Category Archives: Cyber War

There is Spying, Espionage and Stupidity

Posted on by

The Virginia-based cyber security firm Mandiant recently released a report detailing one source of persistent cyber attacks, the Chinese People’s Liberation Army. Mandiant estimates that since 2006, a single Chinese army cyberattack unit has compromised “141 companies spanning 20 major industries, from information technology and telecommunications to aerospace and energy,” using a “well-defined attack methodology, honed over years and designed to steal large volumes of valuable intellectual property.”

Mandiant explains that once these hackers have infiltrated an organization’s system, they “periodically revisit the victim’s network … and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists”. On average, access to a victimized network is maintained for nearly a year.

Now for the Chinese human operatives….

State Dept. contractor allegedly paid by Chinese agent to spy on Americans – yet no charges filed 

Newly unsealed court documents obtained by Fox News show a State Department contractor allegedly was paid thousands by an individual thought to be a Chinese agent in exchange for information on Americans — but despite an FBI probe, the Justice Department declined to prosecute.

A November 2014 FBI affidavit, filed in the U.S. District Court for the District of Maryland, shows the bureau investigated the contractor for her admitted contact with individuals she believed to be Chinese intelligence officers.

The affidavit from agent Timothy S. Pappa states the translator, Xiaoming Gao, was paid “thousands of dollars to provide information on U.S. persons and a U.S. government employee.”

According to the documents, she admitted these meetings took place in hotel rooms in China for years, where she reported on her “social contacts” in the U.S. to an individual who went by the name of “Teacher Zhao.”

The detailed affidavit even goes on to say the translator briefly lived, “for free,” with a State Department employee — who held a top-secret clearance and designed high-security embassies, including the U.S. compound in Islamabad, Pakistan.

The State Department employee, who was not named, initially told the FBI he didn’t discuss his job with Gao, but later changed his statement.

According to the documents, Gao also told the FBI — during interviews in 2013 — that she once told “Teacher Zhao” about the travel plans of an American and ethnic Tibetan. This person told the FBI he ended up being interrogated by Chinese intelligence officers during a trip to Tibet, and a member of his family was imprisoned.

Yet the U.S. attorney’s office in Washington, D.C., which oversaw the case, recently declined to prosecute, allowing the documents to be unsealed. The office offered no further comment. The FBI also is saying nothing beyond the court documents that were filed to search a storage unit in suburban Washington, D.C.

On its face, a former senior Justice Department official said the decision not to prosecute is perplexing, because the case was unlikely to reveal investigative sources and methods.

“It’s not clear to me, based on the court files that were unsealed, how a prosecution of this person could possibly have compromised U.S. intelligence gathering,” Thomas Dupree, former deputy assistant attorney general under the George W. Bush administration, told Fox News. “If it jeopardizes or threatens to disrupt relations with another country, so be it. That you have to draw the line somewhere, and that we need to send a message that this sort of conduct and activity simply will not be tolerated.”

The State Department confirmed Xiaoming Gao worked for the Office of Language Services over a four-year period beginning in June 2010. This would have covered the tenures of former Secretary of State Hillary Clinton and sitting Secretary John Kerry.

“She was employed as a contract interpreter until February 2014, is not employed here anymore. And so any additional questions on this, I’d refer you to the FBI,” spokeswoman Marie Harf said.

When told the FBI was referring Fox News’ questions back to State, Harf responded: “I’m referring you back to them.”

The documents do not fully explain Gao’s side of the story.

Emails and phone calls to the consulting firm, which the translator listed on the web as her employer, have gone unanswered. Fox News extended an invitation to discuss the allegations. No attorney of record was filed with the court.

 

The Cyber-Threats to SCADA Increasing

Posted on by
Dell has reached out to this site with updated/corrected links for the item below:

Please refer to https://www.quest.com and https://www.quest.com/solutions/network-security/

What is SCADA? A computerized system that controls all national infrastructure. This includes water, power grids, transportation and supply chains.

In 2012:

The last “INTERNET SECURITY THREAT REPORT published by Symantec reports that in 2012, there were eighty-five public SCADA vulnerabilities, a massive decrease over the 129 vulnerabilities in 2011. Since the emergence of the Stuxnet worm in 2010, SCADA systems have attracted more attention from security researchers.

Today, 2015 there is a significantly more chilling condition.

 

A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems.

