The January 3 assassination of Iranian Lieutenant General Qasem Soleimani by a US missile strike has prompted calls for revenge against the US from Iran’s top officials, with the secretary of the country’s Supreme National Security Council, Ali Shamkhani, considering what he describes as 13 ‘revenge scenarios’ that would cause a ‘historic nightmare for the Americans’. While speculation into the possibility of conventional terrorist attacks is being made—Iran is considered to be “the world’s worst state sponsor of terrorism” according to the US State Department—there is also the strong possibility that the influential Middle-Eastern nation could execute a high-level cyber-attack against the US or its allies, a tactic that Tehran has put to use in the past.
According to the Worldwide Threat Assessment released by the Senate Select Committee on Intelligence in January of last year, Iran, along with China, Russia, and North Korea “increasingly use cyber operations to threaten both minds and machines in an expanding number of ways—to steal information, to influence our citizens, or to disrupt critical infrastructure.”
In describing the threat posed by Iran, the report says that “Iran uses increasingly sophisticated cyber techniques to conduct espionage; it is also attempting to deploy cyberattack capabilities that would enable attacks against critical infrastructure in the United States and allied countries.”
In addition to exerting influence through social media platforms, and targeting “US Government officials, government organizations, and companies to gain intelligence and position themselves for future cyber operations,” the report states that Iranian-backed hackers are “capable of causing localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks—similar to its data deletion attacks against dozens of Saudi governmental and private-sector networks in late 2016 and early 2017.”
The attacks referenced here include criminal charges that were brought against 9 Iranians accused of perpetrating a giant cyber-theft campaign that saw the pilfering of more than 31 terabytes of data from 140 US universities and 30 US companies. Iranian “cyber actors” have also been implicated in coordinated distributed denial-of-service (DDoS) attacks, and the February 2014 hacking of the Sands Las Vegas Corporation in Las Vegas, of which resulted in the theft of customer data and the erasure of the data stored on numerous computers.
Although the report only reflects limited capabilities demonstrated by Iran when compared to that of Russia or China—two powers with the capacity to disrupt critical infrastructure like gas pipelines or power grids in a target country—Iranian cyber-terrorists reportedly have been working to improve their capabilities over the year since the report was written.
“Iran is a credible offensive actor in cyberspace having moved in recent years to boost their military capability in this area—in the past, they relied on third-party groups and supportive hackers to carry out attacks,” according to Duncan Hodges, senior lecturer in Cyberspace Operations at Cranfield University.
Indeed, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that Iran’s offensive cyber capabilities have undergone continuous improvement, graduating beyond DDoS attacks and simple website vandalism to develop “destructive wiper malware and, potentially, cyber-enabled kinetic attacks,” attacks that involve using a compromised computer system to control targeted equipment with the goal of causing physical damage.
To date, Iranian cyber-attacks have taken a three-pronged approach: to get a foothold inside the organization, extract the targeted data, and then maintain that foothold for later use, according to Sherrod DeGrippom senior director of threat research and detection at security company Proofpoint.
“They are relatively sophisticated but I haven’t seen the deep destructive catastrophic events from those groups,” DeGrippom said. “They’ve have a lot of access, they’ve done a lot of campaigns, but they’ve been quiet. And so, what’s going to happen, now?”
As of 01/07/20, the Texas Department of Agriculture reported that it had been hacked and an Iranian flag placed on its website. There is much US infrastructure that will prove accessible to cyberattack, and some of it may well be damaging, most especially in the case of communications infrastructure, banking and the power grid.