, 16 tweets, 6 min read
My Authors
Read all threads
The Iranian amateurs are scoring some quick hits, while their professionals are planning. I would expect to see some major impacts from both types of adversaries.
Iranian amateurs are going to have a field day with low hanging fruit. I doubt many of them are thinking about prosecution or retaliation right now, so expect to see a lot of attacks from 5kr1p7 k1dd13z, criminals, and probably some of their legitimate professionals.
Despite, or perhaps because of sanctions against them, Iran has one of the strongest STEM education programs in the world and is heavily investing in new technology. And right now these highly capable tech people are pissed off at the US. atlanticcouncil.org/blogs/iransour…
As @hackerfantastic mentions, amateurs are working together openly, likely sharing effective practices, tools, and targets. Anonymous used this approach to impressive impact a decade ago. It’s going to lead to some big scores in a week or two.
Lower skill hackers can queue up targets for higher skill ones, in an assembly line. This develops talent in those groups. It also frees up the higher capability hackers and programmers to create tools more effective at evading defenses.
Former FBI agent @NotTruppi says he watched Iranian Hackers use a similar approach after Stuxnet and went from 5kr1p7 k1dd13z to highly capable in 12-18 months. He talks about this at around 12 minutes in his @BSidesSF talk.
This was around the time Iran was targeting US critical infrastructure, including (at the time) the most impactful DDoS attacks against banks and probing our dams for weaknesses (though the dam they are credited with hacking proved inconsequential). reuters.com/article/us-usa…
Since then, Iran has proven that they are increasingly capable and willing to do harm through hacking. For instance, the #Triton attack threatened to cause damage to public safety, and national and economic security, according to @RobertMLee. wired.com/story/triton-m…
This follows a general trend, where high capability adversaries are increasingly willing to do harm, high intent adversaries have increasing capabilities, and it’s harder and harder to distinguish the two (this is not the same as attribution).
I anticipate we will see a lot of line blurring/crossing here, with amateurs and state-funded attackers (covertly or overtly) collaborating in the same channels and trading information. Look for a big uptick in the coming months.
I expect to see a mix of political, critical infrastructure, and US brand name targets. Get ready for more doxxing and disinformation, and don’t be surprised if we see destructive attacks disguised as something else, like #NotPetya and #WannaCry.
One of the biggest lessons I’ve learned in the past 15-20 years is that very, very few organizations have invested in defense against a motivated adversary, let alone one that is highly capable.
Some of our most critical assets are most exposed and vulnerable. For instance, healthcare, energy, aviation, and rail rely on wildly out of date technology with trivial security. And we have been busy over the past decade or two connecting it all to the internet.
Several US federal and state websites have been defaced in the last few days, purportedly by Iranian hackers. This is only a slight uptick in such attacks.
Website defacement are common, and often easy to achieve. It’s unlikely that any web defacements are linked to state sponsored actors. There’s an archive of defaced US gov sites (and others) here. zone-h.org/archive
Also note that several of the claimed defacements don’t seem to have been defaced at all. Either the mirror didn’t snapshot it quickly enough or these are fake reports.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Beau Woods

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!