NPR for North Texas
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Trump Authorized Cyberattacks On Iran After Drone Attack, Reports Say


The U.S. may have decided against military action against Iran - at least for now. But according to reports this weekend, President Trump did authorize cyberattacks in retaliation for a downed U.S. drone. Yahoo News was the first to report the cyberstrikes. The Pentagon, though, is not confirming it. But the U.S. Department of Homeland Security did release a statement saying that Iran has stepped up its cybertargeting of U.S. industry, including oil and gas companies. Christopher Krebs signed that statement. He is director of DHS' Cybersecurity and Infrastructure Security Agency and joins us now on the line from Tel Aviv. Thank you so much for taking the time.

CHRISTOPHER KREBS: Hey. Thanks for having me on. Good morning.

MARTIN: Good morning. So before we get to the cyberthreat coming out of Iran - and I do want to talk about that - can you explain the scope or objective of the reported U.S. cyberaction against Iran that have been widely reported?

KREBS: You know, I think that's probably a question better suited for the Department of Defense. My organization and the reason we sent that statement out was to let the American people know that, hey, times are interesting right now; we are seeing an increase of malicious cyberactivity out of Iran, and everybody needs to be on alert.

MARTIN: Iran says, though, that this was an attack - this was a cyberattack against its missile control systems. Granted, they say the U.S. operation failed. But implicit in that statement is that some kind of attack did happen.

KREBS: Well, I tell you what I see - and that's talking to a number of private sector cybersecurity companies in the U.S. I can tell you what we see from where we sit at the U.S. cyber agency and some of the targeting of U.S. agencies, U.S. critical infrastructure.

And there's no question - in the last couple months, the Iranians have been more active. Over the last several weeks, that activity increased even further. But really in the last week, we saw a significant increase in targeting by Iranian actors of U.S. agencies, U.S. industry. And it was imperative that we shared that information with the American people...

MARTIN: And I absolutely...

KREBS: ...Make sure that they're on the lookout.

MARTIN: I absolutely want to get to that. I just - for clarity's sake, are you saying that you cannot talk about the reported cyberattack or that it didn't happen?

KREBS: Again, that's a question better suited for the Department of Defense.

MARTIN: Got it. So let's talk about the threat as you see it coming out of Iran. What does the malicious activity look like? I mean, what are - we mentioned oil and gas companies. Are there...

KREBS: Right.

MARTIN: ...Actual cyberattacks that are being levied against oil and gas companies in the U.S., or is this just the imminent threat?

KREBS: So we're seeing a couple tactics - I mentioned that in my statement - things like spear-phishing and password spraying and credential stuffing, fully recognizing that these are, you know, kind of terms of art in the information security world. But it's basically - what they're trying to do is gain access to networks, get you to click on that link or get you to click on the attachment in an email. And that gives them access to the network. And then at that point, they can do whatever they want.

We've, you know, historically seen folks being worried about data breaches and release of sensitive information. These actors are different. Yes, they're looking to collect information, but these actors have showed destructive tendencies in the past. I think that probably every person listening right now in some way, shape or form, whether it's at a local level - local government level, state local - state government level, has been affected by a ransomware attack. That's what we're talking about here.

We're talking about folks getting in there and locking up networks, burning down networks so that information is not just released; it is gone. Those networks have to be built from the ground up. And this costs people money. This really affects services at the local level. So we just want people to be aware that, you know, any little thing could turn into, really, a really bad thing.

MARTIN: What's the goal? I mean, when you look at these cyberattacks, do you have any idea what the larger motive is?

KREBS: Well, they could have a number or a range of motives or interests. First and the more traditional is just collecting intelligence. The Iranians have been pretty active in collecting information about oil and natural gas so that they can boost their own oil and natural gas industries. They're also looking for information from U.S. agencies of what we might be doing. You know, what is the Treasury Department thinking about sanctions? What is the Department of Defense thinking about their own activities?

So the baseline level is espionage. But, again, these are actors that, unlike almost any other nation-state actor, has been the most active in the destructive data deletion, ransomware, lock-'em-up. Department of Justice, last year, indicted two Iranian actors for the SamSam ransomware campaign. Again, that hit Atlanta; that hit a couple other cities. These are - again, these are guys that go in there. They take data. They lock it up, and you never see it again.

MARTIN: Who...

KREBS: So we just want people - again, be on the lookout for - for phishing emails, in particular...

MARTIN: Yeah. Who are the guys? You say...


KREBS: ...A couple things I think we...

MARTIN: When you say these are the guys...

KREBS: I don't (unintelligible).

MARTIN: ...Who are doing this, how connected are they to the governing regime?

KREBS: So it - at a certain point, it doesn't matter because there are intelligence agencies that use a number of different structures. They have contractors; they have things called proxies and cutouts. And it is - they're acting on behalf of the Iranian government.

And again, as the U.S. government, we have a number of different tools and levers of power that we can use. And we've - we've done that historically, and we'll continue to do that. But - but the American people, they have a role in this, too. You know, protect yourself. Protect your networks. If you see something, say something. Let us know.

MARTIN: Larger political question - you are a political appointee in the Trump administration. So I'm going to ask this more - this broader question about criticism being levied at this administration for reportedly playing up risks from Iran to justify more aggressive action. What do you say to that?

KREBS: I - you know, I don't think that's the case. I - you know, whether it's Iranian actors, I think Chinese actors, Russian actors - it is very - it's an active landscape right now. And I think over the last 15, 20 years, we've lost sight of the fact that there's a peer and near-peer power competition playing out across the world, and we've got to step our game up. In particular...


KREBS: ...I think, again, folks keep a lookout on what's going on out there. Keep a lookout for suspicious emails. And don't click that link if you don't know what it is.

MARTIN: Understood. Chris Krebs of DHS, we appreciate it.

KREBS: Thanks so much. Have a great day. Transcript provided by NPR, Copyright NPR.