The North Korea-led hack of Sony Pictures could become a template for a new round of cyber-attacks stoked by escalating international conflicts involving the U.S., including ongoing negotiations aimed to prevent Iran from developing a nuclear weapon, the leader of a security research firm said Monday.
“Folks in Iran, you can bet, are studying that attack very closely,” said Dmitri Alperovitch, co-founder and chief technology officer for CrowdStrike, which gathers intelligence on foreign state-sponsored hacking groups. He spoke not long after President Obama issued another warning against imposing more economic sanctions against Iran, which could scuttle a possible deal.
The warning came as CrowdStrike prepared to release a report Tuesday that examines a myriad of cyber-threats from around the world: from state-sponsored espionage groups to financial criminals to hacktivists.
The firm, part of a widening movement to use counter-intelligence against hackers, specializes in naming foreign government-backed attackers, and has worked with federal authorities to prosecute them. One of CrowdStrike’s targets has been a Chinese group it calls Deep Panda, which authorities believe was behind the massive theft of medical data from 80 million customers of Anthem Inc.
Alperovitch said his company tracked several Iran-based hacking groups, including those that have targeted U.S. defense and financial companies in the past, and noticed signs that some may be preparing for an attack. “One of the things we’re concerned about is as negotiations start winding down and there’s no agreement, we may very well see Iran orchestrate attacks to put pressure on the U.S. government or its European partners,” Alperovitch said. “They may well look at the Sony hack as a blueprint.”
Along with the negotiations with Iran, other international conflicts that could stoke an uptick in cyberattacks include the escalating conflict in Ukraine and the battle against the terror group ISIS, the CrowdStrike report says.
With the U.S. considers arming Ukraine against pro-Russia rebels, Russian-aligned hackers, who are among the most sophisticated in the world, may be motivated to step up espionage activities against the U.S. and the West, the report said.
Russian government operatives are capable of breaking into “just about any network they feel like,” Alperovitch said. But they generally know better than to launch a “disruptive” attack like the one against Sony, which could lead to a military response.
Then there is the fight between the Syrian government and ISIS. That conflict has already spawned attacks from the pro-government Syrian Electronic Army. But since then, ISIS has been building its own hacking capabilities, the CrowdStrike report says.
And the U.S. saw an hint of that in January, when a group calling itself the CyberCaliphate hacked the Twitter and YouTube accounts of the U.S. military’s Central Command.
“So far, everything we’ve seen from them is a nuisance. We’re not seeing them have at this point any significant capability to do more advanced or destructive attacks—yet,” Alperovitch said.
The Sony hack, which authorities say was coordinated by North Korea in response to a movie about the fictional assassination of its dictator, could be seen as a model for other state-sponsored hackers—not so much for its technical sophistication, but for the response it triggered, Alperovitch said. The attack received massive media coverage, and Sony briefly caved to demands to pull the movie.
But the hack also led to an unusual response from the U.S. as Obama publicly named North Korea as the culprit, and imposed tougher economic sanctions on the isolated country.
Alperovitch, who advocates for a stronger government response to state-sponsored hacking, said that may mean the U.S. is ready to start going after the bigger players in Russia, China and Iran. “That sets a very interesting precedent,” he said.