be involved in the manufacturing of such a document", he said, noting that "that's a possibility" that the intention of the "leak" is to disrupt plans to resume the JCPOA negotiations.
What's in the 'Iranian Secret Cyber Files'?
The documents cited by Sky News make five reports, each of them said to be marked as "very confidential".
Most of the reports are also said to feature a quote that "appears to be" Iran's Supreme Leader Ali Khamenei, reading: "The Islamic Republic of Iran must become among the world's most powerful in the area of cyber."
The first report, named "Ballast Water", allegedly has six pages dedicated to the research of the complex systems on large cargo ships that remotely control infrastructure including filtration and ballast water. Sky News estimated that the document contains open-source research, rather than "privileged information".
The report adds that "any kind of disruptive influence can cause disorder within these systems and can cause significant and irreparable damage to the vessel."
Another report, also six pages long, is said to address "a system called an automatic tank gauge that tracked the flow of fuel at a petrol station." Particularly, the research name-checked fuelling equipment produced by a US firm, Franklin Fueling Systems.
The report allegedly ponders the possible impact of "problems" with the systems, including cutting off the fuel supply, changing its temperature and even mulling the effects of an explosion.
"[An] explosion of these fueling pumps is possible if these systems are hacked and controlled remotely", the report allegedly said.
Services providing maritime communications are addressed in what was said to be a 14-page report which studies two types of satellite communications used at sea - Sealink CIR and Seagull 5000i, noting that the latter is offered by such companies as Wideye in Singapore and Thuraya in the United Arab Emirates.
While the majority of the report is said to "repeat facts" from open sources about the two systems, there was also a chart in the end, Sky News said, showing the results of something commonly known as "Google dork" - conducting internet searches with certain key phrases enclosed in quotation marks that improve the accuracy of a search.
According to the screenshots from the report, the findings referred to devices from the United Kingdom, France and the United States.
Sky News described two other reports, the only ones marked with dates, that are claimed to be dedicated to building management systems and electrical equipment.
The first, allegedly compiled on 19 November 2020, had nine pages about "computer-based systems that control lighting, ventilation, heating, security alarms and other functions in a smart building". Among other things, it listed companies that provided such services, including US firms KMC Controls and Honeywell, along with the French electrical equipment group Schneider Electric and the German company Siemens.
The second appears to be the longest of all five, consisting of 22 pages exploring electrical equipment made by the German company WAGO, and reportedly compiled on 19 April 2020.
This piece of purported research explored vulnerabilities in PLCs - "programmable logic controller" - with the findings saying, however, that it would not be possible to use them.
"Continuing the investigation, in order to use these processes, we noticed the vulnerabilities within these systems are irreparable, if there is an attack, damage will not easy to fix," the report said. "Therefore, compared to other PLC brands, this brand is impenetrable once connected online. When online, the infrastructure and intelligence on engineering cannot be reached and cannot be lost."
Although neither the Sky News 'source' nor British Defense Secretary Ben Wallace could confirm the authenticity of the "classified documents", the latter nevertheless declared that they could pose "a threat to our way of life", since they allegedly demonstrate that Western countries currently vulnerable to cyber attacks could see much worse than simple ransomware and DDoS exploits.
"They [Iran] are among the most advanced cyber actors," claimed General Sir Patrick Sanders, the top military officer overseeing the UK cyber operations," adding, "We take their capabilities seriously. We don’t overstate it".
Tehran has not yet officially commented on the allegations made by Sky News.
This is not for the first time that Iran, and the Islamic Revolutionary Guard Corps (IRGC) in particular, have been accused by a Western country of being involved in hacking activities.
Earlier in July, Facebook alleged that "Iranian hackers" presenting themselves as "recruiters, employees of defense contractors and young, attractive women" on the social media platform had tried to hack into the PCs of US military personnel.
Another set of accusations came from the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) in October 2020
, when the two entities accused Iran of obtaining "voter registration data in at least one state", referring to the 2020 US presidential election.
The unsubstantiated claims by the two US agencies followed accusations by Microsoft that "Iranian hackers" targeted candidates in the 2020 US presidential elections - claims that were denied by Iran, which asserted that "unlike the US, Iran does not interfere
in other country's elections".
While being constantly accused of conducting hacking operations, Iran is known to be a frequent target of hacker attacks. The latest came in early July and was conducted against the nation's rail service, leading to a brief shutdown of the website for the Ministry of Roads and Urban Development