Here's how Iran could seek revenge with cyberattacks on the U.S.
As the U.S. braces for blowback following its killing of a key Iranian military commander, experts are warning of the possibility of cyberattacks targeting American institutions.
Tehran and its proxies are thought to possess some of the most highly developed cyber arsenals in the world — major tools in modern, asymmetrical warfare, where countries and non-state actors fight ruleless, virtual battles with real-world repercussions.
Cyberattacks, combined with violence aimed at U.S. targets, could form the “harsh retaliation” promised by Iran’s supreme leader following the death of Maj.-Gen. Qassem Soleimani in a drone strike in Iraq.
A top U.S. cybersecurity official was among the first to sound the alarm about the threat to Americans.
Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), advised late Thursday that it’s “time to brush up” on Iran’s tactics.
Given recent developments, re-upping our statement from the summer. <br><br>Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses! <a href=”https://t.co/4G1P0WvjhS”>https://t.co/4G1P0WvjhS</a>
—@CISAKrebs
He shared a Homeland Security statement first posted last June, warning that Iran and its proxies had stepped up cyberattacks on U.S. targets, and that they’re “looking to do much more than just steal data and money.”
Iranian cyberattacks, Krebs wrote, “can quickly become a situation where you’ve lost your whole network.”
In an interview with Fox News on Friday, Secretary of State Mike Pompeo added that the U.S. is prepared for any possible retaliation, including a cyberattack.
Iran has shown it can indeed do damage, as well as disrupt the everyday lives of Americans.
Previous attacks
Tehran was linked to a string of so-called “denial of service” (DoS) attacks in 2012, which overwhelmed, then slowed or crashed banking sites belonging to the Bank of America, JPMorgan Chase and others.
The Obama administration also blamed Iran for a 2014 cyberattack targeting a Las Vegas casino operator, reportedly destroying the company’s data, disrupting email systems and even taking down phone lines.
Iran has also been known to target its own citizens, and several other countries, too.
Suspicion fell on Iran in 2017, when a cyberattack left dozens of British MPs — including then-Prime Minister Theresa May — unable to access their email.
Tehran has boasted about having a staggering 120,000 volunteers trained in cyber warfare, although foreign experts dispute the figure.
Jim Lewis, a researcher at the Washington-based Center for Strategic and International Studies, acknowledges that “Iran has improved significantly in the past 10 years” when it comes to mounting cyber offence.
“They put a lot of money into it, they’re well organized and they get a lot of practice, because they’re always attacking their neighbours,” Lewis said.
Indeed, Maj.-Gen. Nadav Padan, the Israeli military general in charge of network security, said in 2017 its regional rival was regularly targeting Israel — and that Tehran was getting help from proxies such as the Lebanon-based Hezbollah.
Building up capabilities for years
Experts point to two key moments that spurred Iran to bolster its cyber capabilities.
The first, known as the Green Movement, saw Iranians attempt to oust President Mahmoud Ahmadinejad in a popular uprising in 2009. It led authorities to clamp down on internet access and seek tighter control on its citizens’ use of social media.
Then, around 2010, the Islamic republic suffered a massive cyberattack targeting its nuclear machinery, damaging facilities and setting back Iran’s entire program. Known as Stuxnet, no country ever admitted to deploying the computer worm, but the U.S. and Israel are widely believed to have been behind it.
Mahsa Alimardani, a researcher at the U.K.-based Oxford Internet Institute, suggested Iran’s capabilities may be “overstated” and are certainly outmatched by the likes of the U.S., Britain and Israel.
She points to May 2018, when rumours were rampant that a surge of Iranian cyberattacks were imminent following the Trump administration’s withdrawal from the international agreement limiting Tehran’s uranium enrichment capabilities.
No major attack was reported.
“I really don’t think they have a chance against U.S. capabilities,” Alimardani said in a telephone interview.
Possible targets
Digital security experts say smaller attacks targeting American companies, such as regional banks or energy providers, may be more likely. While proving disruptive to Americans at home, the strategy may have a better chance of succeeding than to mount cyberstrikes on the U.S. government or large corporations who have built firewalls and other defences.
Tom Robertson, who manages Toronto-based risk consultancy 3i Partners, said such smaller attacks would give Iranian authorities “more bang for their buck.”
Disrupting American farmers’ access to credit through an attack on a midwestern bank, for instance, would “really wreak havoc in the hearts and minds of the American population,” he said.
Robertson said while an attack on computer networks north of the American border is unlikely, it’s possible a Canadian company with U.S. operations could get swept up in the conflict.
There’s also no guarantee U.S. authorities would give credit to Iran if ever a cyberattack did damage.
Still, there have been no shortage of warnings.
“Experience with covert action gives Iran the ability to conceptualize how cyberattacks fit into the larger military picture,” Jim Lewis wrote last year. “This is a space for conflict where the rules are unclear, and the risks not yet measured.”