US issues emergency cyber security directive as Iran-linked hackers strike during shutdown
January 25, 2019
The US has issued an emergency cyber security directive in response to an ongoing attack attributed to Iran-linked hackers striking during the government shutdown.
Prompted by disagreements over President Donald Trump's $5.6bn (£4bn) budget request for a border wall with Mexico, the shutdown has now stretched into its 34th day and become the longest in US history.
As no budget has been passed, many federal employees have been furloughed from their jobs, left unpaid and effectively ordered to not come into work, including those who maintain the security of IT systems.
This in turn has left civilian agencies exposed to a global cyber attack hijacking the internet's Domain Name System (DNS), which cyber security firms believe originated from Iran.
DNS is a directory service system underpinning the internet, and DNS hijacking is when the attacker redirects something to route to the wrong place - often a place they can monitor and manipulate.
Federal agencies are being required to audit these public systems to identify whether any malicious actors have modified them to direct people to attacker-controlled addresses.
Chris Krebs, director of the US cyber and infrastructure security agency (CISA), has now issued "an emergency directive to US civilian agencies requiring immediate actions to protect federal information systems from ongoing DNS hijacking and tampering activities".
Mr Krebs said that the government was "aware of a number of agencies affected by the tampering activities" and said that CISA has notified them.
Federal agencies have until Friday to submit a status report to the Department for Homeland Security about their work to protect their systems from the flaw, and are required to submit a completion report by 5 February.
The relationship between Iran and the US has become more fraught since the election of Mr Trump, who has reimposed economic sanctions against the country.
Other western nations including the UK have attempted to navigate a more conciliatory course regarding sanctions, but have also clashed with the regime - particularly in regards to the status of jailed nationals.
Iran has developed a significant offensive cyber capability in recent years which it has regularly exercised against neighbouring states and the West.
One of the most significant cyber attacks ever recorded, the Shamoon attack against Saudia Arabia's state-owned oil company Saudi Aramco, is believed to have been sponsored by the Iranian state.
Elsewhere, attacks from the country have appeared less geopolitically motivated.
A hacking group linked to Iran was identified as targeting dozens of universities in 14 countries, including the UK, in an attempt to steal student credentials, presumably as a method of circumventing academic literature sanctions.