The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year. Unfortunately, the majority of incidents occurred in SCADA systems is not reported. The experts confirmed that in the majority of cases the APT are politically motivated.

“Attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries,” the researchers explained. “We saw worldwide SCADA attacks increase from 91,676 in January 2012 to 163,228 in January 2013, and 675,186 in January 2014.”

The countries with the greatest number of attacks are the Finland, the United Kingdom, and the United States, where online SCADA systems are widespread.

“In 2014, Dell saw 202,322 SCADA attacks in Finland, 69,656 in the UK, and 51,258 in the US” continues the report.

The experts noticed that buffer overflow is the vulnerability in SCADA system most exploited by hackers (25%), among other key attack methods there are the lack of input validation (9%) and Information Exposure (9%).

SCADA Attack methods Dell Report

 

Security experts speculate that the number of the attacks will continue to increase in the next years.

“This lack of information sharing combined with the vulnerability of industrial machinery due to its advanced age means that we can likely expect more SCADA attacks to occur in the coming months and years.” states the report.

 

The data published by Dell are aligned with the findings included in a report recently published by the ICS-CERT. The CERT responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT.

Let’s closed with the suggestions provided by Dell experts to protect SCADA systems from attacks:

  • Make sure all software and systems are up to date. Too often with industrial companies, systems that are not used every day remain installed and untouched as long as they are not actively causing problems. However, should an employee one day connect that system to the Internet, it could become a threat vector for SCADA attacks.
  • Make sure your network only allows connections with approved IPs.
  • Follow operational best practices for limiting exposure, such as restricting USB ports if they aren’t necessary and ensuring Bluetooth is disabled.
  • In addition, reporting and sharing information about SCADA attacks can help ensure the industrial community as a whole is appropriately aware of emerging threats.

Iranian Hackers Eye U.S. Grid

Posted on by

iranhack4Cyber-savvy agents are stepping up their efforts to ID critical infrastructure that may compromise national security.

Iranian hackers are trying to identify computer systems that control infrastructure in the United States, such as the electrical grid, presumably with an eye towards damaging those systems, according to a new report from a cyber security firm and a think tank in Washington, D.C.

The researchers from Norse, a cyber security company, and the American Enterprise Institute, a conservative think tank that has been skeptical of the Iranian nuclear agreement, found that Iranian hacking against the U.S. is increasing and that the lifting of economic sanctions as part of an international agreement over Iran’s nuclear program “will dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure.”

What’s more, the current sanctions regime, which has helped to depress Iran’s economy, has not blunted the expansion of its cyber spying and warfare capabilities, the researchers conclude.

The technical data underlying the report’s conclusions, while voluminous, aren’t definitive, and they don’t answer a central question of whether Iran intends to attack the U.S. Using data collected from a network of Norse “sensors” around the world made to look like vulnerable computers, the researchers tracked what they say is a dramatic escalation in spying and attacks on the U.S. from hackers in Iran, including within the Iranian military. The researchers also traced hacking back to a technical university in Iran, as well as other institutions either run or heavily influenced by the Iranian regime.

“Iran is emerging as a significant cyber threat to the U.S. and its allies,” the report’s authors say. “The size and sophistication of the nation’s hacking capabilities have grown markedly over the last few years, and Iran has already penetrated well-defended networks in the U.S. and Saudi Arabia and seized and destroyed sensitive data.”

That assessment tracks with the view of U.S. intelligence officials, who’ve been alarmed by how quickly Iran has developed the capability to wreak havoc in cyberspace. In 2012, officials say that Iranian hackers were responsible for erasing information from 30,000 computers at Saudi Aramco, the state-owned oil and gas production facility, as well as a denial-of-service attack that forced the websites of major U.S. banks to shut down under a deluge of electronic traffic. Earlier this year, Director of National Intelligence James Clapper said that Iran was responsible for an attack on the Sands casino company in 2014, in which intruders stole and destroyed data from the company’s computers.

The Norse and AEI researchers found that Iran’s cyber capabilities, which U.S. officials and experts say have been growing rapidly since around 2009, have accelerated in the past year. Attacks launched from Iranian Internet addresses rose 128 percent between January 2013 and mid-March 2015, the researchers found. And the number of individual Norse sensors “hit” by Iranian Internet addresses increased 229 percent. All told, the researchers conclude that hackers using Iranian Internet addresses have “expended their attack infrastructure more than fivefold over the course of just 13 months.”

There’s little debate about among U.S. officials and experts that Iran poses a credible and growing danger online. But the technical data underlying Norse and AEI’s conclusions came into question when the report was released on Thursday.

The researchers relied on “scans” of Norse sensors that may indicate some interest by an Iranian hacker, but don’t prove his intent or that he was planning to damage a particular computer.

 

“They talk about ‘attacks,’ but what they really mean are ‘scans,” which is more ambiguous, Robert M. Lee, a PhD candidate at King’s College London who is researching industrial control systems, told The Daily Beast. Industrial control systems are the computers that help run critical infrastructure.

Essentially, Iranian hackers are casing a neighborhood, but that doesn’t necessarily mean they’re going to rob houses. Lee, who is also an active duty Air Force cyber warfare operations officer, said he agreed with the report’s assessment that Iran is building up its cyber forces and poses a threat. But the underlying technical data in the report doesn’t directly support that claim, he said. “They reached the right conclusions but for the wrong reasons,” Lee said.

The researchers didn’t find that Iran had successfully penetrated any industrial control systems and caused machinery to break down.

While the report concludes that Iran will use the sanctions relief to fuel its growing cyber warfare program, other researchers have suggested that Iran is likely to back off its most aggressive operations—like those against the Saudi oil company and U.S. banks—and will instead focus on cyber espionage that doesn’t cause physical damage.

“They’ll be far more targeted and careful,” Stuart McClure, the CEO and president of cybersecurity company Cylance, told The Daily Beast in a recent interview. Since the U.S. and its international partners reached a tentative agreement with Iran on its nuclear program earlier this month, Cylance hasn’t tracked any attacks by an Iranian hacker group that it has been monitoring and documented in an earlier report (PDF).

But Norse’s conclusions are generally supported by Cylance’s research, which found that Iran had actually penetrated systems controlling a range of critical infrastructure in the U.S., including oil and gas, energy and utilities, transportation, airlines, airports, hospitals, telecommunications, and aerospace companies. The company’s report on those intrusions, which it said was based on two years of research, also didn’t attribute any failures of critical infrastructure to those Iranian intrusions.

“A lot of the work [the Iranians] were doing was quite sloppy, almost to the point that they wanted to get caught,” McClure said. He speculated that the Iranians may have been trying to send a signal to the U.S. and their partners in the nuclear negotiations that they were capable of inflicting harm if they didn’t get a favorable deal. “Coming to the table and knowing your adversary is in your house influences the negotiation.”

Iran still has a way to go to join the ranks of the cyber superpowers. Its “cyberwarfare capabilities do not yet seem to rival those of Russia in skill, or ofChina in scale,” the Norse and AEI report finds. There is still a relatively small community of high-end hackers in the country, and the regime hasn’t been able to build as robust a tech infrastructure for launching attacks as other nations whose capabilities are more advanced, the researchers found.

The report identifies the Iranian government as responsible for the malicious activity, concluding that the traffic originated from organizations “controlled or influenced by the government” or moved over equipment that is known to be monitored and manipulated by Iran’s security services.

That claim is also likely to raise objection from technical experts, who generally demand more precise evidence to attribute a cyber operation to a specific actor.

“We are emphatically not suggesting that all malicious traffic emanating from Iran is government initiated or government-approved,” the researchers said. However, they argue “that the typical standards of proof for attributing malicious traffic to a specific source are unnecessarily high” in this case, given that so much of the traffic they observed traversed systems either owned, controlled, or spied on by the Iranian government.

That’s ironic: Earlier this year, when Obama administration officials declared publicly that North Korea was responsible for hacking Sony Pictures Entertainment, Norse was one of the most prominent skeptics, arguing that the government was relying on imprecise technical data and leaping to conclusions.

Norse said its own research suggested that a group of six individuals, including at least one disgruntled ex-Sony employee, was behind the assault, which humiliated Sony executives and led to threats of terrorist attacks over the release of The Interview.

But that theory was undermined in January when FBI Director James Comey took the unusual step of publicly declassifying information that, he said, definitively linked North Korea to the attack. Current and former U.S. intelligence officials also told The Daily Beast that they’d been tracking the hackers behind the Sony operation long before it was ever launched.

Who is hosting the Hacker’s Servers?

Posted on by

State report reveal 130 compromised websites used in travel-related watering hole attacks

By Bill Gertz

One hundred thirty websites are hosting malicious software on their websites in what the State Department is calling a sophisticated Russian cyber spying operation, according to security analysts.
“These websites include news services, foreign embassies and local businesses that were compromised by threat actors to serve as ‘watering holes,’” according to a report by the Overseas Security Advisory Council distributed this week. A watering hole is a hijacked website used by cyber attackers to deliver malware to unsuspecting victims.
“For example, users may navigate to one of these malicious sites with the intent of checking travel requirements or the status of a visa application and unknowingly download the embedded malware onto their computers,” the report said.
The report identified the locations of the compromised websites as the United States, South America, Europe, Asia, India and Australia.
The report appears to indicate Russian intelligence may be behind the operations. Also, none of the compromised websites are in China, an indication that Beijing’s hackers could be involved.
A total of 15 of the 130 websites used for watering holes were government embassy websites located in Washington, DC, and two were involved in passport and visa services and others are offering travel services.
The embassy targeting suggests some or all of the operations are linked to foreign intelligence services that are breaking into the networks as part of tracking and monitoring of foreign travel.
Another possibility is that the operation are part of information warfare efforts designed to influence policies and publics. Both Russia and China are engaged in significant strategic information operations targeting foreign governments and the private sector.
“The threat actors are likely attempting to gather information from entities with vested interests in international operations,” the report said. “Identified victims in this sector include embassies, defense industrial base groups, and think tanks.”
The report, based on data provided by the security firm iSight Partners, says the watering holes are likely part of cyber espionage operations.
“Analysis indicates this campaign has a global reach, continuing to target users of identified intelligence value long after the initial infection,” the report says.
The compromised websites are increasingly functioning as indirect malicious software attack tools. The compromised sites represent a different method than widely used spear phishing – the use of emails to trigger malicious software downloads.
“Rather than send a malicious email directly to a target of interest, threat actors research and compromise a high-traffic website that will likely be visited by numerous targets of interest,” the report said.
“Watering holes are effective, as they often exploit existing vulnerabilities on a user’s machine,” the report said. More sophisticated threat actors have been observed employing zero-day exploits – those which are previously unknown and evade antivirus and intrusion detection systems (IDS) to successfully compromise victims. Zero-days were used in the widely publicized Forbes.com watering hole in late 2014.”
The hijacked websites appear to be part of a campaign spanning 26 upper-level Internet domains and include affiliations with 21 nations and the European Union.
According to iSight, evidence suggests the campaign is “likely tied to cyber espionage operations with a nexus to the Russian Federation.”
The compromised government websites included those from Afghanistan, Iraq, Jordan, Namibia, Qatar and Zambia. The report recommended not visiting any of those embassy websites or risk being infected with malware.
Technically, the attackers arranged for computer users who visited the compromised websites to be infected with an embedded JavaScript that redirected users to a Google-shortened URL, and then on to websites the mapped their computer systems. This “profiling” is used by cyber spies to identify valuable targets and control that specific victims who are injected with a malware payload.
The profiling is used to identify targets that will produce “high intelligence value” returns, indicating sophisticated cyber spies are involved. The infection also employed a technique called the use of “evercookie” a derivative of the small files that are inserted on computers and can be used by remote servers to tailor information, such as advertisements, to specific user.
While normal cookies can be easily removed, evercookies store data in multiple locations, a method that makes them extremely difficult to find and removed. The use of evercookies also permits long-term exploitation by cyber attackers.
To counter watering hole attacks, users should make sure system and software security updates are applied, and avoid visiting suspicious websites.
In particular, network monitoring should be used to spot unusual activities, specifically geared toward attacks that exploit zero-day vulnerabilities.
“The threat of watering holes is likely to remain high, given their increasing popularity and success in the last year,” the report said.
The report, “Compromised Global Websites Target Unsuspecting Travelers,” was produced by OSAC’s Research & Information Support Center (RISC). It is available for OSAC members at osac.gov. *** But there is more.

SAN FRANCISCO (Reuters) – Hacking attacks that destroy rather than steal data or that manipulate equipment are far more prevalent than widely believed, according to a survey of critical infrastructure organizations throughout North and South America.

The poll by the Organization of American States, released on Tuesday, found that 40 percent of respondents had battled attempts to shut down their computer networks, 44 percent had dealt with bids to delete files and 54 percent had encountered “attempts to manipulate” their equipment through a control system.

Those figures are all the more remarkable because only 60 percent of the 575 respondents said they had detected any attempts to steal data, long considered the predominant hacking goal.

By far the best known destructive hacking attack on U.S. soil was the electronic assault last year on Sony Corp’s Sony Pictures Entertainment, which wiped data from the Hollywood fixture’s machines and rendered some of its internal networks inoperable.

The outcry over that breach, joined by President Barack Obama, heightened the perception that such destruction was an unusual extreme, albeit one that has been anticipated for years.

Destruction of data presents little technical challenge compared with penetrating a network, so the infrequency of publicized incidents has often been ascribed to a lack of motive for attackers.

Now that hacking tools are being spread more widely, however, more criminals, activists, spies and business rivals are experimenting with such methods.

“Everyone got outraged over Sony, but far more vulnerable are these services we depend on day to day,” said Adam Blackwell, secretary of multidimensional security at the Washington, D.C.-based group of 35 nations.

The survey went to companies and agencies in crucial sectors as defined by the OAS members. Almost a third of the respondents were public entities, with communications, security and finance being the most heavily represented industries.

The questions did not delve into detail, leaving the amount of typical losses from breaches and the motivations of suspected attackers as matters for speculation. The survey-takers were not asked whether the attempted hacks succeeded, and some attacks could have been carried off without their knowledge.

The survey did allow anonymous participants to provide a narrative of key events if they chose, although those will not be published.

Blackwell told Reuters that one story of destruction involved a financial institution. Hackers stole money from accounts and then deleted records to make it difficult to reconstruct which customers were entitled to what funds.

“That was a really important component” of the attack, Blackwell said.

In another case, thieves manipulated equipment in order to divert resources from a company in the petroleum industry.

Blackwell said that flat security budgets and uneven government involvement could mean that criminal thefts of resources, such as power, could force blackouts or other safety threats.

At security company Trend Micro Inc. , which compiled the report for the OAS, Chief Cybersecurity Officer Tom Kellermann said additional destructive or physical attacks came from political activists and organized crime groups.

“We are facing a clear and present danger where we have non-state actors willing to destroy things,” he said. “This is going to be the year we suffer a catastrophe in the hemisphere, and when you will see kinetic response to a threat actor.”

So-called “ransomware,” which encrypts data files and demands payment be sent to remote hackers, could also have been interpreted as destructive, since it often leaves information unrecoverable.

A spokesman for the U.S. Department of Homeland Security, SY Lee, said the department did not keep statistics on how often critical U.S. institutions are attacked or see destructive software and would not “speculate” on whether 4 out of 10 seeing deletion attempts would be alarming.

U.S. political leaders cite attacks on critical infrastructure as one of their greatest fears, and concerns about protecting essential manufacturers and service providers drove a recent executive order and proposed legislation to encourage greater information-sharing about threats between the private sector and government.

Yet actual destructive attacks or manipulation of equipment are infrequently revealed. That is in part because breach-disclosure laws in more than 40 states center on the potential risks to consumers from the theft of personal information, as with hacks of retailers including Home Depot Inc and Target Corp.

Under Securities and Exchange Commission guidelines, publicly traded companies must disclose breaches with a potential material financial impact, but many corporations can argue that even deletion of internal databases, theft and manipulation of equipment are not material.

Much more is occurring at vital facilities behind the scenes, and that is borne out by the OAS report, said Chris Blask, who chairs the public-private Information Sharing and Analysis Center for cybersecurity issues with the industrial control systems that automate power, manufacturing and other processes.

“I don’t think the public has any appreciation for the scale of attacks against industrial systems,” Blask said. “This happens all the time.”

 

Slight (White) House Mocks Netanyahu

Posted on by

The Iranian Supreme Leader, Khamenei is throwing sand in the gear of the P5+1 framework agreement lead by U.S. Secretary of State, John Kerry.

He is not only non-committal on the matter but what is worse he has taken the same posture as the Iranian Foreign Minister, Mohammad Zarif, stating that ALL sanctions must be lifted before anything will go forward. This is a morning after additional dynamic, putting John Kerry and the White House in damage control.

But it is actually worse.

Iran: We’ll Start Using Advanced Centrifuges After Deal Signed

Iran’s negotiator in the nuclear negotiations and its nuclear chief revealed on Tuesday that after a final deal is signed by a June 30 deadline on the framework reached last week, Iran will unleash its most advanced centrifuges for uranium enrichment, threatening a quick turnover in producing a nuclear weapon.

Iran’s semi-official FARS news agency reported on a closed meeting held Tuesday by Foreign Minister Javad Zarif and Atomic Energy Organization of Iran (AEOI) chief Ali Akbar Salehi, in which they briefed members of Iran’s parliament on the deal being finalized.

In their statements, they said Iran’s most advanced IR-8 centrifuges will be used as soon as the deal removing world sanctions against Iran begins.

The report noted the two said the advanced centrifuges enrich uranium 20 times faster than the current IR-1 models, meaning they would radically reduce the breakout time needed for Iran to obtain a nuclear arsenal.

In the meeting Zarif and Salehi told the parliament “that the country would inject UF6 gas into the latest generation of its centrifuge machines as soon as a final nuclear deal goes into effect by Tehran and the six world powers,” according to the report.

“The AEOI chief and the foreign minister presented hopeful remarks about nuclear technology R&D which, they said, have been agreed upon during the talks, and informed that gas will be injected into IR-8 (centrifuges) with the start of the (implementation of the) agreement,” Iranian MP Javad Karimi Qoddousi was quoted as saying by the site.

Qoddousi also said the Iranian foreign ministry will present a “fact sheet” showing Iran’s version of the agreement to parliamentarians in the next few days.

Iranian and US versions of the framework have shown numerous contradictions, with the issue of advanced centrifuges being primary among them.

The US version claims Iran agreed to not use its advanced centrifuges, including IR-2, IR-4, IR-5, IR-6 or IR-8. However, the Iranian text says “on the basis of solutions found, work on advanced centrifuges shall continue on the basis of a 10-year plan,” apparently contradicting the American version.

This point is crucial, as experts have anticipated that under the deal Iran will be able to develop its centrifuge technology and reach a point where it can make a three week dash to obtain a nuclear weapon.

Israel has pointed out that of the 17 states with peaceful nuclear programs, none enrich uranium as Iran is being allowed to continue doing by the deal.

The statements come after US President Barack Obama admitted in an interview that as a result of the deal, Iran will be able to reach a “zero” breakout time by 2028, meaning it could produce nuclear weapons immediately whenever it wanted to.

Some interesting notes:

1. Iran collectively owes an estimated $119 billion in restitution for past terror acts and refuses to pay it stating the Foreign Sovereignty Act.

2. Iran also states that there will be no monitoring of their facilities.

3. The base line standard on the Iranian nuclear program performed by the IAEA was so long ago that a current report on the uranium enrichment and centrifuges is impossible to report.

4. The inspections mentioned in the recent framework are to be performed by the United Nations Security Council, who are not only not qualified, but Russia has a veto vote on that council.

Meanwhile, the White House has taken to a satire agenda, mocking Israel. This does not make for good policy, good governance or good relationships. Shame on the Slight (White) House.

White House tweet pokes fun at Israel on Iran nuke deal

The White House is taking another swipe at Israeli Prime Minister Benjamin Netanyahu, defending the Iran nuclear deal by posting a diagram of a nuclear bomb on Twitter similar to one used by the Israeli leader to warn against an agreement.

The administration’s tweet of a cartoon bomb is accompanied by a list of consequences of not striking a deal, including “resumed production of highly enriched uranium” and “no limits on stockpile of enriched uranium.” The supposed benefits of a deal include “no production or stockpile of highly enriched uranium.”

The sketch closely resembles one held up by Mr. Netanyahu during a speech in 2012 at the United Nations, when he warned that Iran’s push to develop a nuclear weapon must be stopped at all costs. His drawing of a bomb included a red line at the top to show how close Iran was to completing a nuclear device.

The White House diagram also includes a red line and proclaims, “Under the framework for an Iran nuclear deal, Iran uranium enrichment pathway to a weapon will be shut down.”

Mr. Netanyahu is an outspoken opponent of the framework agreement announced last week, in which sanctions against Iran will be lifted in exchange for scaling back Tehran’s nuclear program. President Obama’s push for an agreement with Iran has raised tensions in what was already an uneasy relationship with Mr. Netanyahu.